Label GCA-Eng app

- Add policies for GCA-Eng to access GXP device.
 - Allow GCA-Eng to access edgetpu service.

Test: Build selinux and test GCA-Eng on device with
      adb shell setprop camera.artemis_dsp TRUE

Bug: 230773733
Change-Id: I8d04f6e1aef0899b3862ddbb80174cd086156d92

edgetpu/debug_camera_app.te

@@ -0,0 +1,5 @@
+userdebug_or_eng(`
+	# Allows GCA-Eng to find and access the EdgeTPU.
+	allow debug_camera_app edgetpu_app_service:service_manager find;
+	allow debug_camera_app edgetpu_device:chr_file { getattr read write ioctl map };
+')

whitechapel_pro/certs/camera_eng.x509.pem

@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICpzCCAmWgAwIBAgIEUAV8QjALBgcqhkjOOAQDBQAwNzELMAkGA1UEBhMCVVMx
+EDAOBgNVBAoTB0FuZHJvaWQxFjAUBgNVBAMTDUFuZHJvaWQgRGVidWcwHhcNMTIw
+NzE3MTQ1MjUwWhcNMjIwNzE1MTQ1MjUwWjA3MQswCQYDVQQGEwJVUzEQMA4GA1UE
+ChMHQW5kcm9pZDEWMBQGA1UEAxMNQW5kcm9pZCBEZWJ1ZzCCAbcwggEsBgcqhkjO
+OAQBMIIBHwKBgQD9f1OBHXUSKVLfSpwu7OTn9hG3UjzvRADDHj+AtlEmaUVdQCJR
++1k9jVj6v8X1ujD2y5tVbNeBO4AdNG/yZmC3a5lQpaSfn+gEexAiwk+7qdf+t8Yb
++DtX58aophUPBPuD9tPFHsMCNVQTWhaRMvZ1864rYdcq7/IiAxmd0UgBxwIVAJdg
+UI8VIwvMspK5gqLrhAvwWBz1AoGBAPfhoIXWmz3ey7yrXDa4V7l5lK+7+jrqgvlX
+TAs9B4JnUVlXjrrUWU/mcQcQgYC0SRZxI+hMKBYTt88JMozIpuE8FnqLVHyNKOCj
+rh4rs6Z1kW6jfwv6ITVi8ftiegEkO8yk8b6oUZCJqIPf4VrlnwaSi2ZegHtVJWQB
+TDv+z0kqA4GEAAKBgGrRG9fVZtJ69DnALkForP1FtL6FvJmMe5uOHHdUaT+MDUKK
+pPzhEISBOEJPpozRMFJO7/bxNzhjgi+mNymL/k1GoLhmZe7wQRc5AQNbHIBqoxgY
+DTA6qMyeWSPgam+r+nVoPEU7sgd3fPL958+xmxQwOBSqHfe0PVsiK1cGtIuUMAsG
+ByqGSM44BAMFAAMvADAsAhQJ0tGwRwIptb7SkCZh0RLycMXmHQIUZ1ACBqeAULp4
+rscXTxYEf4Tqovc=
+-----END CERTIFICATE-----

whitechapel_pro/debug_camera_app.te

@@ -0,0 +1,18 @@
+type debug_camera_app, domain, coredomain;
+
+userdebug_or_eng(`
+	app_domain(debug_camera_app)
+
+	allow debug_camera_app app_api_service:service_manager find;
+	allow debug_camera_app audioserver_service:service_manager find;
+	allow debug_camera_app cameraserver_service:service_manager find;
+	allow debug_camera_app mediaextractor_service:service_manager find;
+	allow debug_camera_app mediametrics_service:service_manager find;
+	allow debug_camera_app mediaserver_service:service_manager find;
+
+	# Allows camera app to access the GXP device.
+	allow debug_camera_app gxp_device:chr_file rw_file_perms;
+
+	# Allows camera app to search for GXP firmware file.
+	allow debug_camera_app vendor_fw_file:dir search;
+')

whitechapel_pro/keys.conf

@@ -9,3 +9,6 @@ ALL : device/google/gs201-sepolicy/whitechapel_pro/certs/com_qorvo_uwb.x509.pem
 
 [@EUICCSUPPORTPIXEL]
 ALL : device/google/gs201-sepolicy/whitechapel_pro/certs/EuiccSupportPixel.x509.pem
+
+[@CAMERAENG]
+ALL : device/google/gs201-sepolicy/whitechapel_pro/certs/camera_eng.x509.pem

whitechapel_pro/mac_permissions.xml

@@ -33,4 +33,7 @@
     <signer signature="@EUICCSUPPORTPIXEL" >
         <seinfo value="EuiccSupportPixel" />
     </signer>
+    <signer signature="@CAMERAENG" >
+      <seinfo value="CameraEng" />
+    </signer>
 </policy>

whitechapel_pro/seapp_contexts

@@ -57,6 +57,9 @@ user=system seinfo=platform name=com.google.SSRestartDetector domain=ssr_detecto
 # Google Camera
 user=_app isPrivApp=true seinfo=google name=com.google.android.GoogleCamera domain=google_camera_app type=app_data_file levelFrom=all
 
+# Google Camera Eng
+user=_app seinfo=CameraEng name=com.google.android.GoogleCameraEng domain=debug_camera_app type=app_data_file levelFrom=all
+
 # Domain for CatEngineService
 user=system seinfo=platform name=com.google.android.CatEngine domain=cat_engine_service_app type=system_app_data_file levelFrom=all