sdm660-common: sepolicy: Address more denials

sepolicy/vendor/gmscore_app.te

@@ -0,0 +1,3 @@
+allow gmscore_app blkio_dev:dir search;
+allow gmscore_app bt_firmware_file:filesystem getattr;
+allow gmscore_app firmware_file:filesystem getattr;

sepolicy/vendor/hal_camera_default.te

@@ -5,6 +5,7 @@ allow hal_camera_default sysfs:file { getattr open read };
 allow hal_camera_default sysfs_kgsl:dir search;
 allow hal_camera_default sysfs_kgsl:file r_file_perms;
 allow hal_camera_default vendor_video_prop:file r_file_perms;
+allow hal_camera_default vendor_default_prop:property_service set;
 
 binder_call(hal_camera_default, hal_configstore_default)
 binder_call(hal_camera_default, hal_graphics_allocator_default)

sepolicy/vendor/platform_app.te

@@ -1 +1,2 @@
+allow platform_app blkio_dev:dir search;
 allow platform_app sysfs_kgsl:dir search;

sepolicy/vendor/priv_app.te

@@ -0,0 +1 @@
+allow priv_app blkio_dev:dir search;

sepolicy/vendor/property_contexts

@@ -46,4 +46,5 @@ persist.sys.thermal.                    u:object_r:thermal_engine_prop:s0
 sys.thermal.                            u:object_r:thermal_engine_prop:s0
 
 # vendor_default_prop
+vendor.camera.cpuperf.en                u:object_r:vendor_default_prop:s0
 vendor.display.lcd_density              u:object_r:vendor_default_prop:s0

sepolicy/vendor/system_server.te

@@ -1,3 +1,4 @@
+allow system_server app_zygote:process getpgid;
 allow system_server blkio_dev:dir search;
 allow system_server default_android_service:service_manager add;
 allow system_server exported_camera_prop:file read;