Fix broken neverallow rules
neverallow rules with allowlist should look like:
neverallow { domain -allow1 -allow2 } ...
Bug: 181744894
Test: m selinux_policy
Test: pcregrep -M -r "neverallow\s+{(\s*#.*\s*)*\s+-" .
Change-Id: Ibab72ccc1fbacb99b62fe127b4122e1ac22b938a
diff --git a/private/tombstoned.te b/private/tombstoned.te
index ca9a0aa..b6dfd1e 100644
--- a/private/tombstoned.te
+++ b/private/tombstoned.te
@@ -5,6 +5,7 @@
get_prop(tombstoned, tombstone_config_prop)
neverallow {
+ domain
-init
-vendor_init
-dumpstate