From fd352f11e0bf2bc150166e9a7c1b9c5e197055ca Mon Sep 17 00:00:00 2001
From: Nick Kralevich <nnk@google.com>
Date: Wed, 16 Apr 2014 16:31:23 -0700
Subject: [PATCH] Allow surfaceflinger to make binder call to bootanim

When SurfaceFlinger -- or any BufferQueue consumer -- releases a buffer, the
BufferQueue calls back into the producer side in case the producer cares.
This results in a notification from surfaceflinger to bootanim.

This callback started in d1c103655533321b5c74fbefff656838a8196153.

Addresses the following denial:

6.164348   type=1400 audit(1397612702.010:5): avc:  denied  { call } for  pid=128 comm="surfaceflinger" scontext=u:r:surfaceflinger:s0 tcontext=u:r:bootanim:s0 tclass=binder

Change-Id: I6f2d62a3ed81fde45150d2ae3ff05822bfda33fe
---
 surfaceflinger.te | 1 +
 1 file changed, 1 insertion(+)

diff --git a/surfaceflinger.te b/surfaceflinger.te
index 20fef957d..1fc18dbf2 100644
--- a/surfaceflinger.te
+++ b/surfaceflinger.te
@@ -13,6 +13,7 @@ unix_socket_connect(surfaceflinger, property, init)
 binder_use(surfaceflinger)
 binder_call(surfaceflinger, binderservicedomain)
 binder_call(surfaceflinger, appdomain)
+binder_call(surfaceflinger, bootanim)
 binder_service(surfaceflinger)
 
 # Binder IPC to bu, presently runs in adbd domain.
-- 
GitLab