Ignore the denial when system_other is erased

This CL addresses the following denial, when the system_other
partition is erased. This happens when 1) the device gets an
OTA update and 2) factory reset to wipe userdata partition.

Note that the system_other partition will be mounted under
/postinstall only in the first boot after factory reset.
Also, system_other.img is only included in the factory ROM and
is absent in the OTA package. When it is absent and userdata
is wiped, the mount will fail and triggers the following denials
when both cppreopts.sh and preloads_copy.sh access /postinstall dir.

SELinux denials to address:
  avc: denied { search } for comm="find" name="postinstall" dev="dm-5"
  ino=44 scontext=u:r:preloads_copy:s0
  tcontext=u:object_r:postinstall_mnt_dir:s0 tclass=dir permissive=0

  avc: denied { search } for comm="cppreopts.sh" name="postinstall" dev="dm-5"
  ino=44 scontext=u:r:cppreopts:s0
  tcontext=u:object_r:postinstall_mnt_dir:s0 tclass=dir permissive=0

Bug: 152453231
Test: fastboot erase system_other (e.g., system_b) and fastboot -w
Change-Id: Ie67f02467d5da51b0caba6e8fda56bc2c6bbc944
Merged-In: Ie67f02467d5da51b0caba6e8fda56bc2c6bbc944
(cherry picked from commit 35c2f102f2)

private/cppreopts.te

@@ -25,3 +25,7 @@ allow cppreopts system_file:dir { open read };
 # Allow running the cp command using cppreopts permissions. Needed so we can
 # write into dalvik-cache
 allow cppreopts toolbox_exec:file rx_file_perms;
+
+# Silence the denial when /postinstall cannot be mounted, e.g., system_other
+# is wiped, but cppreopts.sh still runs.
+dontaudit cppreopts postinstall_mnt_dir:dir search;

private/preloads_copy.te

@@ -12,3 +12,7 @@ allow preloads_copy preloads_media_file:file create_file_perms;
 
 # Allow to copy from /postinstall
 allow preloads_copy system_file:dir r_dir_perms;
+
+# Silence the denial when /postinstall cannot be mounted, e.g., system_other
+# is wiped, but preloads_copy.sh still runs.
+dontaudit preloads_copy postinstall_mnt_dir:dir search;