diff --git a/domain.te b/domain.te
index ffd1704c7830c2a7e83170c5b010927304c3d220..aab5f5c61684f3b115ec77f99ca200f448d0e265 100644
--- a/domain.te
+++ b/domain.te
@@ -397,3 +397,5 @@ neverallow domain {
 # TODO: prohibit non-zygote spawned processes from using shared libraries
 # with text relocations. b/20013628 .
 # neverallow { domain -appdomain } file_type:file execmod;
+
+neverallow { domain -init } proc:{ file dir } mounton;