More neverallows for default_android_service. We don't want to accidentally allow this, and a neverallow also means that the issue will be found during development, instead of review. Fixes: 148081219 Test: compile policy only Change-Id: I57990a2a4ab9e5988b09dae2dd6a710ce8f53800

commit: a30464c06e78e3e943788d4750b47f82d049938c [log] [tgz]
author: Steven Moreland <smoreland@google.com> Tue Jan 21 10:18:57 2020 -0800
committer: Steven Moreland <smoreland@google.com> Tue Jan 21 11:13:22 2020 -0800
tree: e25cd76bce99eee89a17219041c89437d832c5cb
parent: 1d241db7e59b08c3d94ddc3d9e21be76d671ea9e [diff]
diff --git a/private/atrace.te b/private/atrace.te
index 2545c8b..ad7d177 100644
--- a/private/atrace.te
+++ b/private/atrace.te

@@ -37,6 +37,7 @@
   -installd_service
   -vold_service
   -lpdump_service
+  -default_android_service
 }:service_manager { find };
 allow atrace servicemanager:service_manager list;
 

diff --git a/private/system_app.te b/private/system_app.te
index ee18ab2..e5d7d18 100644
--- a/private/system_app.te
+++ b/private/system_app.te

@@ -93,6 +93,7 @@
   -virtual_touchpad_service
   -vold_service
   -vr_hwc_service
+  -default_android_service
 }:service_manager find;
 # suppress denials for services system_app should not be accessing.
 dontaudit system_app {
commit	a30464c06e78e3e943788d4750b47f82d049938c	[log] [tgz]
author	Steven Moreland <smoreland@google.com>	Tue Jan 21 10:18:57 2020 -0800
committer	Steven Moreland <smoreland@google.com>	Tue Jan 21 11:13:22 2020 -0800
tree	e25cd76bce99eee89a17219041c89437d832c5cb
parent	1d241db7e59b08c3d94ddc3d9e21be76d671ea9e [diff]