Allow surfaceflinger to make binder call to bootanim

When SurfaceFlinger -- or any BufferQueue consumer -- releases a buffer, the BufferQueue calls back into the producer side in case the producer cares. This results in a notification from surfaceflinger to bootanim. This callback started in d1c103655533321b5c74fbefff656838a8196153. Addresses the following denial: 6.164348 type=1400 audit(1397612702.010:5): avc: denied { call } for pid=128 comm="surfaceflinger" scontext=u:r:surfaceflinger:s0 tcontext=u:r:bootanim:s0 tclass=binder Change-Id: I6f2d62a3ed81fde45150d2ae3ff05822bfda33fe
2014-04-16 16:31:23 -07:00 · 2014-04-16 16:31:23 -07:00 · fd352f11e0
commit fd352f11e0
parent d434d601f7
1 changed files with 1 additions and 0 deletions
--- a/surfaceflinger.te
+++ b/surfaceflinger.te
@ -13,6 +13,7 @@ unix_socket_connect(surfaceflinger, property, init)
 binder_use(surfaceflinger)
 binder_call(surfaceflinger, binderservicedomain)
 binder_call(surfaceflinger, appdomain)
+binder_call(surfaceflinger, bootanim)
 binder_service(surfaceflinger)

 # Binder IPC to bu, presently runs in adbd domain.