sm8550-common: Address some binder call denials to system_app

W com.android.settings: type=1400 audit(0.0:4743): avc:  denied  { call } for  comm=4173796E635461736B20233130 scontext=u:r:system_app:s0 tcontext=u:r:hal_fingerprint_default:s0 tclass=binder permissive=0
W com.android.settings: type=1400 audit(0.0:4744): avc:  denied  { call } for  comm=4173796E635461736B20233130 scontext=u:r:system_app:s0 tcontext=u:r:hal_audio_default:s0 tclass=binder permissive=0
W com.android.settings: type=1400 audit(0.0:4745): avc:  denied  { call } for  comm=4173796E635461736B20233130 scontext=u:r:system_app:s0 tcontext=u:r:hal_camera_default:s0 tclass=binder permissive=0
W com.android.settings: type=1400 audit(0.0:4746): avc:  denied  { call } for  comm=4173796E635461736B20233130 scontext=u:r:system_app:s0 tcontext=u:r:vendor_hal_gnss_qti:s0 tclass=binder permissive=0
W com.android.settings: type=1400 audit(0.0:4747): avc:  denied  { call } for  comm=4173796E635461736B20233130 scontext=u:r:system_app:s0 tcontext=u:r:hal_health_default:s0 tclass=binder permissive=0
W com.android.settings: type=1400 audit(0.0:4748): avc:  denied  { call } for  comm=4173796E635461736B20233130 scontext=u:r:system_app:s0 tcontext=u:r:hal_memtrack_default:s0 tclass=binder permissive=0
W com.android.settings: type=1400 audit(0.0:4749): avc:  denied  { call } for  comm=4173796E635461736B20233130 scontext=u:r:system_app:s0 tcontext=u:r:hal_power_default:s0 tclass=binder permissive=0

sepolicy/vendor/hal_audio_default.te

@@ -18,3 +18,6 @@ get_prop(hal_audio_default, vendor_radio_prop)
 allow hal_audio_default hal_bluetooth_a2dp_hwservice:hwservice_manager find;
 
 dontaudit hal_audio_default default_prop:file { read open getattr map };
+
+# Allow binder calls from audio hal to system app
+binder_call(hal_audio_default, system_app)

sepolicy/vendor/hal_camera_default.te

@@ -31,3 +31,6 @@ set_prop(hal_camera_default, sec_camera_prop)
 allow hal_camera_default system_server:binder call;
 
 allow hal_camera_default rild:unix_stream_socket connectto;
+
+# Allow binder calls from camera hal to system app
+binder_call(hal_camera_default, system_app)

sepolicy/vendor/hal_fingerprint_default.te

@@ -22,3 +22,6 @@ allow hal_fingerprint_default vendor_biometrics_data_file:file create_file_perms
 
 # Allow fingerprint HAL to search vendor_sysfs_battery files
 allow hal_fingerprint_default vendor_sysfs_battery:dir search;
+
+# Allow binder calls from fp hal to system app
+binder_call(hal_fingerprint_default, system_app)

sepolicy/vendor/hal_health_default.te

@@ -11,3 +11,6 @@ allow hal_health_default hal_thermal_samsung_hwservice:hwservice_manager find;
 binder_call(hal_health_default, hal_thermal_default)
 
 allow hal_health_default sysfs:file { getattr open read };
+
+# Allow binder calls from health hal to system app 
+binder_call(hal_health_default, system_app)

sepolicy/vendor/hal_memtrack_default.te

@@ -0,0 +1,2 @@
+# Allow binder calls from memtrack hal to system app
+binder_call(hal_memtrack_default, system_app)

sepolicy/vendor/hal_power_default.te

@@ -15,3 +15,6 @@ allow hal_power_default vendor_sysfs_touchscreen_writable:file rw_file_perms;
 # Allow power HAL to to read/write vendor_sysfs_battery
 allow hal_power_default vendor_sysfs_battery:dir r_dir_perms;
 allow hal_power_default vendor_sysfs_battery:file rw_file_perms;
+
+# Allow binder calls from power hal to system app 
+binder_call(hal_power_default, system_app)

sepolicy/vendor/vendor_hal_gnss_qti.te

@@ -5,3 +5,6 @@ allow vendor_hal_gnss_qti vendor_sysfs_battery:dir r_dir_perms;
 allow vendor_hal_gnss_qti hal_gnss_service:service_manager add;
 
 dontaudit vendor_hal_gnss_qti { default_prop system_prop }:file { read open getattr map };
+
+# Allow binder calls from gnss hal to system app
+binder_call(vendor_hal_gnss_qti, system_app)