Sync with seandroid branch.

 	file_contexts \
 	genfs_contexts \
 	adbd.te \
-	app.te \
 	device.te \
 	domain.te \
 	healthd.te \
 	gpsd.te \
 	file.te \
 	mediaserver.te \
-	surfaceflinger.te \

File sepolicy/app.te

-allow appdomain mali_device:chr_file rw_file_perms;
-allow appdomain ion_device:chr_file w_file_perms;

File sepolicy/file_contexts

-# label graphics device with a new type, we need
-# to allow write operation from appdomain
-/dev/mali0              u:object_r:mali_device:s0
+/dev/mali0              u:object_r:gpu_device:s0
 /dev/bcm2079x           u:object_r:nfc_device:s0
 /dev/ttySAC0            u:object_r:hci_attach_dev:s0

File sepolicy/surfaceflinger.te

-allow surfaceflinger appdomain:fd use;
-allow surfaceflinger mali_device:chr_file rw_file_perms;

File sepolicy/system_server.te

-allow system_server mali_device:chr_file rw_file_perms;
 # Label the .gps.interface.pipe.to_jni pipe with gps_data_file.
 type_transition system_server system_data_file:fifo_file gps_data_file ".gps.interface.pipe.to_jni";