From f98da66ec044389ed89bc74be2e76b16f691a361 Mon Sep 17 00:00:00 2001 From: Ed Coyne <edcoyne@google.com> Date: Tue, 15 Aug 2017 16:22:19 -0700 Subject: [PATCH] DO NOT MERGE: Allow sepolicies granting bootanim exec on /oem. This is a backport of https://android-review.googlesource.com/#/c/platform/system/sepolicy/+/458738/ since domain.te moved from ./domain.te to ./public/domain.te a straight patch won't work. (cherry picked from commit I6462bf510562eb3fb06304e50b68fba05d37b285) Bug: 37992717 Test: Tested with Iot sepolicies in effect and bootanim can exec. Change-Id: I387243d1d35a1240bbb64561e3a72f150c1f2a2c --- domain.te | 1 + 1 file changed, 1 insertion(+) diff --git a/domain.te b/domain.te index a853b3a3d..b33ae642f 100644 --- a/domain.te +++ b/domain.te @@ -284,6 +284,7 @@ neverallow { neverallow { domain -appdomain # for oemfs + -bootanim # for oemfs -recovery # for /tmp/update_binary in tmpfs } { fs_type -rootfs }:file execute; # Files from cache should never be executed -- GitLab