Temporarily whitelisting system domains writing vendor props

system properties must not be used as a communication channel in between
system and vendor processes. However, there has been no enforcement on
this: system process could write system properties that are owned and
read by vendor processes and vice versa. Such communication should be
done over hwbinder and should be formally specified in HIDL.

Until we finish migrating the existing use cases of sysprops to HIDL,
whitelisting them in system_writes_vendor_properties_violators so that
the violators are clearly tracked.

These violators are allowed only for P, but not for Q.

Bug: 78598545
Test: m -j selinux_policy when choosecombo'ed to aosp_arm64
Merged-In: I8f66aa20bb2d926cf517d40c93f4300c4d16b04b
Change-Id: I8f66aa20bb2d926cf517d40c93f4300c4d16b04b
(cherry picked from commit bb1432b61b)

target/board/generic/sepolicy/bootanim.te

@@ -5,4 +5,5 @@ dontaudit bootanim system_data_file:dir read;
 
 allow bootanim graphics_device:chr_file { read ioctl open };
 
+typeattribute bootanim system_writes_vendor_properties_violators;
 set_prop(bootanim, qemu_prop)

target/board/generic/sepolicy/surfaceflinger.te

@@ -1,4 +1,5 @@
 allow surfaceflinger self:process execmem;
 allow surfaceflinger ashmem_device:chr_file execute;
 
+typeattribute surfaceflinger system_writes_vendor_properties_violators;
 set_prop(surfaceflinger, qemu_prop)

target/board/generic/sepolicy/zygote.te

@@ -1,3 +1,4 @@
+typeattribute zygote system_writes_vendor_properties_violators;
 set_prop(zygote, qemu_prop)
 # TODO (b/63631799) fix this access
 # Suppress denials to storage. Webview zygote should not be accessing.