1*e4a36f41SAndroid Build Coastguard Workertypeattribute bootanim coredomain; 2*e4a36f41SAndroid Build Coastguard Worker 3*e4a36f41SAndroid Build Coastguard Workerinit_daemon_domain(bootanim) 4*e4a36f41SAndroid Build Coastguard Worker 5*e4a36f41SAndroid Build Coastguard Worker# b/68864350 6*e4a36f41SAndroid Build Coastguard Workerdontaudit bootanim unlabeled:dir search; 7*e4a36f41SAndroid Build Coastguard Worker 8*e4a36f41SAndroid Build Coastguard Worker# Bootanim should not be reading default vendor-defined properties. 9*e4a36f41SAndroid Build Coastguard Workerdontaudit bootanim vendor_default_prop:file read; 10*e4a36f41SAndroid Build Coastguard Worker 11*e4a36f41SAndroid Build Coastguard Worker# Read ro.boot.bootreason b/30654343 12*e4a36f41SAndroid Build Coastguard Workerget_prop(bootanim, bootloader_boot_reason_prop) 13*e4a36f41SAndroid Build Coastguard Worker 14*e4a36f41SAndroid Build Coastguard Workerget_prop(bootanim, bootanim_config_prop) 15*e4a36f41SAndroid Build Coastguard Worker 16*e4a36f41SAndroid Build Coastguard Worker# Allow updating boot animation status. 17*e4a36f41SAndroid Build Coastguard Workerset_prop(bootanim, bootanim_system_prop) 18*e4a36f41SAndroid Build Coastguard Worker 19*e4a36f41SAndroid Build Coastguard Worker# Allow accessing /data/misc/bootanim 20*e4a36f41SAndroid Build Coastguard Workerr_dir_file(bootanim, bootanim_data_file) 21*e4a36f41SAndroid Build Coastguard Worker 22*e4a36f41SAndroid Build Coastguard Worker# Allow accessing vendor apex for EGL/GLES 23*e4a36f41SAndroid Build Coastguard Workerallow bootanim vendor_apex_metadata_file:dir r_dir_perms; 24*e4a36f41SAndroid Build Coastguard Worker 25*e4a36f41SAndroid Build Coastguard Workerhal_client_domain(bootanim, hal_configstore) 26*e4a36f41SAndroid Build Coastguard Workerhal_client_domain(bootanim, hal_graphics_allocator) 27*e4a36f41SAndroid Build Coastguard Workerhal_client_domain(bootanim, hal_graphics_composer) 28*e4a36f41SAndroid Build Coastguard Worker 29*e4a36f41SAndroid Build Coastguard Workerbinder_use(bootanim) 30*e4a36f41SAndroid Build Coastguard Workerbinder_call(bootanim, surfaceflinger) 31*e4a36f41SAndroid Build Coastguard Workerbinder_call(bootanim, audioserver) 32*e4a36f41SAndroid Build Coastguard Worker 33*e4a36f41SAndroid Build Coastguard Workerhwbinder_use(bootanim) 34*e4a36f41SAndroid Build Coastguard Worker 35*e4a36f41SAndroid Build Coastguard Workerallow bootanim gpu_device:chr_file rw_file_perms; 36*e4a36f41SAndroid Build Coastguard Workerallow bootanim gpu_device:dir r_dir_perms; 37*e4a36f41SAndroid Build Coastguard Workerallow bootanim sysfs_gpu:file r_file_perms; 38*e4a36f41SAndroid Build Coastguard Worker 39*e4a36f41SAndroid Build Coastguard Worker# /oem access 40*e4a36f41SAndroid Build Coastguard Workerallow bootanim oemfs:dir r_dir_perms; 41*e4a36f41SAndroid Build Coastguard Worker# boot animations on oem are stored with specific label 42*e4a36f41SAndroid Build Coastguard Workerallow bootanim bootanim_oem_file:file r_file_perms; 43*e4a36f41SAndroid Build Coastguard Worker 44*e4a36f41SAndroid Build Coastguard Workerallow bootanim audio_device:dir r_dir_perms; 45*e4a36f41SAndroid Build Coastguard Workerallow bootanim audio_device:chr_file rw_file_perms; 46*e4a36f41SAndroid Build Coastguard Worker 47*e4a36f41SAndroid Build Coastguard Workerallow bootanim audioserver_service:service_manager find; 48*e4a36f41SAndroid Build Coastguard Workerallow bootanim surfaceflinger_service:service_manager find; 49*e4a36f41SAndroid Build Coastguard Workerallow bootanim surfaceflinger:unix_stream_socket { read write }; 50*e4a36f41SAndroid Build Coastguard Worker 51*e4a36f41SAndroid Build Coastguard Worker# Allow access to ion memory allocation device 52*e4a36f41SAndroid Build Coastguard Workerallow bootanim ion_device:chr_file rw_file_perms; 53*e4a36f41SAndroid Build Coastguard Worker 54*e4a36f41SAndroid Build Coastguard Worker# Allow access to DMA-BUF system heap 55*e4a36f41SAndroid Build Coastguard Workerallow bootanim dmabuf_system_heap_device:chr_file r_file_perms; 56*e4a36f41SAndroid Build Coastguard Worker 57*e4a36f41SAndroid Build Coastguard Workerallow bootanim hal_graphics_allocator:fd use; 58*e4a36f41SAndroid Build Coastguard Worker 59*e4a36f41SAndroid Build Coastguard Worker# Fences 60*e4a36f41SAndroid Build Coastguard Workerallow bootanim hal_graphics_composer:fd use; 61*e4a36f41SAndroid Build Coastguard Worker 62*e4a36f41SAndroid Build Coastguard Worker# Read access to pseudo filesystems. 63*e4a36f41SAndroid Build Coastguard Workerallow bootanim proc_meminfo:file r_file_perms; 64*e4a36f41SAndroid Build Coastguard Worker 65*e4a36f41SAndroid Build Coastguard Worker# System file accesses. 66*e4a36f41SAndroid Build Coastguard Workerallow bootanim system_file:dir r_dir_perms; 67*e4a36f41SAndroid Build Coastguard Worker 68*e4a36f41SAndroid Build Coastguard Worker# Allow bootanim to send information to statsd socket. 69*e4a36f41SAndroid Build Coastguard Workerunix_socket_send(bootanim, statsdw, statsd)