1typeattribute tombstoned coredomain;
2
3init_daemon_domain(tombstoned)
4
5get_prop(tombstoned, tombstone_config_prop)
6
7neverallow {
8    -init
9    -vendor_init
10    -dumpstate
11    -tombstoned
12} tombstone_config_prop:file no_rw_file_perms;
13