label boot animations on oem with bootanim_oem_file Bootanimation only access boot animation files on oem. Label these files with bootanim_oem_file and remove oemfs file allow rule. Also allow mediaserver and app to read this new label as they can access /oem/media folder. Bug: 324437684 Test: Confirm that boot animation on oem is shown without violations Change-Id: I940ccde9391a5daa920f31926d32e68b1de5b7eb

commit: 1f915b4b13e6d79070661bdbf4627af47aeba3b7 [log] [tgz]
author: Håkan Kvist <hakan.kvist@sony.com> Thu Feb 15 08:34:47 2024 +0100
committer: Håkan Kvist <hakan.kvist@sony.com> Fri Feb 16 11:08:30 2024 +0100
tree: 41caa56753b301ad275f1a143ef3c04b6da67f44
parent: 537a704088eb06f5027b41c565d5bac8b78c0ccc [diff] [blame]
diff --git a/private/file_contexts b/private/file_contexts
index 7d9660b..3a65d81 100644
--- a/private/file_contexts
+++ b/private/file_contexts

@@ -457,6 +457,9 @@
 
 /oem(/.*)?              u:object_r:oemfs:s0
 /oem/overlay(/.*)?      u:object_r:vendor_overlay_file:s0
+/oem/media/bootanimation.zip            u:object_r:bootanim_oem_file:s0
+/oem/media/shutdownanimation.zip        u:object_r:bootanim_oem_file:s0
+/oem/media/userspace-reboot.zip         u:object_r:bootanim_oem_file:s0
 
 # The precompiled monolithic sepolicy will be under /odm only when
 # BOARD_USES_ODMIMAGE is true: a separate odm.img is built.
commit	1f915b4b13e6d79070661bdbf4627af47aeba3b7	[log] [tgz]
author	Håkan Kvist <hakan.kvist@sony.com>	Thu Feb 15 08:34:47 2024 +0100
committer	Håkan Kvist <hakan.kvist@sony.com>	Fri Feb 16 11:08:30 2024 +0100
tree	41caa56753b301ad275f1a143ef3c04b6da67f44
parent	537a704088eb06f5027b41c565d5bac8b78c0ccc [diff] [blame]