selinux: grant rx perms to toolbox_exec where needed

AOSP commit a3c97a7660ba ("Only allow toolbox exec where /system
exec was already allowed.") removed domain's rx perms to
toolbox_exec. This breaks a number of domains on angler. Restore
rx perms for toolbox_exec where needed.

Bug: 24341811
Change-Id: I9abf786ffa8f948870b17cf0dcf38e166fa6926b
diff --git a/sepolicy/init-mcfg-sh.te b/sepolicy/init-mcfg-sh.te
index e079910..9b65658 100644
--- a/sepolicy/init-mcfg-sh.te
+++ b/sepolicy/init-mcfg-sh.te
@@ -11,3 +11,6 @@
 
 allow init-mcfg-sh firmware_file:dir r_dir_perms;
 allow init-mcfg-sh firmware_file:file r_file_perms;
+
+# execute toybox/toolbox
+allow init-mcfg-sh toolbox_exec:file rx_file_perms;
diff --git a/sepolicy/init-power-sh.te b/sepolicy/init-power-sh.te
index d8b65f9..39645c1 100644
--- a/sepolicy/init-power-sh.te
+++ b/sepolicy/init-power-sh.te
@@ -17,3 +17,6 @@
 
 # allow writes to sysfs files that have not yet been labeled
 allow init-power-sh sysfs:file rw_file_perms;
+
+# execute toybox/toolbox
+allow init-power-sh toolbox_exec:file rx_file_perms;
diff --git a/sepolicy/netmgrd.te b/sepolicy/netmgrd.te
index 6b89df4..766db17 100755
--- a/sepolicy/netmgrd.te
+++ b/sepolicy/netmgrd.te
@@ -34,3 +34,6 @@
 userdebug_or_eng(`
     allow netmgrd shared_log_device:chr_file rw_file_perms;
 ')
+
+# execute toybox/toolbox
+allow netmgrd toolbox_exec:file rx_file_perms;