Crash_collector_app: reduce access to services

Services may exist only in platform private policy which breaks with
crash collector app's current setup of blacklisting services.
Instead, grant it access to common public services.

Bug: 63757906
Test: build policy with aosp/564724
Change-Id: I86dafade292d3a91d958fcfb41a9bedbcecc87e7

1 files changed, 5 insertions, 9 deletions

diff --git a/sepolicy/crash_collector_app.te b/sepolicy/crash_collector_app.te
index 68a0b6d..28bdf47 100644
--- a/sepolicy/crash_collector_app.te
+++ b/sepolicy/crash_collector_app.te
@@ -6,14 +6,10 @@ net_domain(crash_collector_app)
 
 allow crash_collector_app crash_reports_data_file:file { read getattr };
 
+# Grant access to the normal services for crash collecting. Suppress attempts
+# to find other services.
 allow crash_collector_app {
-  service_manager_type
-  -dumpstate_service
-  -gatekeeper_service
-  -installd_service
-  -incident_service
-  -netd_service
-  -virtual_touchpad_service
-  -vold_service
-  -vr_hwc_service
+  app_api_service
+  system_api_service
 }:service_manager find;
+dontaudit crash_collector_app service_manager_type:service_manager find;