| type cros_anomaly_detector, chromeos_domain, domain; |
| |
| from_minijail_static(cros_anomaly_detector, cros_anomaly_detector_exec); |
| cros_dbus_client(cros_anomaly_detector) |
| uma_writer(cros_anomaly_detector) |
| |
| allow cros_anomaly_detector cros_var_log:file r_file_perms; |
| allow cros_anomaly_detector cros_syslog:file r_file_perms; |
| allow cros_anomaly_detector cros_var_log_upstart:file r_file_perms; |
| allow cros_anomaly_detector proc_meminfo:file r_file_perms; |
| r_dir_file(cros_anomaly_detector, cros_var_log_audit); |
| |
| tmp_file(cros_anomaly_detector, file, , cros_minijail_minijail_tmp_file); |
| |
| allow cros_anomaly_detector cros_anomaly_detector_tmp_file:file create_file_perms; |
| |
| allow cros_anomaly_detector cros_run_crash_reporter:file create_file_perms; |
| allow cros_anomaly_detector cros_run_crash_reporter:file rw_file_perms; |
| allow cros_anomaly_detector cros_run_crash_reporter:dir create_dir_perms; |
| allow cros_anomaly_detector cros_run_crash_reporter:dir rw_dir_perms; |
| |
| log_reader(cros_anomaly_detector); |
| |
| # minijail mounts it. |
| minijail_mounts( |
| minijail, |
| , # extra mount |
| {cros_minijail_minijail_tmp_file cros_run}, # mounton |
| {cros_run_dbus cros_var cros_var_spool cros_var_log} # getattr |
| ); |
| log_writer(cros_anomaly_detector); |