Re-introduce camera_device type

(cherry-picked from commit cc8a09f5ce)

camera_device was previously removed in AOSP commit: b7aace2d
"camera_device: remove type and add typealias" because the
same domains required access to both without exception, meaning
there was no benefit to distinguishing between the two. However,
with the split up of mediaserver this is no longer the case and
distinguishing between the camera and video  provides a legitimate
security benefit. For example, the mediacodec domain requires access
to the video_device for access to hardware accelerated codecs but does
not require access to the camera.

Bug: 28359909
Change-Id: I8a4592722d8e6391c0e91b440914284b7245e232

app.te

@@ -251,11 +251,12 @@ neverallow appdomain dev_type:blk_file { read write };
 # Access to any of the following character devices.
 neverallow appdomain {
     audio_device
-    video_device
+    camera_device
     dm_device
-    radio_device
     gps_device
+    radio_device
     rpmsg_device
+    video_device
 }:chr_file { read write };
 
 # Note: Try expanding list of app domains in the future.

device.te

@@ -6,6 +6,7 @@ type ashmem_device, dev_type, mlstrustedobject;
 type audio_device, dev_type;
 type binder_device, dev_type, mlstrustedobject;
 type block_device, dev_type;
+type camera_device, dev_type;
 type dm_device, dev_type;
 type loop_device, dev_type;
 type pmsg_device, dev_type, mlstrustedobject;