Merge "Make sure only VS can access its data files"

commit: 7bd59df9b791f5171dd74b27848f809d8755d6f8 [log] [tgz]
author: Treehugger Robot <treehugger-gerrit@google.com> Thu Sep 01 08:40:00 2022 +0000
committer: Gerrit Code Review <noreply-gerritcodereview@google.com> Thu Sep 01 08:40:00 2022 +0000
tree: 4a76dfb38e04fdf59a93936e56bdd465382e88e0
parent: 2f2efbee5289195375a513e4463ef21434f4cc94 [diff]
parent: 991087cb2494e1b641ad09dcfc397f2e0488c233 [diff]
diff --git a/private/virtualizationservice.te b/private/virtualizationservice.te
index c369a90..9ae5308 100644
--- a/private/virtualizationservice.te
+++ b/private/virtualizationservice.te

@@ -82,3 +82,9 @@
   -init
   -virtualizationservice
 } virtualizationservice_prop:property_service set;
+
+neverallow {
+  domain
+  -init
+  -virtualizationservice
+} virtualizationservice_data_file:file { open create };
commit	7bd59df9b791f5171dd74b27848f809d8755d6f8	[log] [tgz]
author	Treehugger Robot <treehugger-gerrit@google.com>	Thu Sep 01 08:40:00 2022 +0000
committer	Gerrit Code Review <noreply-gerritcodereview@google.com>	Thu Sep 01 08:40:00 2022 +0000
tree	4a76dfb38e04fdf59a93936e56bdd465382e88e0
parent	2f2efbee5289195375a513e4463ef21434f4cc94 [diff]
parent	991087cb2494e1b641ad09dcfc397f2e0488c233 [diff]