Prevent sandbox executing from sdk_sandbox_data_file Bug: 215105355 Test: make Change-Id: I73c6a0d5034f194bf7149336fdac1db51a2b151d

commit: 078b43cd409c78ccc58e4c39d9dfb3a43d0a3859 [log] [tgz]
author: Bram Bonne <brambonne@google.com> Mon Apr 25 13:28:52 2022 +0200
committer: Bram Bonne <brambonne@google.com> Mon Apr 25 13:28:52 2022 +0200
tree: 90729523a29bd2912551061533234233bf9420e2
parent: 34423ff138537518782d5afc4f6a0e6524d74350 [diff]
diff --git a/private/sdk_sandbox.te b/private/sdk_sandbox.te
index b18b7dd..029be53 100644
--- a/private/sdk_sandbox.te
+++ b/private/sdk_sandbox.te

@@ -47,7 +47,7 @@
 ### neverallow rules
 ###
 
-neverallow sdk_sandbox { app_data_file privapp_data_file }:file { execute execute_no_trans };
+neverallow sdk_sandbox { app_data_file privapp_data_file sdk_sandbox_data_file }:file { execute execute_no_trans };
 
 # Receive or send uevent messages.
 neverallow sdk_sandbox domain:netlink_kobject_uevent_socket *;
commit	078b43cd409c78ccc58e4c39d9dfb3a43d0a3859	[log] [tgz]
author	Bram Bonne <brambonne@google.com>	Mon Apr 25 13:28:52 2022 +0200
committer	Bram Bonne <brambonne@google.com>	Mon Apr 25 13:28:52 2022 +0200
tree	90729523a29bd2912551061533234233bf9420e2
parent	34423ff138537518782d5afc4f6a0e6524d74350 [diff]