| Alex Klyubin | f5446eb | 2017-03-23 14:27:32 -0700 | [diff] [blame] | 1 | typeattribute bootanim coredomain; |
| 2 | |
| dcashman | cc39f63 | 2016-07-22 13:13:11 -0700 | [diff] [blame] | 3 | init_daemon_domain(bootanim) |
| Joel Galenson | f7ec413 | 2018-02-14 16:32:28 -0800 | [diff] [blame] | 4 | |
| 5 | # b/68864350 |
| 6 | dontaudit bootanim unlabeled:dir search; |
| Inseob Kim | 55e5c9b | 2020-03-04 17:20:35 +0900 | [diff] [blame] | 7 | |
| Jeff Vander Stoep | 67896ee | 2020-04-02 13:36:17 +0200 | [diff] [blame] | 8 | # Bootanim should not be reading default vendor-defined properties. |
| 9 | dontaudit bootanim vendor_default_prop:file read; |
| 10 | |
| Inseob Kim | 55e5c9b | 2020-03-04 17:20:35 +0900 | [diff] [blame] | 11 | # Read ro.boot.bootreason b/30654343 |
| 12 | get_prop(bootanim, bootloader_boot_reason_prop) |
| Robert Horvath | 8504938 | 2021-04-15 14:55:37 +0000 | [diff] [blame] | 13 | |
| Nicolas Geoffray | 6a31147 | 2021-04-28 13:57:11 +0100 | [diff] [blame] | 14 | get_prop(bootanim, bootanim_config_prop) |
| 15 | |
| 16 | # Allow updating boot animation status. |
| 17 | set_prop(bootanim, bootanim_system_prop) |
| Josh Yang | 1d967dd | 2021-12-23 14:37:41 -0800 | [diff] [blame] | 18 | |
| Lee George Thomas | 407e1cf | 2023-07-25 15:02:33 -0700 | [diff] [blame] | 19 | # Allow accessing /data/misc/bootanim |
| Josh Yang | 1d967dd | 2021-12-23 14:37:41 -0800 | [diff] [blame] | 20 | r_dir_file(bootanim, bootanim_data_file) |
| Jooyung Han | 87889b6 | 2023-11-06 18:16:40 +0900 | [diff] [blame] | 21 | |
| 22 | # Allow accessing vendor apex for EGL/GLES |
| 23 | allow bootanim vendor_apex_metadata_file:dir r_dir_perms; |
| Inseob Kim | 75806ef | 2024-03-27 17:18:41 +0900 | [diff] [blame^] | 24 | |
| 25 | hal_client_domain(bootanim, hal_configstore) |
| 26 | hal_client_domain(bootanim, hal_graphics_allocator) |
| 27 | hal_client_domain(bootanim, hal_graphics_composer) |
| 28 | |
| 29 | binder_use(bootanim) |
| 30 | binder_call(bootanim, surfaceflinger) |
| 31 | binder_call(bootanim, audioserver) |
| 32 | |
| 33 | hwbinder_use(bootanim) |
| 34 | |
| 35 | allow bootanim gpu_device:chr_file rw_file_perms; |
| 36 | allow bootanim gpu_device:dir r_dir_perms; |
| 37 | allow bootanim sysfs_gpu:file r_file_perms; |
| 38 | |
| 39 | # /oem access |
| 40 | allow bootanim oemfs:dir r_dir_perms; |
| 41 | # boot animations on oem are stored with specific label |
| 42 | allow bootanim bootanim_oem_file:file r_file_perms; |
| 43 | |
| 44 | allow bootanim audio_device:dir r_dir_perms; |
| 45 | allow bootanim audio_device:chr_file rw_file_perms; |
| 46 | |
| 47 | allow bootanim audioserver_service:service_manager find; |
| 48 | allow bootanim surfaceflinger_service:service_manager find; |
| 49 | allow bootanim surfaceflinger:unix_stream_socket { read write }; |
| 50 | |
| 51 | # Allow access to ion memory allocation device |
| 52 | allow bootanim ion_device:chr_file rw_file_perms; |
| 53 | |
| 54 | # Allow access to DMA-BUF system heap |
| 55 | allow bootanim dmabuf_system_heap_device:chr_file r_file_perms; |
| 56 | |
| 57 | allow bootanim hal_graphics_allocator:fd use; |
| 58 | |
| 59 | # Fences |
| 60 | allow bootanim hal_graphics_composer:fd use; |
| 61 | |
| 62 | # Read access to pseudo filesystems. |
| 63 | allow bootanim proc_meminfo:file r_file_perms; |
| 64 | |
| 65 | # System file accesses. |
| 66 | allow bootanim system_file:dir r_dir_perms; |