Switch qemud to permissive_or_unconfined().

Switch the qemud domain from unconfined_domain() to
permissive_or_unconfined() so that we can start collecting and
addressing denials in -userdebug/-eng builds.

Also allow access to the serial device.

Change-Id: I9c7a6ddc8c2e64bfc6c5bb896eed1729ab205d60
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>

target/board/generic/sepolicy/qemud.te

@@ -3,4 +3,7 @@ type qemud, domain;
 type qemud_exec, exec_type, file_type;
 
 init_daemon_domain(qemud)
-unconfined_domain(qemud)
+permissive_or_unconfined(qemud)
+
+# Access /dev/ttyS1.
+allow qemud serial_device:chr_file rw_file_perms;