SELinux changes for AppFuse

We are moving AppFuse mount from system_server's mount namespace to
vold. Hence, we could reduce the SELinux permissions given to
system_server, in the expense of adding allow rules to vold and
letting appdomain have access to vold's fd.

Bug: 110379912
Test: testOpenProxyFileDescriptor passes (after vold and
system_server code changes)

Change-Id: I4731a8ec846c5cb84ec4b680d51938494e8ddd75

private/system_server.te

@@ -740,8 +740,7 @@ userdebug_or_eng(`
 # For AppFuse.
 allow system_server vold:fd use;
 allow system_server fuse_device:chr_file { read write ioctl getattr };
-allow system_server app_fuse_file:dir rw_dir_perms;
-allow system_server app_fuse_file:file { read write open getattr append };
+allow system_server app_fuse_file:file { read write getattr };
 
 # For configuring sdcardfs
 allow system_server configfs:dir { create_dir_perms };

public/app.te

@@ -55,6 +55,9 @@ allow appdomain system_server:fifo_file rw_file_perms;
 allow appdomain system_server:unix_stream_socket { read write setopt getattr getopt shutdown };
 allow appdomain system_server:tcp_socket { read write getattr getopt shutdown };
 
+# For AppFuse.
+allow appdomain vold:fd use;
+
 # Communication with other apps via fifos
 allow appdomain appdomain:fifo_file rw_file_perms;
 

public/vold.te

@@ -223,6 +223,8 @@ allow vold fuse_device:chr_file rw_file_perms;
 allow vold fuse:filesystem { relabelfrom };
 allow vold app_fusefs:filesystem { relabelfrom relabelto };
 allow vold app_fusefs:filesystem { mount unmount };
+allow vold app_fuse_file:dir rw_dir_perms;
+allow vold app_fuse_file:file { read write open getattr append };
 
 # MoveTask.cpp executes cp and rm
 allow vold toolbox_exec:file rx_file_perms;