diff --git a/public/domain.te b/public/domain.te
index f5c72cc4d5806e6fdbf1bc82567a4c34972bf79f..c471a50f1d6918ed63aef32b8343924e2a4cf9be 100644
--- a/public/domain.te
+++ b/public/domain.te
@@ -369,6 +369,7 @@ neverallow {
 neverallow {
     domain
     -appdomain # for oemfs
+    -bootanim # for oemfs
     -recovery # for /tmp/update_binary in tmpfs
 } { fs_type -rootfs }:file execute;
 # Files from cache should never be executed