Add betterbug folder to gs-common

Better Bug was previously labeled as priv_app, here we kept the same 'type=privapp_data_file levelFrom=user'

Copied some Better Bug used rules from system/sepolicy/private/priv_app.te.
(https://source.corp.google.com/h/googleplex-android/platform/superproject/main/+/main:system/sepolicy/private/priv_app.te;l=1?q=priv_app.te)

Test: local test
Bug: 322543833
Change-Id: Ia029e855dd46e65b9eec31835ccaabb3cb903058

betterbug/betterbug.mk

@@ -0,0 +1,5 @@
+PRODUCT_PACKAGES += BetterBugStub
+PRODUCT_PACKAGES_DEBUG += BetterBug
+
+PRODUCT_PUBLIC_SEPOLICY_DIRS += device/google/gs-common/betterbug/sepolicy/product/public
+PRODUCT_PRIVATE_SEPOLICY_DIRS += device/google/gs-common/betterbug/sepolicy/product/private

betterbug/sepolicy/product/private/better_bug_app.te

@@ -0,0 +1,47 @@
+typeattribute better_bug_app coredomain;
+
+app_domain(better_bug_app)
+net_domain(better_bug_app)
+
+allow better_bug_app app_api_service:service_manager find;
+allow better_bug_app mediaserver_service:service_manager find;
+allow better_bug_app radio_service:service_manager find;
+allow better_bug_app system_api_service:service_manager find;
+
+allow better_bug_app privapp_data_file:file execute;
+allow better_bug_app privapp_data_file:lnk_file r_file_perms;
+allow better_bug_app shell_data_file:file r_file_perms;
+allow better_bug_app shell_data_file:dir r_dir_perms;
+
+# Allow traceur to pass file descriptors through a content provider to betterbug
+allow better_bug_app trace_data_file:file { getattr read };
+
+# Allow betterbug to read profile reports generated by profcollect.
+userdebug_or_eng(`
+  allow better_bug_app profcollectd_data_file:file r_file_perms;
+')
+
+# Allow BetterBug access to WM traces attributes
+allow better_bug_app wm_trace_data_file:dir r_dir_perms;
+allow better_bug_app wm_trace_data_file:file getattr;
+
+# Allow the bug reporting frontend to read the presence and timestamp of the
+# trace attached to the bugreport (but not its contents, which will go in the
+# usual bugreport .zip file). This is used by the bug reporting UI to tell if
+# the bugreport will contain a system trace or not while the bugreport is still
+# in progress.
+allow better_bug_app perfetto_traces_bugreport_data_file:dir r_dir_perms;
+allow better_bug_app perfetto_traces_bugreport_data_file:file { getattr };
+
+# Allow BetterBug to receive Perfetto traces through the framework
+# (i.e. TracingServiceProxy) and sendfile them into their private
+# directories for reporting when network and battery conditions are
+# appropriate.
+allow better_bug_app perfetto:fd use;
+allow better_bug_app perfetto_traces_data_file:file { read getattr };
+
+# Allow BetterBug to set property to start vendor.touch_dumpstate
+set_prop(better_bug_app, ctl_start_prop)
+
+# Allow BetterBug to read system boot reason
+get_prop(better_bug_app, system_boot_reason_prop)

betterbug/sepolicy/product/private/seapp_contexts

@@ -0,0 +1,2 @@
+# BetterBug
+user=_app isPrivApp=true name=com.google.android.apps.internal.betterbug domain=better_bug_app type=privapp_data_file levelFrom=user

betterbug/sepolicy/product/public/better_bug_app.te

@@ -0,0 +1 @@
+type better_bug_app, domain;