| type crash_collector_app, domain, device_domain_deprecated; |
| |
| # com.google.android.crashuploader runs in the crash_collector_app domain |
| app_domain(crash_collector_app) |
| net_domain(crash_collector_app) |
| |
| allow crash_collector_app crash_reports_data_file:file { read getattr }; |
| |
| # Grant access to the normal services for crash collecting. Suppress attempts |
| # to find other services. |
| allow crash_collector_app { |
| app_api_service |
| system_api_service |
| }:service_manager find; |
| dontaudit crash_collector_app service_manager_type:service_manager find; |