platform_system_sepolicy/bootanim.te

# bootanimation oneshot service
type bootanim, domain;
type bootanim_exec, exec_type, file_type;

init_daemon_domain(bootanim)

binder_use(bootanim)
binder_call(bootanim, surfaceflinger)

allow bootanim gpu_device:chr_file rw_file_perms;

# /oem access
allow bootanim oemfs:dir search;
allow bootanim oemfs:file r_file_perms;

# Audited locally.
service_manager_local_audit_domain(bootanim)
auditallow bootanim { service_manager_type -surfaceflinger_service }:service_manager find;
Define a domain for the bootanim service. Leave the domain permissive initially until it gets more testing. Change-Id: I9d88d76d1ffdc79a2eff4545d37a9e615482df50 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> 2013-12-11 21:17:53 +01:00			`# bootanimation oneshot service`
			`type bootanim, domain;`
			`type bootanim_exec, exec_type, file_type;`

			`init_daemon_domain(bootanim)`

			`binder_use(bootanim)`
			`binder_call(bootanim, surfaceflinger)`

			`allow bootanim gpu_device:chr_file rw_file_perms;`
reconcile aosp (3a8c5dc05fb7696dd81b8a7c1b2524224154e8ea) after branching. Please do not merge. Change-Id: Ic8ee83ed6ffef02bddd17e1175416fc2481db7b2 2014-07-15 08:31:31 +02:00
			`# /oem access`
			`allow bootanim oemfs:dir search;`
sepolicy for oem cutomization Added read permissions for bootanimation Bug: 16635599 Change-Id: Ib5d0ba5a6d1144ff831f4f0eda092879f853c376 2014-09-22 22:03:52 +02:00			`allow bootanim oemfs:file r_file_perms;`
Resync lmp-dev-plus-aosp with master A DO NOT MERGE change merged from lmp-dev to lmp-dev-plus-aosp. This is expected, but it's causing unnecessary merge conflicts when handling AOSP contributions. Resolve those conflicts. This is essentially a revert of bf696327246833c9aba55a645e6c433e9f321e27 for lmp-dev-plus-aosp only. Change-Id: Icc66def7113ab45176ae015f659cb442d53bce5c 2014-07-26 00:19:47 +02:00
			`# Audited locally.`
			`service_manager_local_audit_domain(bootanim)`
			`auditallow bootanim { service_manager_type -surfaceflinger_service }:service_manager find;`