whitelist getrandom for arc4random usage

arc4random is called by the linker for dlopen to randomize the library
load order, among other uses. It's becoming more widely used over time.
It calls getentropy at regular intervals to reseed itself, which uses
the getrandom system call. This wasn't noticed because it reseeds only
very rarely with typical usage in Android.

This was quickly noticed on CopperheadOS where the hardened allocator
based on OpenBSD malloc uses at least one (often more) byte of entropy
from arc4random for each call to malloc, free, realloc, etc. It's still
needed *eventually* without the hardened allocator but it would take a
lot of plugin loading / unloading, etc. with dlopen / dlclose to hit it
at the moment.

Change-Id: I0a448e833916373871edfc68274ac31e314d54f7

services/mediacodec/seccomp_policy/mediacodec-arm.policy

@@ -52,6 +52,7 @@ sched_setscheduler: 1
 fstatat64: 1
 ugetrlimit: 1
 getdents64: 1
+getrandom: 1
 
 # for attaching to debuggerd on process crash
 sigaction: 1

services/mediaextractor/seccomp_policy/mediaextractor-arm.policy

@@ -39,6 +39,7 @@ getgid32: 1
 getegid32: 1
 getgroups32: 1
 nanosleep: 1
+getrandom: 1
 
 # for FileSource
 readlinkat: 1

services/mediaextractor/seccomp_policy/mediaextractor-arm64.policy

@@ -28,6 +28,7 @@ exit_group: 1
 rt_sigreturn: 1
 getrlimit: 1
 nanosleep: 1
+getrandom: 1
 
 # for FileSource
 readlinkat: 1

services/mediaextractor/seccomp_policy/mediaextractor-x86.policy

@@ -37,6 +37,7 @@ getgid32: 1
 getegid32: 1
 getgroups32: 1
 nanosleep: 1
+getrandom: 1
 
 # for FileSource
 readlinkat: 1