priv_app: allow reading /cache symlink

Addresses the following denial:

  avc: denied { read } for name="cache" dev="dm-0" ino=2755
  scontext=u:r:priv_app:s0:c512,c768 tcontext=u:object_r:cache_file:s0
  tclass=lnk_file permissive=0

which occurs when a priv-app attempts to follow the /cache symlink. This
symlink occurs on devices which don't have a /cache partition, but
rather symlink /cache to /data/cache.

Bug: 34644911
Test: Policy compiles.
Change-Id: I9e052aeb0c98bac74fa9225b9253b1537ffa5adc
(cherry picked from commit 21cb045bd5f8715cdad13bc4f242b0e2028bc56d)
diff --git a/private/priv_app.te b/private/priv_app.te
index dc1690c..95ef3e8 100644
--- a/private/priv_app.te
+++ b/private/priv_app.te
@@ -38,6 +38,8 @@
 # Write to /cache.
 allow priv_app { cache_file cache_recovery_file }:dir create_dir_perms;
 allow priv_app { cache_file cache_recovery_file }:file create_file_perms;
+# /cache is a symlink to /data/cache on some devices. Allow reading the link.
+allow priv_app cache_file:lnk_file r_file_perms;
 
 # Write to /data/ota_package for OTA packages.
 allow priv_app ota_package_file:dir rw_dir_perms;