Revert "Revert "Exclude vendor_modprobe from debugfs neverallow restrictions""

This reverts commit 231c04b2b9.

Now that b/186727553 is fixed, it should be safe to revert this revert.

Test: build
Bug: 184381659
Change-Id: If26ba23df19e9854a121bbcf10a027c738006515

private/compat/30.0/30.0.ignore.cil

@@ -138,6 +138,7 @@
     vcn_management_service
     vd_device
     vendor_kernel_modules
+    vendor_modprobe
     vibrator_manager_service
     virtualization_service
     vpn_management_service

private/domain.te

@@ -524,9 +524,12 @@ neverallow {
 
 # debugfs_kcov type is not included in this neverallow statement since the KCOV
 # tool uses it for kernel fuzzing.
+# vendor_modprobe is also exempted since the kernel modules it loads may create
+# debugfs files in its context.
 enforce_debugfs_restriction(`
   neverallow {
     domain
+    -vendor_modprobe
     userdebug_or_eng(`
       -init
       -hal_dumpstate

public/vendor_modprobe.te

@@ -0,0 +1 @@
+type vendor_modprobe, domain;

vendor/vendor_modprobe.te

@@ -1,5 +1,3 @@
-type vendor_modprobe, domain;
-
 # For the use of /vendor/bin/modprobe from vendor init.rc fragments
 domain_trans(init, vendor_toolbox_exec, vendor_modprobe)