diff --git a/domain.te b/domain.te
index 87ec2ee66f08d70505ed579f379929fb9adad99a..c7fe3be7a2c466a4b8b57cc362a4a790d505b0d6 100644
--- a/domain.te
+++ b/domain.te
@@ -397,3 +397,5 @@ neverallow domain {
 # TODO: prohibit non-zygote spawned processes from using shared libraries
 # with text relocations. b/20013628 .
 # neverallow { domain -appdomain } file_type:file execmod;
+
+neverallow { domain -init } proc:{ file dir } mounton;