access_vectors: re-organize common file perms

The open, audit_access, execmod, and watch* permissions
are all defined in the COMMON_FILE_PERMS in the kernel
classmap and inherited by all the file-related classes;
we can do the same in the policy by putting them into the
common file declaration.

refpolicy recently similarly reorganized its definitions and added the
watch* permissions to common file, see:
e5dbe75276
c656b97a28
3952ecb4dd

Adding new permissions to the end of the existing classes was only
required for kernels that predate the dynamic class/perm mapping
support (< v2.6.33).

Test: policy still builds

Change-Id: I44a2c3a94c21ed23410b6f807af7f1179e2c1747
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>

private/access_vectors

@@ -27,6 +27,14 @@ common file
 	execute
 	quotaon
 	mounton
+	audit_access
+	open
+	execmod
+	watch
+	watch_mount
+	watch_sb
+	watch_with_perm
+	watch_reads
 }
 
 
@@ -164,14 +172,6 @@ inherits file
 	reparent
 	search
 	rmdir
-	open
-	audit_access
-	execmod
-	watch
-	watch_mount
-	watch_sb
-	watch_with_perm
-	watch_reads
 }
 
 class file
@@ -179,82 +179,26 @@ inherits file
 {
 	execute_no_trans
 	entrypoint
-	execmod
-	open
-	audit_access
-	watch
-	watch_mount
-	watch_sb
-	watch_with_perm
-	watch_reads
 }
 
 class lnk_file
 inherits file
-{
-	open
-	audit_access
-	execmod
-	watch
-	watch_mount
-	watch_sb
-	watch_with_perm
-	watch_reads
-}
 
 class chr_file
 inherits file
 {
 	execute_no_trans
 	entrypoint
-	execmod
-	open
-	audit_access
-	watch
-	watch_mount
-	watch_sb
-	watch_with_perm
-	watch_reads
 }
 
 class blk_file
 inherits file
-{
-	open
-	audit_access
-	execmod
-	watch
-	watch_mount
-	watch_sb
-	watch_with_perm
-	watch_reads
-}
 
 class sock_file
 inherits file
-{
-	open
-	audit_access
-	execmod
-	watch
-	watch_mount
-	watch_sb
-	watch_with_perm
-	watch_reads
-}
 
 class fifo_file
 inherits file
-{
-	open
-	audit_access
-	execmod
-	watch
-	watch_mount
-	watch_sb
-	watch_with_perm
-	watch_reads
-}
 
 class fd
 {