Add SEPolicy for vendor_camera_isp_service

Allows the Camera HAL to start a new ISP Service.

avc message:
07-31 17:08:46.990   536   536 E SELinux : avc:  denied  { add } for
pid=8308 uid=1000 name=com.google.pixel.camera.isp.IIspService/default
scontext=u:r:hal_camera_default:s0
tcontext=u:object_r:default_android_service:s0 tclass=service_manager
permissive=0

Bug: 293447476
Test: verify no avc errors and ISP Service starts
Test: atest liblyric.services_isp_service_test
Change-Id: Icbd07820d3323c09868d0249c1ef9d7f2952751e

camera/sepolicy/hal_camera_default.te

@@ -7,3 +7,6 @@ allow hal_camera_default hal_pixel_remote_camera_service:service_manager find;
 binder_call(hal_camera_default, vendor_pbcs_app);
 
 binder_call(hal_camera_default, vendor_pcs_app);
+
+# Allow Lyric HAL to start ISP Service
+add_service(hal_camera_default, vendor_camera_isp_service)

camera/sepolicy/service.te

@@ -3,3 +3,5 @@ type vendor_camera_binder_service, hal_service_type, protected_service, service_
 type hal_pixel_remote_camera_service, hal_service_type, protected_service, service_manager_type;
 
 type vendor_camera_lyricconfigprovider_service, hal_service_type, protected_service, service_manager_type;
+
+type vendor_camera_isp_service, hal_service_type, protected_service, service_manager_type;

camera/sepolicy/service_contexts

@@ -3,3 +3,6 @@ com.google.pixel.camera.services.binder.IServiceBinder/default u:object_r:vendor
 com.google.pixel.camera.connectivity.hal.provider.ICameraProvider/default u:object_r:hal_pixel_remote_camera_service:s0
 
 com.google.pixel.camera.services.lyricconfigprovider.ILyricConfigProvider/default u:object_r:vendor_camera_lyricconfigprovider_service:s0
+
+com.google.pixel.camera.isp.IIspService/default u:object_r:vendor_camera_isp_service:s0
+