| # bootanimation oneshot service |
| type bootanim, domain; |
| type bootanim_exec, system_file_type, exec_type, file_type; |
| |
| hal_client_domain(bootanim, hal_configstore) |
| hal_client_domain(bootanim, hal_graphics_allocator) |
| hal_client_domain(bootanim, hal_graphics_composer) |
| |
| binder_use(bootanim) |
| binder_call(bootanim, surfaceflinger) |
| binder_call(bootanim, audioserver) |
| |
| hwbinder_use(bootanim) |
| |
| allow bootanim gpu_device:chr_file rw_file_perms; |
| allow bootanim gpu_device:dir r_dir_perms; |
| allow bootanim sysfs_gpu:file r_file_perms; |
| |
| # /oem access |
| r_dir_file(bootanim, oemfs); |
| |
| allow bootanim audio_device:dir r_dir_perms; |
| allow bootanim audio_device:chr_file rw_file_perms; |
| |
| allow bootanim audioserver_service:service_manager find; |
| allow bootanim surfaceflinger_service:service_manager find; |
| allow bootanim surfaceflinger:unix_stream_socket { read write }; |
| |
| # Allow access to ion memory allocation device |
| allow bootanim ion_device:chr_file rw_file_perms; |
| |
| # Allow access to DMA-BUF system heap |
| allow bootanim dmabuf_system_heap_device:chr_file r_file_perms; |
| |
| allow bootanim hal_graphics_allocator:fd use; |
| |
| # Fences |
| allow bootanim hal_graphics_composer:fd use; |
| |
| # Read access to pseudo filesystems. |
| allow bootanim proc_meminfo:file r_file_perms; |
| |
| # System file accesses. |
| allow bootanim system_file:dir r_dir_perms; |