From f98da66ec044389ed89bc74be2e76b16f691a361 Mon Sep 17 00:00:00 2001
From: Ed Coyne <edcoyne@google.com>
Date: Tue, 15 Aug 2017 16:22:19 -0700
Subject: [PATCH] DO NOT MERGE: Allow sepolicies granting bootanim exec on
 /oem.

This is a backport of
https://android-review.googlesource.com/#/c/platform/system/sepolicy/+/458738/

since domain.te moved from ./domain.te to ./public/domain.te a straight
patch won't work.

(cherry picked from commit I6462bf510562eb3fb06304e50b68fba05d37b285)

Bug: 37992717
Test: Tested with Iot sepolicies in effect and bootanim can exec.
Change-Id: I387243d1d35a1240bbb64561e3a72f150c1f2a2c
---
 domain.te | 1 +
 1 file changed, 1 insertion(+)

diff --git a/domain.te b/domain.te
index a853b3a3d..b33ae642f 100644
--- a/domain.te
+++ b/domain.te
@@ -284,6 +284,7 @@ neverallow {
 neverallow {
     domain
     -appdomain # for oemfs
+    -bootanim # for oemfs
     -recovery # for /tmp/update_binary in tmpfs
 } { fs_type -rootfs }:file execute;
 # Files from cache should never be executed
-- 
GitLab