diff --git a/public/domain.te b/public/domain.te
index 5b1f1a889f471dc108bdd9890a70bfc0200e8290..95b18c92ba79b7588ffe89f5159dd75186f6a1cb 100644
--- a/public/domain.te
+++ b/public/domain.te
@@ -366,6 +366,7 @@ neverallow {
 neverallow {
     domain
     -appdomain # for oemfs
+    -bootanim # for oemfs
     -recovery # for /tmp/update_binary in tmpfs
 } { fs_type -rootfs }:file execute;
 # Files from cache should never be executed