Allow surfaceflinger to make binder call to bootanim When SurfaceFlinger -- or any BufferQueue consumer -- releases a buffer, the BufferQueue calls back into the producer side in case the producer cares. This results in a notification from surfaceflinger to bootanim. This callback started in d1c103655533321b5c74fbefff656838a8196153. Addresses the following denial: 6.164348 type=1400 audit(1397612702.010:5): avc: denied { call } for pid=128 comm="surfaceflinger" scontext=u:r:surfaceflinger:s0 tcontext=u:r:bootanim:s0 tclass=binder Change-Id: I6f2d62a3ed81fde45150d2ae3ff05822bfda33fe

commit: fd352f11e0bf2bc150166e9a7c1b9c5e197055ca [log] [tgz]
author: Nick Kralevich <nnk@google.com> Wed Apr 16 16:31:23 2014 -0700
committer: Nick Kralevich <nnk@google.com> Wed Apr 16 16:31:23 2014 -0700
tree: 22c4c2ab9ec3fe664045798b3f4c49196cf5cc01
parent: d434d601f75f2ce6cd1aba45ee2993c9f3336142 [diff]
diff --git a/surfaceflinger.te b/surfaceflinger.te
index 20fef95..1fc18db 100644
--- a/surfaceflinger.te
+++ b/surfaceflinger.te

@@ -13,6 +13,7 @@
 binder_use(surfaceflinger)
 binder_call(surfaceflinger, binderservicedomain)
 binder_call(surfaceflinger, appdomain)
+binder_call(surfaceflinger, bootanim)
 binder_service(surfaceflinger)
 
 # Binder IPC to bu, presently runs in adbd domain.
commit	fd352f11e0bf2bc150166e9a7c1b9c5e197055ca	[log] [tgz]
author	Nick Kralevich <nnk@google.com>	Wed Apr 16 16:31:23 2014 -0700
committer	Nick Kralevich <nnk@google.com>	Wed Apr 16 16:31:23 2014 -0700
tree	22c4c2ab9ec3fe664045798b3f4c49196cf5cc01
parent	d434d601f75f2ce6cd1aba45ee2993c9f3336142 [diff]