bootanim.te - LeafOS-Project/android_system_sepolicy - Gitiles

 # bootanimation oneshot service
 type bootanim, domain;
 type bootanim_exec, exec_type, file_type;

 init_daemon_domain(bootanim)

 binder_use(bootanim)
 binder_call(bootanim, surfaceflinger)

 allow bootanim gpu_device:chr_file rw_file_perms;

 # /oem access
 allow bootanim oemfs:dir search;
 allow bootanim oemfs:file r_file_perms;

 allow bootanim audio_device:dir r_dir_perms;
 allow bootanim audio_device:chr_file rw_file_perms;

 # Audited locally.
 service_manager_local_audit_domain(bootanim)
 auditallow bootanim { service_manager_type -surfaceflinger_service }:service_manager find;
	# bootanimation oneshot service
	type bootanim, domain;
	type bootanim_exec, exec_type, file_type;

	init_daemon_domain(bootanim)

	binder_use(bootanim)
	binder_call(bootanim, surfaceflinger)

	allow bootanim gpu_device:chr_file rw_file_perms;

	# /oem access
	allow bootanim oemfs:dir search;
	allow bootanim oemfs:file r_file_perms;

	allow bootanim audio_device:dir r_dir_perms;
	allow bootanim audio_device:chr_file rw_file_perms;

	# Audited locally.
	service_manager_local_audit_domain(bootanim)
	auditallow bootanim { service_manager_type -surfaceflinger_service }:service_manager find;