Allow camera to notify traced of a notable event (marlin/sailfish)

Most apps already have the permission to act as full producers
(isolated_app, ephemeral_app, priv_app, untrusted_app_all), but
the camera doesn't inherit that as it runs in its own domain.

Granting only the socket (i.e. ipc) permission, as:
* only that is needed at the moment.
* granting the shmem/fd permissions would require a broader change, as traced_tmpfs is declared in private/.

Specific denial:
05-20 13:56:20.303  7751  7751 W trigger_perfett: type=1400 audit(0.0:19): avc: denied { write } for name="traced_producer" dev="tmpfs" ino=7061 scontext=u:r:google_camera_app:s0:c181,c256,c512,c768 tcontext=u:object_r:traced_producer_socket:s0 tclass=sock_file permissive=0 app=com.google.android.GoogleCamera

Bug: 130543265
Tested: extrapolating from the same fix on crosshatch, tested manually on blueline-userdebug.
Merged-In: Ie34f60051b33eb6e4d4e95d96988e4223e7dc0d4
Change-Id: Ie34f60051b33eb6e4d4e95d96988e4223e7dc0d4
(cherry picked from commit ef1060c885767ccd2b71e17eaf7c32f907537d15)

1 files changed, 3 insertions, 0 deletions

diff --git a/sepolicy/google_camera_app.te b/sepolicy/google_camera_app.te
index c5c417ac..3689ce8c 100644
--- a/sepolicy/google_camera_app.te
+++ b/sepolicy/google_camera_app.te
@@ -46,3 +46,6 @@ allow google_camera_app system_app_data_file:file { read write getattr };
 # /vendor for the application. The policy build MUST also catch the violations
 typeattribute google_camera_app system_executes_vendor_violators;
 r_dir_file(google_camera_app, vendor_file)
+
+# Allow notifying Perfetto traced daemon that a notable event has occurred.
+unix_socket_connect(google_camera_app, traced_producer, traced)