| Inseob Kim | ff43be2 | 2021-06-07 16:56:56 +0900 | [diff] [blame] | 1 | # bootanimation oneshot service |
| 2 | type bootanim, domain; |
| 3 | type bootanim_exec, system_file_type, exec_type, file_type; |
| 4 | |
| 5 | hal_client_domain(bootanim, hal_configstore) |
| 6 | hal_client_domain(bootanim, hal_graphics_allocator) |
| 7 | hal_client_domain(bootanim, hal_graphics_composer) |
| 8 | |
| 9 | binder_use(bootanim) |
| 10 | binder_call(bootanim, surfaceflinger) |
| 11 | binder_call(bootanim, audioserver) |
| 12 | |
| 13 | hwbinder_use(bootanim) |
| 14 | |
| 15 | allow bootanim gpu_device:chr_file rw_file_perms; |
| 16 | |
| 17 | # /oem access |
| 18 | allow bootanim oemfs:dir search; |
| 19 | allow bootanim oemfs:file r_file_perms; |
| 20 | |
| 21 | allow bootanim audio_device:dir r_dir_perms; |
| 22 | allow bootanim audio_device:chr_file rw_file_perms; |
| 23 | |
| 24 | allow bootanim audioserver_service:service_manager find; |
| 25 | allow bootanim surfaceflinger_service:service_manager find; |
| 26 | allow bootanim surfaceflinger:unix_stream_socket { read write }; |
| 27 | |
| 28 | # Allow access to ion memory allocation device |
| 29 | allow bootanim ion_device:chr_file rw_file_perms; |
| 30 | |
| 31 | # Allow access to DMA-BUF system heap |
| 32 | allow bootanim dmabuf_system_heap_device:chr_file r_file_perms; |
| 33 | |
| 34 | allow bootanim hal_graphics_allocator:fd use; |
| 35 | |
| 36 | # Fences |
| 37 | allow bootanim hal_graphics_composer:fd use; |
| 38 | |
| 39 | # Read access to pseudo filesystems. |
| 40 | allow bootanim proc_meminfo:file r_file_perms; |
| 41 | |
| 42 | # System file accesses. |
| 43 | allow bootanim system_file:dir r_dir_perms; |