Restrict pod to pod communication using Istio authorization

Trying to restrict pod to pod communication using Istio authorization, followed steps as specified in Istio Documentation. Even after applying the authorization policy not able to restrict the traffic to a specific pod, service/pod is accessible from all pods in the namespace.

Below is the authorization policy

apiVersion: security.istio.io/v1beta1

kind: AuthorizationPolicy
metadata:
  name: whitelist-service
  namespace: default
spec:
  selector
    matchLabels:
      app.kubernetes.io/name: service-A
  action: ALLOW
  rules:
  - from:
    - source:
        principals: ["cluster.local/ns/default/sa/service-B-svc-account"]  
  - to:
    - operation:
       ports: ["9090"]

Also enabled the mTLS in the namespace but still not able to restrict traffic between 2 pods.

I am still relatively new to Istio so any help pointing me into the right direction would be most appreciated!