pa: Introduce sepolicy exceptions for theme assets

Assets such as composed icons and ringtones need to be accessed
by apps. This patch adds the policy needed to facilitate this.

Change-Id: I0420de579aed0cff5add181cd0a8bf0f2b05d723

sepolicy/app.te

@@ -0,0 +1,3 @@
+# Themed resources (i.e. composed icons)
+allow appdomain theme_data_file:dir r_dir_perms;
+allow appdomain theme_data_file:file r_file_perms;

sepolicy/bootanim.te

@@ -0,0 +1,3 @@
+# Themed resources (bootanimation)
+allow bootanim theme_data_file:dir search;
+allow bootanim theme_data_file:file r_file_perms;

sepolicy/file.te

@@ -0,0 +1,2 @@
+# Themes
+type theme_data_file, file_type, data_file_type;

sepolicy/file_contexts

@@ -6,3 +6,6 @@
 # fsck
 /system/bin/fsck\.ntfs                          u:object_r:fsck_exec:s0
 /system/bin/fsck\.exfat                         u:object_r:fsck_exec:s0
+
+# Themes
+/data/system/theme(/.*)?  u:object_r:theme_data_file:s0

sepolicy/mediaserver.te

@@ -0,0 +1,3 @@
+# Themed resources (i.e. composed icons)
+allow mediaserver theme_data_file:dir r_dir_perms;
+allow mediaserver theme_data_file:file r_file_perms;

sepolicy/system_app.te

@@ -0,0 +1,3 @@
+# Themes
+allow system_app theme_data_file:dir create_dir_perms;
+allow system_app theme_data_file:file create_file_perms;

sepolicy/zygote.te

@@ -1 +1,5 @@
 allow zygote self:capability sys_nice;
+
+# Themes
+allow zygote theme_data_file:file r_file_perms;
+allow zygote theme_data_file:dir r_dir_perms;