support kernel writes to external SDcards

The kernel, when it creates a loop block device, starts a new
kernel thread "loop0" (drivers/block/loop.c). This kernel thread,
which performs writes on behalf of other processes, needs read/write
privileges to the sdcard. Allow it.

Steps to reproduce:
0) Get device with external, removable sdcard
1) Run: "adb install -s foo.apk"

Expected:

  APK installs successfully.

Actual:

  APK fails to install. Error message:

    Vold  E  Failed to write superblock (I/O error)
    loop0  W  type=1400 audit(0.0:3123): avc: denied { read } for path="/mnt/secure/asec/smdl1645334795.tmp.asec" dev="mmcblk1p1" ino=528 scontext=u:r:kernel:s0 tcontext=u:object_r:vfat:s0 tclass=file permissive=0
    PackageHelper  E  Failed to create secure container smdl1645334795.tmp
    DefContainer  E  Failed to create container smdl1645334795.tmp

Bug: 17158723

(cherry picked from commit 4c6b13508d)

Change-Id: Iea727ac7958fc31d85a037ac79badbe9c85693bd

kernel.te

@@ -34,8 +34,9 @@ dontaudit kernel self:security setenforce;
 # Set checkreqprot by init.rc prior to switching to init domain.
 allow kernel self:security setcheckreqprot;
 
-# MTP sync
-allow kernel fuse:file { read write };
+# MTP sync (b/15835289)
+# kernel thread "loop0", used by the loop block device, for ASECs (b/17158723)
+allow kernel sdcard_type:file { read write };
 
 ###
 ### neverallow rules