Merge "Temporarily whitelisting system domains writing vendor props" into pi-dev

target/board/generic/sepolicy/bootanim.te

@@ -5,4 +5,5 @@ dontaudit bootanim system_data_file:dir read;
 
 allow bootanim graphics_device:chr_file { read ioctl open };
 
+typeattribute bootanim system_writes_vendor_properties_violators;
 set_prop(bootanim, qemu_prop)

target/board/generic/sepolicy/surfaceflinger.te

@@ -1,4 +1,5 @@
 allow surfaceflinger self:process execmem;
 allow surfaceflinger ashmem_device:chr_file execute;
 
+typeattribute surfaceflinger system_writes_vendor_properties_violators;
 set_prop(surfaceflinger, qemu_prop)

target/board/generic/sepolicy/zygote.te

@@ -1,3 +1,4 @@
+typeattribute zygote system_writes_vendor_properties_violators;
 set_prop(zygote, qemu_prop)
 # TODO (b/63631799) fix this access
 # Suppress denials to storage. Webview zygote should not be accessing.