Allow gsid to find and binder-call vold

Bug: 168571434
Test: 1. Install a DSU system.
  2. Boot the DSU system and reboot back to the host system.
  3. Wipe the DSU installation.
  4. DSU metadata key dir /metadata/vold/metadata_encryption/dsu/dsu is
     destroyed.
Change-Id: I229a02abb7bd1f070bb078bdaf89fb27cc4bfa47

private/gsid.te

@@ -9,6 +9,11 @@ init_daemon_domain(gsid)
 binder_use(gsid)
 binder_service(gsid)
 add_service(gsid, gsi_service)
+
+# Manage DSU metadata encryption key through vold.
+allow gsid vold_service:service_manager find;
+binder_call(gsid, vold)
+
 set_prop(gsid, gsid_prop)
 
 # Needed to create/delete device-mapper nodes, and read/write to them.

private/vold.te

@@ -44,3 +44,12 @@ allow vold vold_key:keystore2_key {
     use
 };
 
+neverallow {
+    domain
+    -system_server
+    -vdc
+    -vold
+    -update_verifier
+    -apexd
+    -gsid
+} vold_service:service_manager find;

public/vold.te

@@ -333,15 +333,6 @@ neverallow {
 
 neverallow { domain -vold -init } restorecon_prop:property_service set;
 
-neverallow {
-    domain
-    -system_server
-    -vdc
-    -vold
-    -update_verifier
-    -apexd
-} vold_service:service_manager find;
-
 neverallow vold {
   domain
   -hal_health_storage_server