Grant system_server the permission to create its own profile.

When ART Service is enabled, the runtime uses a different strategy to
write profiles: it first creates a temp profile file, and then moves it
to the final location, instead of mutating the file in place. This new
strategy requires the permission to create files. While apps have this
permission, unfortunately, system_server didn't. This CL fixes this
problem.

Bug: 282019264
Test: -
  1. Enable boot image profiling
     (https://source.android.com/docs/core/runtime/boot-image-profiles#configuring-devices)
  2. Snapshot the boot image profile
     (adb shell pm snapshot-profile android)
  3. Dump the boot image profile
     (adb shell profman --dump-only --profile-file=/data/misc/profman/android.prof)
  4. See profile data for services.jar
Ignore-AOSP-First: This change requires updating the 34.0 prebuilt,
  which doesn't exist on AOSP. Will cherry-pick to AOSP later.
Change-Id: Ie24a51f2d40d752164ce14725f122c73432d50c9

prebuilts/api/34.0/private/system_server.te

@@ -1208,6 +1208,7 @@ allow system_server profman_dump_data_file:dir rw_dir_perms;
 
 # On userdebug build we may profile system server. Allow it to write and create its own profile.
 userdebug_or_eng(`
+  allow system_server user_profile_data_file:dir w_dir_perms;
   allow system_server user_profile_data_file:file create_file_perms;
 ')
 # Allow system server to load JVMTI agents under control of a property.

private/system_server.te

@@ -1208,6 +1208,7 @@ allow system_server profman_dump_data_file:dir rw_dir_perms;
 
 # On userdebug build we may profile system server. Allow it to write and create its own profile.
 userdebug_or_eng(`
+  allow system_server user_profile_data_file:dir w_dir_perms;
   allow system_server user_profile_data_file:file create_file_perms;
 ')
 # Allow system server to load JVMTI agents under control of a property.