sm6250-common: Add sepolicy for kernel to access /data/per_boot/zram_swap

type=1400 audit(0.0:4): avc: denied { read } for path="/data/per_boot/zram_swap" dev="dm-5" ino=29313 scontext=u:r:kernel:s0 tcontext=u:object_r:system_data_file:s0 tclass=file permissive=0

Bug: 147469156
Test: flash full build and find avc errors gone
Change-Id: I338040c9166ddd5eb2f06d7cba1aee85da988c53
Signed-off-by: Mimi Wu <mimiwu@google.com>
Signed-off-by: Albert I <kras@raphielgang.org>

sepolicy/vendor/file.te

@@ -4,6 +4,8 @@ type camera_persist_file, file_type, vendor_persist_type;
 
 type fingerprint_data_file, data_file_type, file_type, vendor_persist_type;
 
+type per_boot_file, file_type, data_file_type, core_data_file_type;
+
 type persist_subsys_file, vendor_persist_type, file_type;
 
 type public_adsprpcd_file, file_type;

sepolicy/vendor/file_contexts

@@ -28,6 +28,9 @@
 # Lights
 /vendor/bin/hw/android\.hardware\.lights-service\.xiaomi_atoll          u:object_r:hal_light_default_exec:s0
 
+# Per-boot files
+/data/per_boot(/.*)?                                                    u:object_r:per_boot_file:s0
+
 # Persist subsystem
 /mnt/vendor/persist/subsys(/.*)?                                        u:object_r:persist_subsys_file:s0
 

sepolicy/vendor/kernel.te

@@ -0,0 +1,2 @@
+# For zram writeback
+allow kernel per_boot_file:file r_file_perms;