Start tracking vendor seapp coredomain violations

As part of Treble, enforce that vendor's seapp_contexts can't label apps
using coredomains. Apps installed to system/system_ext/product should be
labeled with platform side sepolicy.

This change marks violating domains that need to be fixed.

Bug: 296512193
Test: build oriole and see build log
Change-Id: I7d5b91014362a64f3d66b3913d4d1bc773d922c8

ambient/exo_app.te

@@ -1,5 +1,8 @@
 type exo_app, coredomain, domain;
 
+# TODO(b/296512193): move exo_app out of vendor sepolicy
+typeattribute exo_app vendor_seapp_assigns_coredomain_violators;
+
 app_domain(exo_app)
 net_domain(exo_app)
 

whitechapel/vendor/google/con_monitor.te

@@ -1,6 +1,9 @@
 # ConnectivityMonitor app
 type con_monitor_app, domain, coredomain;
 
+# TODO(b/296512193): move con_monitor_app out of vendor sepolicy
+typeattribute con_monitor_app vendor_seapp_assigns_coredomain_violators;
+
 app_domain(con_monitor_app)
 
 set_prop(con_monitor_app, radio_prop)

whitechapel/vendor/google/hbmsvmanager_app.te

@@ -1,5 +1,8 @@
 type hbmsvmanager_app, domain, coredomain;
 
+# TODO(b/296512193): move hbmsvmanager_app out of vendor sepolicy
+typeattribute hbmsvmanager_app vendor_seapp_assigns_coredomain_violators;
+
 app_domain(hbmsvmanager_app);
 
 allow hbmsvmanager_app proc_vendor_sched:dir r_dir_perms;