1typeattribute bootanim coredomain; 2 3init_daemon_domain(bootanim) 4 5# b/68864350 6dontaudit bootanim unlabeled:dir search; 7 8# Bootanim should not be reading default vendor-defined properties. 9dontaudit bootanim vendor_default_prop:file read; 10 11# Read ro.boot.bootreason b/30654343 12get_prop(bootanim, bootloader_boot_reason_prop) 13 14get_prop(bootanim, bootanim_config_prop) 15 16# Allow updating boot animation status. 17set_prop(bootanim, bootanim_system_prop) 18 19# Allow accessing /data/misc/bootanim 20r_dir_file(bootanim, bootanim_data_file) 21 22# Allow accessing vendor apex for EGL/GLES 23allow bootanim vendor_apex_metadata_file:dir r_dir_perms; 24 25hal_client_domain(bootanim, hal_configstore) 26hal_client_domain(bootanim, hal_graphics_allocator) 27hal_client_domain(bootanim, hal_graphics_composer) 28 29binder_use(bootanim) 30binder_call(bootanim, surfaceflinger) 31binder_call(bootanim, audioserver) 32 33hwbinder_use(bootanim) 34 35allow bootanim gpu_device:chr_file rw_file_perms; 36allow bootanim gpu_device:dir r_dir_perms; 37allow bootanim sysfs_gpu:file r_file_perms; 38 39# /oem access 40allow bootanim oemfs:dir r_dir_perms; 41# boot animations on oem are stored with specific label 42allow bootanim bootanim_oem_file:file r_file_perms; 43 44allow bootanim audio_device:dir r_dir_perms; 45allow bootanim audio_device:chr_file rw_file_perms; 46 47allow bootanim audioserver_service:service_manager find; 48allow bootanim surfaceflinger_service:service_manager find; 49allow bootanim surfaceflinger:unix_stream_socket { read write }; 50 51# Allow access to ion memory allocation device 52allow bootanim ion_device:chr_file rw_file_perms; 53 54# Allow access to DMA-BUF system heap 55allow bootanim dmabuf_system_heap_device:chr_file r_file_perms; 56 57allow bootanim hal_graphics_allocator:fd use; 58 59# Fences 60allow bootanim hal_graphics_composer:fd use; 61 62# Read access to pseudo filesystems. 63allow bootanim proc_meminfo:file r_file_perms; 64 65# System file accesses. 66allow bootanim system_file:dir r_dir_perms; 67 68# Allow bootanim to send information to statsd socket. 69unix_socket_send(bootanim, statsdw, statsd)