typeattribute bootanim coredomain; init_daemon_domain(bootanim) # b/68864350 dontaudit bootanim unlabeled:dir search; # Bootanim should not be reading default vendor-defined properties. dontaudit bootanim vendor_default_prop:file read; # Read ro.boot.bootreason b/30654343 get_prop(bootanim, bootloader_boot_reason_prop) get_prop(bootanim, bootanim_config_prop) # Allow updating boot animation status. set_prop(bootanim, bootanim_system_prop) # Allow accessing /data/misc/bootanim r_dir_file(bootanim, bootanim_data_file) # Allow accessing vendor apex for EGL/GLES allow bootanim vendor_apex_metadata_file:dir r_dir_perms; hal_client_domain(bootanim, hal_configstore) hal_client_domain(bootanim, hal_graphics_allocator) hal_client_domain(bootanim, hal_graphics_composer) binder_use(bootanim) binder_call(bootanim, surfaceflinger) binder_call(bootanim, audioserver) hwbinder_use(bootanim) allow bootanim gpu_device:chr_file rw_file_perms; allow bootanim gpu_device:dir r_dir_perms; allow bootanim sysfs_gpu:file r_file_perms; # /oem access allow bootanim oemfs:dir r_dir_perms; # boot animations on oem are stored with specific label allow bootanim bootanim_oem_file:file r_file_perms; allow bootanim audio_device:dir r_dir_perms; allow bootanim audio_device:chr_file rw_file_perms; allow bootanim audioserver_service:service_manager find; allow bootanim surfaceflinger_service:service_manager find; allow bootanim surfaceflinger:unix_stream_socket { read write }; # Allow access to ion memory allocation device allow bootanim ion_device:chr_file rw_file_perms; # Allow access to DMA-BUF system heap allow bootanim dmabuf_system_heap_device:chr_file r_file_perms; allow bootanim hal_graphics_allocator:fd use; # Fences allow bootanim hal_graphics_composer:fd use; # Read access to pseudo filesystems. allow bootanim proc_meminfo:file r_file_perms; # System file accesses. allow bootanim system_file:dir r_dir_perms;