reduce duplicate SELinux rules

When using domain_trans(init, foo_exec, foo), don't add the
following rule:

  allow foo init:process sigchld;

This is already allowed for all domains in domain.te:

  # Allow reaping by init.
  allow domain init:process sigchld;

So adding it over and over again is redundant and bloats the
policy. More specifically, when I run:

  sepolicy-analyze out/target/product/bullhead/root/sepolicy dups

this change reduces the number of duplicate policy statements
from 461 to 389.

Change-Id: I8632e5649a54f63eb1f79ea6405c4b3f515f544c

system_server.te

@@ -111,9 +111,6 @@ allow system_server node:rawip_socket node_bind;
 # 3rd party VPN clients require a tun_socket to be created
 allow system_server self:tun_socket create_socket_perms;
 
-# Notify init of death.
-allow system_server init:process sigchld;
-
 # Talk to init and various daemons via sockets.
 unix_socket_connect(system_server, installd, installd)
 unix_socket_connect(system_server, lmkd, lmkd)

te_macros

@@ -13,7 +13,7 @@ allow $1 $3:process transition;
 # New domain is entered by executing the file.
 allow $3 $2:file { entrypoint open read execute getattr };
 # New domain can send SIGCHLD to its caller.
-allow $3 $1:process sigchld;
+ifelse($1, `init', `', `allow $3 $1:process sigchld;')
 # Enable AT_SECURE, i.e. libc secure mode.
 dontaudit $1 $3:process noatsecure;
 # XXX dontaudit candidate but requires further study.

ueventd.te

@@ -8,7 +8,6 @@ tmpfs_domain(ueventd)
 type_transition ueventd device:chr_file klog_device "__kmsg__";
 allow ueventd klog_device:chr_file { create open write unlink };
 
-allow ueventd init:process sigchld;
 allow ueventd self:capability { chown mknod net_admin setgid fsetid sys_rawio dac_override fowner };
 allow ueventd device:file create_file_perms;
 allow ueventd device:chr_file rw_file_perms;