SELinux policy for reading system ion heap size

The policy is only for userdebug or eng builds to verify usefulness of
ion heap size measuring in practice.

The size of the system ion heap is read by the system server similarly
to other memory measurements.

Example /sys/kernel/debug/ion/heaps/system (repeated lines removed):
          client              pid             size
----------------------------------------------------
 audio@2.0-servi              765             4096
 audio@2.0-servi              765            61440
 audio@2.0-servi              765             4096
     voip_client               96             8192
     voip_client               96             4096
   system_server             1232         16728064
  surfaceflinger              611         50642944
----------------------------------------------------
orphaned allocations (info is from last known client):
----------------------------------------------------
  total orphaned                0
          total          55193600
   deferred free                0
----------------------------------------------------
0 order 4 highmem pages in uncached pool = 0 total
0 order 4 lowmem pages in uncached pool = 0 total
1251 order 4 lowmem pages in cached pool = 81985536 total
VMID 8: 0 order 4 highmem pages in secure pool = 0 total

Test: m -j
Test: Pulling statsd metric returns non-zero value
Bug: 128412961
Change-Id: If123071d253235c4dcaf18474b9db5f2eef84d12
diff --git a/private/genfs_contexts b/private/genfs_contexts
new file mode 100644
index 0000000..8a9b749
--- /dev/null
+++ b/private/genfs_contexts
@@ -0,0 +1 @@
+genfscon debugfs /ion/heaps/system                    u:object_r:debugfs_system_ion_heap:s0
diff --git a/private/system_server.te b/private/system_server.te
new file mode 100644
index 0000000..7e0bba4
--- /dev/null
+++ b/private/system_server.te
@@ -0,0 +1,5 @@
+userdebug_or_eng(`
+  # Read /sys/kernel/debug/ion/heaps/system.
+  allow system_server debugfs_system_ion_heap:file r_file_perms;
+')
+dontaudit system_server debugfs_system_ion_heap:file r_file_perms;
diff --git a/public/file.te b/public/file.te
new file mode 100644
index 0000000..95ecad0
--- /dev/null
+++ b/public/file.te
@@ -0,0 +1 @@
+type debugfs_system_ion_heap, fs_type, debugfs_type;