Fixes the following denials:
avc: denied { getattr } for path="/dev/dma_heap/system" dev="tmpfs"
ino=534 scontext=u:r:mediatranscoding:s0
tcontext=u:object_r:dmabuf_system_heap_device:s0 tclass=chr_file
permissive=0
Bug: 185867872
Test: No more DMA-BUF heap related denials from
CtsMediaTranscodingTestCases
Change-Id: I45b57b45e0db996f08b82618dcd085ba0f7e6ef6
Once b/186727553 is fixed, booting GSI on cuttlefish will no longer load
cuttlefish's system_ext sepolicy. These domains are all private and
hence the permissions are being added to system/sepolicy to avoid
making them public(especially mediatranscoding that was changed from
public to private in Android S).
Test: build, boot
Change-Id: I4a78030015fff147545bb627c9e62afbd0daa9d7