Make sure only VS can access its data files Bug: 237054515 Test: Builds Change-Id: Id207bfc3639254e63b00e2a9ac9780ab83a013ff

commit: 991087cb2494e1b641ad09dcfc397f2e0488c233 [log] [tgz]
author: Alan Stokes <alanstokes@google.com> Wed Aug 31 16:09:44 2022 +0100
committer: Alan Stokes <alanstokes@google.com> Wed Aug 31 17:39:59 2022 +0100
tree: 4e111e0575cfd841542d62118bfac99828c3c9cc
parent: f08bc50f9df8119353424cca929764250b465bcb [diff] [blame]
diff --git a/private/virtualizationservice.te b/private/virtualizationservice.te
index c369a90..9ae5308 100644
--- a/private/virtualizationservice.te
+++ b/private/virtualizationservice.te

@@ -82,3 +82,9 @@
   -init
   -virtualizationservice
 } virtualizationservice_prop:property_service set;
+
+neverallow {
+  domain
+  -init
+  -virtualizationservice
+} virtualizationservice_data_file:file { open create };
commit	991087cb2494e1b641ad09dcfc397f2e0488c233	[log] [tgz]
author	Alan Stokes <alanstokes@google.com>	Wed Aug 31 16:09:44 2022 +0100
committer	Alan Stokes <alanstokes@google.com>	Wed Aug 31 17:39:59 2022 +0100
tree	4e111e0575cfd841542d62118bfac99828c3c9cc
parent	f08bc50f9df8119353424cca929764250b465bcb [diff] [blame]