Grant global read access to /sys/module/tegra_fuse/*

Global read access to /sys was removed from domain.te in commit
https://android-review.googlesource.com/181003 . However, for flounder,
it appears most processes (at least those that use the GPU) need
access to /sys/module/tegra_fuse.

Grant everyone access to read /sys/module/tegra_fuse.

We may want to tighten this up in the future, but since we granted
read access to all of /sys before, there's no regression from previous
android releases.

Bug: 25433265
Bug: 25965160
Bug: 25991309
Change-Id: Ie0568d18695a97a68be270ac817df89cecb1e757
diff --git a/sepolicy/domain.te b/sepolicy/domain.te
new file mode 100644
index 0000000..4ec9a02
--- /dev/null
+++ b/sepolicy/domain.te
@@ -0,0 +1 @@
+r_dir_file(domain, sysfs_tegra_fuse)
diff --git a/sepolicy/file.te b/sepolicy/file.te
index 989b978..bfed33f 100644
--- a/sepolicy/file.te
+++ b/sepolicy/file.te
@@ -9,3 +9,5 @@
 
 #Didim file used by surfaceflinger
 type sysfs_didim, sysfs_type, fs_type;
+
+type sysfs_tegra_fuse, sysfs_type, fs_type;
diff --git a/sepolicy/file_contexts b/sepolicy/file_contexts
index eec0054..1417df1 100644
--- a/sepolicy/file_contexts
+++ b/sepolicy/file_contexts
@@ -84,6 +84,8 @@
 /sys/devices/platform/host1x/tegradc.0/smartdimmer/sd_window u:object_r:sysfs_didim:s0
 /sys/devices/platform/host1x/tegradc.0/smartdimmer/sd_window_enable u:object_r:sysfs_didim:s0
 
+/sys/module/tegra_fuse(/.*)?    u:object_r:sysfs_tegra_fuse:s0
+
 # mmc rpmb
 /dev/block/mmcblk0rpmb                 u:object_r:mmc_rpmb_block_device:s0