dex2oat: fix forward locked apps

dex2oat can't access file descriptors associated with asec_apk_files.
This breaks installing forward locked apps, and generates the following

  type=1400 audit(0.0:18): avc: denied { read } for path="/mnt/asec/" dev="dm-0" ino=12 scontext=u:r:dex2oat:s0 tcontext=u:object_r:asec_apk_file:s0 tclass=file

Steps to reproduce:

  $ adb install -r -l SimpleJNI.apk


  app installs


  app fails to install.

Bug: 16328233

(cherry picked from commit 5259c5e61625c4bd45b96c1712977dc2cde9e555)

Change-Id: I1969b9ae8d2187f4860587f7ff42d16139657b5b
diff --git a/dex2oat.te b/dex2oat.te
index 51acc86..164e89c 100644
--- a/dex2oat.te
+++ b/dex2oat.te
@@ -4,3 +4,6 @@
 allow dex2oat dalvikcache_data_file:file write;
 allow dex2oat installd:fd use;
+# Read already open asec_apk_file file descriptors passed by installd.
+allow dex2oat asec_apk_file:file read;