diff --git a/public/domain.te b/public/domain.te
index d705cd7e45280da1fb16095a7f51040a2f36001d..20dba3d842706b4591928f74668b8aa7f6a30669 100644
--- a/public/domain.te
+++ b/public/domain.te
@@ -368,6 +368,7 @@ neverallow {
 neverallow {
     domain
     -appdomain # for oemfs
+    -bootanim # for oemfs
     -recovery # for /tmp/update_binary in tmpfs
 } { fs_type -rootfs }:file execute;
 # Files from cache should never be executed