strengthen vendor_file neverallows

no writing to vendor_file_type is the intention here, but they only restricted vendor_file. Bug: 281877578 Test: build (neverallow only change) Change-Id: Ic5459dcd420ee24bad8310a587a0b9b1cc5b966a
2023-05-18 00:05:24 +00:00 · 2023-05-18 00:05:24 +00:00 · 07e0430bd0
commit 07e0430bd0
parent 9c2a5cf0c9
1 changed files with 2 additions and 1 deletions
--- a/private/heapprofd.te
+++ b/private/heapprofd.te
@ -70,5 +70,6 @@ never_profile_heap(`{
 }')

 full_treble_only(`
-  neverallow heapprofd vendor_file:file { no_w_file_perms no_x_file_perms };
+  neverallow heapprofd vendor_file_type:file no_w_file_perms;
+  neverallow heapprofd { vendor_file_type -vndk_sp_file }:file no_x_file_perms;
 ')