When building AOSP, how to prevent ADB access to services.jar?

I'm building a custom Android 10 firmware. I want to prevent the user of the device from being able to copy the firmware code from the device via ADB.

It's a USER build variant.

The user must have ADB access and can't limit it to specific commands.

Currently to get the code he could just do, for example:

adb pull /system/framework/services.jar

How can I modify AOSP to limit this access? Preferably l would like to prevent access to any other way to get the code from a running device.

Note:

I know obfuscation is an option, rather have a stronger prevention.
The user is prevented from going into bootloader mode.

Solution

You can restrict shell process to which all partitions it can get access to. This can be achieved by making the changes in SELinux policy.

Reference: https://source.android.com/security/selinux/customize

Restricting usage for an Android key for a Google API
Android menu item visibility change in runtime
Flutter android build issue post flutter update
Software Components will not be created automatically for Maven publishing from Android Gradle Plugin 8.0
"drag control" for Android games
Android Studio stuck on loading devices
Android gradle plugin 8.1.0 change apk name
Get single integer from list on click
No Android SDK found. Try setting the ANDROID_SDK_ROOT environment variable
License for package Android SDK Platform 29 not accepted
"Failed to install the following Android SDK packages as some licences have not been accepted" error
onPageSelected callback for JetPack Compose Pager
Android Studio Keyboard shortcut control
Video Overflows from Bottom Sheet When Scrolling
Get the background color of a button in android
Simple export and import of a SQLite database on Android
Image actual height differences
Access Unity variables in eclipse
Create pre build event to copy files to assets folder in Android application
Set background color for the whole app. Android, Jetpack Compose
I cannot get the permission window to appear using "requestPermissionLauncher.launch(permissions)"
How can I document or exclude the generated BuildConfig class in my documentation?
Android 13 How to save image in galery .Net MAUI
Could not find org.apache.cordova:framework:7.0.0 after removing jcenter() in Android
How to darken a given color (int)
Customize android app preview when it is in background with secure flag
Foreground Service crashing on Android 14
android studio rebuild error : Unable to find Gradle tasks to build why?
Thellmund WeekView Library horizontalScrollListener
FCM notification not received without permission