Allow access to /dev/ion and proc_net dir.

Address the following:
01-21 13:35:41.147  5896  5896 W ndroid.music:ui: type=1400 audit(0.0:22): avc: denied { read } for name="ion" dev="tmpfs" ino=1237 scontext=u:r:untrusted_app:s0:c512,c768 tcontext=u:object_r:ion_device:s0 tclass=chr_file permissive=0
01-21 13:35:41.152  5896  5896 E qdmemalloc: open_device: Failed to open ion device - Permission denied
01-21 13:35:41.152  5896  5896 E qdgralloc: Could not mmap handle 0x7f827d7260, fd=55 (Permission denied)
01-21 13:35:41.152  5896  5896 E qdgralloc: gralloc_register_buffer: gralloc_map failed

and

01-22 08:58:47.667  7572  7572 W Thread-23: type=1400 audit(0.0:186): avc: denied { search } for name="xt_qtaguid" dev="proc" ino=4026535741 scontext=u:r:untrusted_app:s0:c512,c768 tcontext=u:object_r:proc_net:s0 tclass=dir permissive=0
01-22 08:58:47.671  7498  7572 I qtaguid : Untagging socket 68 failed errno=-13
01-22 08:58:47.671  7498  7572 W NetworkManagementSocketTagger: untagSocket(68) failed with errno -13

Change-Id: Id4e253879fe0f6daadd04d148a257a10add68d38

app.te

@@ -204,6 +204,8 @@ use_keystore({ appdomain -isolated_app })
 
 allow appdomain console_device:chr_file { read write };
 
+allow { appdomain -isolated_app } ion_device:chr_file rw_file_perms;
+
 ###
 ### CTS-specific rules
 ###

domain.te

@@ -23,6 +23,7 @@ allow domain self:process {
 };
 allow domain self:fd use;
 allow domain proc:dir search;
+allow domain proc_net:dir search;
 allow domain self:dir r_dir_perms;
 allow domain self:lnk_file r_file_perms;
 allow domain self:{ fifo_file file } rw_file_perms;