cm: sepolicy: Create central place for QC-specific policy

* We have a number of policy items due to changes in our BSPs or for
   other things which interact with the QC sepolicy. Add a place
   for us to store this stuff so we don't need to copy it around to
   every device.

Change-Id: I155ca202694501d42b42e2bd703d74049d547df0

sepolicy/qcom/bootanim.te

@@ -0,0 +1,3 @@
+allow bootanim mpctl_socket:dir search;
+unix_socket_connect(bootanim, mpctl, perfd)
+unix_socket_send(bootanim, mpctl, perfd)

sepolicy/qcom/perfd.te

@@ -0,0 +1,6 @@
+allow perfd sysfs_devices_system_iosched:file rw_file_perms;
+unix_socket_connect(perfd, thermal, thermal-engine)
+
+# read mediaserver status
+allow perfd mediaserver:file { read open };
+

sepolicy/qcom/sepolicy.mk

@@ -0,0 +1,2 @@
+BOARD_SEPOLICY_DIRS += \
+    vendor/cm/sepolicy/qcom

sepolicy/qcom/system_server.te

@@ -0,0 +1,6 @@
+# LiveDisplay access to color calibration
+allow system_server pps_socket:sock_file rw_file_perms;
+allow system_server mm-pp-daemon:unix_stream_socket connectto;
+
+# Time services
+allow system_server time_daemon:unix_stream_socket connectto;