system_server: remove old dalvik JIT rules on user/userdebug builds

On user and userdebug builds, system_server only loads executable
content from /data/dalvik_cache and /system. JITing for system_server
is only supported on eng builds. Remove the rules for user and
userdebug builds.

Going forward, the plan of record is that system_server will never
use JIT functionality, instead using dex2oat or interpreted mode.

Inspired by https://android-review.googlesource.com/98944

Change-Id: I54515acaae4792085869b89f0d21b87c66137510

system_server.te

@@ -7,10 +7,12 @@ type system_server, domain, mlstrustedsubject;
 # Define a type for tmpfs-backed ashmem regions.
 tmpfs_domain(system_server)
 
-# Dalvik Compiler JIT Mapping.
-allow system_server self:process execmem;
-allow system_server ashmem_device:chr_file execute;
-allow system_server system_server_tmpfs:file execute;
+eng(`
+  # JIT mappings
+  allow system_server self:process execmem;
+  allow system_server ashmem_device:chr_file execute;
+  allow system_server system_server_tmpfs:file execute;
+')
 
 # For art.
 allow system_server dalvikcache_data_file:file execute;

te_macros

@@ -311,6 +311,7 @@ define(`recovery_only', ifelse(target_recovery, `true', $1, ))
 # SELinux rules which apply only to userdebug or eng builds
 #
 define(`userdebug_or_eng', ifelse(target_build_variant, `eng', $1, ifelse(target_build_variant, `userdebug', $1)))
+define(`eng', ifelse(target_build_variant, `eng', $1))
 
 #####################################
 # write_logd(domain)