strengthen vendor_file neverallows

no writing to vendor_file_type is the intention
here, but they only restricted vendor_file.

Bug: 281877578
Test: build (neverallow only change)

Change-Id: Ic5459dcd420ee24bad8310a587a0b9b1cc5b966a
This commit is contained in:
Steven Moreland 2023-05-18 00:05:24 +00:00
parent 9c2a5cf0c9
commit 07e0430bd0

View file

@ -70,5 +70,6 @@ never_profile_heap(`{
}')
full_treble_only(`
neverallow heapprofd vendor_file:file { no_w_file_perms no_x_file_perms };
neverallow heapprofd vendor_file_type:file no_w_file_perms;
neverallow heapprofd { vendor_file_type -vndk_sp_file }:file no_x_file_perms;
')