Add support for RS vendor executables.

/vendor/bin/bcc being a dependency of renderscript should be labeled as
same_process_hal_file. To facilitate that we relax neverallow rules for
executing same_process_hal_file from coredomain.

See details on /vendor/bin/bcc:
https://source.android.com/devices/architecture/vndk/renderscript

Bug: n/a
Test: build-time change
Change-Id: Ie996fb863090bf08b3d3ef653da827d0b22937d7

public/domain.te

@@ -1036,7 +1036,10 @@ full_treble_only(`
       coredomain
       -shell
       -system_executes_vendor_violators
-    } vendor_file_type:file execute_no_trans;
+    } {
+      vendor_file_type
+      -same_process_hal_file
+    }:file execute_no_trans;
 ')
 
 # Only authorized processes should be writing to files in /data/dalvik-cache