sdm660-common: sepolicy: Address camera denials

Change-Id: I052adadca396fb104af49daec1d83047d0809416

sepolicy/vendor/hal_camera_default.te

@@ -4,3 +4,4 @@ binder_call(hal_camera_default, hal_graphics_allocator_default)
 allow hal_camera_default { hal_configstore_ISurfaceFlingerConfigs hal_graphics_allocator_hwservice }:hwservice_manager find;
 allow hal_camera_default sysfs:file { getattr open read };
 allow hal_camera_default sysfs_kgsl:file { getattr open read };
+set_prop(hal_camera_default, vendor_camera_prop)

sepolicy/vendor/property_contexts

@@ -1,5 +1,3 @@
-persist.camera.                     u:object_r:camera_prop:s0
-persist.vendor.camera.              u:object_r:camera_prop:s0
 sys.fp.goodix	u:object_r:hal_fingerprint_prop:s0
 sys.fp.vendor   u:object_r:hal_fingerprint_prop:s0
 persist.sys.fp.info u:object_r:hal_fingerprint_prop:s0
@@ -11,6 +9,14 @@ persist.vendor.sys.provision.status u:object_r:mlipay_prop:s0
 persist.sys.thermal.  u:object_r:thermal_engine_prop:s0
 sys.thermal.          u:object_r:thermal_engine_prop:s0
 
+# Camera
+camera.                             u:object_r:camera_prop:s0
+cameradaemon.SaveMemAtBoot          u:object_r:camera_prop:s0
+cpp.set.clock                       u:object_r:camera_prop:s0
+disable.cpp.power.collapse          u:object_r:camera_prop:s0
+persist.camera.                     u:object_r:camera_prop:s0
+persist.vendor.camera.              u:object_r:vendor_camera_prop:s0
+
 # Fingerprint
 gf.debug.dump_data                  u:object_r:vendor_fp_prop:s0
 persist.sys.fp.                     u:object_r:vendor_fp_prop:s0

sepolicy/vendor/vendor_init.te

@@ -11,3 +11,5 @@ allow vendor_init persist_debug_prop:property_service set;
 allow vendor_init persist_dpm_prop:property_service set;
 allow vendor_init qcom_ims_prop:property_service set;
 allow vendor_init rootfs:lnk_file setattr;
+set_prop(vendor_init, camera_prop)
+set_prop(vendor_init, vendor_camera_prop)