Temporarily relax Zygote storage mounting rules.

In the kernel, sdcardfs wraps the contents of /data/media, which has
the label "media_rw_data_file".  As part of this wrapping, it should
change the label to be "sdcardfs", but we've seen evidence that this
isn't always happening.

To temporarily unblock dogfooding while we continue investigating,
relax rules to allow Zygote to mount from either "sdcardfs" or
"media_rw_data_file", which as described above, are technically

Bug: 123533205
Test: manual
Change-Id: Id633337095c0a3b69d9b8652bcc3327810339cf3
(cherry picked from commit 704fa800de1b895acf5b79e0f0cd9b91739933a2)
diff --git a/private/zygote.te b/private/zygote.te
index 9f8a348..ab86f89 100644
--- a/private/zygote.te
+++ b/private/zygote.te
@@ -97,7 +97,10 @@
 # Allowed to mount user-specific storage into place
 allow zygote storage_file:dir { search mounton };
 # Allow mounting on sdcardfs dirs
-allow zygote sdcardfs:dir { search mounton };
+# TODO: reduce this back to only sdcardfs once b/123533205 is root-caused
+# (Technically "sdcardfs" and "media_rw_data_file" are equivalent, since
+# sdcardfs simply wraps files stored under /data/media.)
+allow zygote { sdcardfs media_rw_data_file }:dir { search mounton };
 # Handle --invoke-with command when launching Zygote with a wrapper command.
 allow zygote zygote_exec:file rx_file_perms;