Add permissions required to install the DSU to a SD card

Bug: 171861574
Test: execute following command on a device with a SD card inserted
       adb shell am start-activity \
        -n com.android.dynsystem/com.android.dynsystem.VerificationActivity \
        -a android.os.image.action.START_INSTALL \
        -d file:///storage/emulated/0/Download/system.raw.gz \
        --el KEY_SYSTEM_SIZE $(du -b system.raw|cut -f1) \
        --el KEY_USERDATA_SIZE 4294967296

Change-Id: I5c1c170ade9c570c7dab7cb7aff5f099db4b3d8c

private/gsid.te

@@ -64,10 +64,11 @@ allowxperm gsid { userdata_block_device sdcard_block_device }:blk_file ioctl {
 # When installing images to an sdcard, gsid needs to be able to stat() the
 # block device. gsid also calls realpath() to remove symlinks.
 allow gsid mnt_media_rw_file:dir r_dir_perms;
+allow gsid mnt_media_rw_stub_file:dir r_dir_perms;
 
 # When installing images to an sdcard, gsid must bypass sdcardfs and install
 # directly to vfat, which supports the FIBMAP ioctl.
-allow gsid vfat:dir rw_dir_perms;
+allow gsid vfat:dir create_dir_perms;
 allow gsid vfat:file create_file_perms;
 allow gsid sdcard_block_device:blk_file r_file_perms;
 # This is needed for FIBMAP unfortunately. Oddly FIEMAP does not carry this

private/kernel.te

@@ -30,3 +30,4 @@ allow kernel random_device:chr_file relabelto;
 allow kernel snapuserd_exec:file relabelto;
 
 allow kernel kmsg_device:chr_file write;
+allow kernel gsid:fd use;