This one is pretty tricky, and I'm not sure it would be possible. I'll defer to see if someone else replies, but as I see it, the video comes as an independent URL from a youtube CDN as an FLV file with no referer. With no referer, I'm not sure there's a way to identify that it was in the context of Facebook, but I could be wrong. Just prior to requesting the actual video content, there's a request for crossdomain xml files, but that doesn't affect the content. Here's a quick snapshot I took using HttpFox of an embedded youtube video download and the associated headers. Notice no referer header, which is what makes it challenging to identify that within the facebook context.
While I'm not sure about the full context of that exercise in the lab your'e referencing, the purpose of that one looks different than yours. I think in that lab you're trying to deny youtube over facebook, which would be easily done in two rules, first rule to deny youtube, second rule to allow facebook. Or if facebook was already allowed by some "allow outbound" type policy, then one rule, deny youtube. This would deny the embedded videos, since a launch of the embedded video would match as app-ID 'youtube-base' and be denied by the security policy. The user would just see a spinning cursor.
The inverse, allowing embedded video rather than denying it, which is what I believe you might have been after, however, isn't necessarily the same. Since the App ID is not different when embedded vs. not embedded, I don't believe you can differentiate to control just the embedded videos. As mentioned before, the requests for embedded vs non-embedded look exactly the same, so I don't see a way to create a custom App ID for it either. 
Maybe I'm missing something?
