Further restrict socket ioctls available to apps

Restrict unix_dgram_socket and unix_stream_socket to a whitelist
for all domains. Remove ioctl permission for netlink_selinux_socket and
netlink_route_socket for netdomain.

Bug: 28171804
Bug: 27424603
Change-Id: I650639115b8179964ae690a39e4766ead0032d2e
6 files changed