Skip to content
Snippets Groups Projects
Normal view Permalink
bootanim.te 1.04 KiB
Newer Older
  • Learn to ignore specific revisions
    • Stephen Smalley's avatar
    Define a domain for the bootanim service.
    Stephen Smalley committed
    1 
    # bootanimation oneshot service
    Jeff Vander Stoep's avatar
    bootanim: Remove domain_deprecated  
    Jeff Vander Stoep committed
    2 
    type bootanim, domain;
    Stephen Smalley's avatar
    Define a domain for the bootanim service.
    Stephen Smalley committed
    3 4 5 6 
    type bootanim_exec, exec_type, file_type;

binder_use(bootanim)
binder_call(bootanim, surfaceflinger)
    Geoffrey Pitsch's avatar
    Allow audioserver for bootanim.  
    Geoffrey Pitsch committed
    7 
    binder_call(bootanim, audioserver)
    Stephen Smalley's avatar
    Define a domain for the bootanim service.
    Stephen Smalley committed
    8
    Martijn Coenen's avatar
    Allow bootanimation to talk to hwservicemanager.  
    Martijn Coenen committed
    9 10 
    hwbinder_use(bootanim)
    Stephen Smalley's avatar
    Define a domain for the bootanim service.
    Stephen Smalley committed
    11 
    allow bootanim gpu_device:chr_file rw_file_perms;
    Ed Heyl's avatar
    reconcile aosp (3a8c5dc05fb7696dd81b8a7c1b2524224154e8ea) after branching. Please do not merge.  
    Ed Heyl committed
    12 13 14 
    
# /oem access
allow bootanim oemfs:dir search;
    Vineeta Srivastava's avatar
    sepolicy for oem cutomization  
    Vineeta Srivastava committed
    15 
    allow bootanim oemfs:file r_file_perms;
    Nick Kralevich's avatar
    Resync lmp-dev-plus-aosp with master  
    Nick Kralevich committed
    16
    Mike Lockwood's avatar
    Give bootanimation access to /dev/snd files so it can use tinyalsa  
    Mike Lockwood committed
    17 18 
    allow bootanim audio_device:dir r_dir_perms;
allow bootanim audio_device:chr_file rw_file_perms;
    Mike Lockwood's avatar
    resolved conflicts for merge of 0a52df50 to lmp-dev-plus-aosp  
    Mike Lockwood committed
    19
    Geoffrey Pitsch's avatar
    Allow audioserver for bootanim.  
    Geoffrey Pitsch committed
    20 
    allow bootanim audioserver_service:service_manager find;
    dcashman's avatar
    Restrict service_manager find and list access.  
    dcashman committed
    21 
    allow bootanim surfaceflinger_service:service_manager find;
    Eric Laurent's avatar
    DO NOT MERGE - fix truncated boot sound.  
    Eric Laurent committed
    22 
    allow bootanim audioserver_service:service_manager find;
    Jeff Vander Stoep's avatar
    bootanim: Remove domain_deprecated  
    Jeff Vander Stoep committed
    23 24 25 
    
# Allow access to ion memory allocation device
allow bootanim ion_device:chr_file rw_file_perms;
    Chia-I Wu's avatar
    Add sepolicy for gralloc-alloc HAL  
    Chia-I Wu committed
    26 
    allow bootanim hal_graphics_allocator:fd use;
    Jeff Vander Stoep's avatar
    bootanim: Remove domain_deprecated  
    Jeff Vander Stoep committed
    27
    Chia-I Wu's avatar
    Add sepolicy for hwcomposer HAL  
    Chia-I Wu committed
    28 29 30 
    # Fences
allow bootanim hal_graphics_composer:fd use;
    Jeff Vander Stoep's avatar
    bootanim: Remove domain_deprecated  
    Jeff Vander Stoep committed
    31 32 
    # Read access to pseudo filesystems.
r_dir_file(bootanim, proc)
    Nick Kralevich's avatar
    bootanim: allow /proc/meminfo read  
    Nick Kralevich committed
    33 
    allow bootanim proc_meminfo:file r_file_perms;
    Jeff Vander Stoep's avatar
    bootanim: Remove domain_deprecated  
    Jeff Vander Stoep committed
    34 35 36 37 38 
    r_dir_file(bootanim, sysfs)
r_dir_file(bootanim, cgroup)

# System file accesses.
allow bootanim system_file:dir r_dir_perms;