diff --git a/isolated_app.te b/isolated_app.te
index 4745d7e395f97259a4f6173da83ea5778a14ffaf..a156838bbdb0c91392c252016409e1732851faaf 100644
--- a/isolated_app.te
+++ b/isolated_app.te
@@ -12,3 +12,9 @@
 type isolated_app, domain;
 app_domain(isolated_app)
 net_domain(isolated_app)
+
+# read and write access to app_data_file is already
+# granted via app.te. Allow execute.
+# Needed to allow dlopen() from Chrome renderer processes.
+# See b/15902433 for details.
+allow isolated_app app_data_file:file execute;