Fix too-broad allows granted to domain

These are wrongly added to microdroid policy while bring up. The
permissions should be restricted to select domains.

Bug: 248478536
Test: atest MicrodroidTests MicrodroidHostTestCases
Change-Id: I9cd94728e84dfd4d69e1bc8e979d204d9d9afbd1

microdroid/system/private/domain.te

@@ -217,9 +217,6 @@ allowxperm domain dev_type:blk_file ioctl { BLKGETSIZE64 BLKSSZGET };
 allow domain apex_mnt_dir:dir { getattr search };
 allow domain apex_mnt_dir:lnk_file r_file_perms;
 
-allow domain self:global_capability_class_set audit_control;
-allow domain self:netlink_audit_socket { create_socket_perms_no_ioctl nlmsg_write };
-
 # globally readable properties
 get_prop(domain, arm64_memtag_prop)
 get_prop(domain, bootloader_prop)

microdroid/system/private/init.te

@@ -435,3 +435,5 @@ use_bootstrap_libs(init)
 allow init fuse:dir { search getattr };
 
 set_prop(init, property_type)
+
+allow init self:netlink_audit_socket { create_socket_perms_no_ioctl nlmsg_relay };