Clean up logspam for cgroup access

These permissions are granted to domain. Remove audit statements
for them in domain deprecated.

avc: granted { search } for pid=905 comm="update_engine" name="/"
dev="cgroup" ino=1 scontext=u:r:update_engine:s0
tcontext=u:object_r:cgroup:s0 tclass=dir duplicate messages suppressed
avc: granted { open } for pid=905 comm="update_engine"
path="/dev/cpuset/foreground/tasks" dev="cgroup" ino=25
scontext=u:r:update_engine:s0 tcontext=u:object_r:cgroup:s0 tclass=file

Test: build and boot Marlin
Change-Id: Ib2a61e5f5476ff761d0e5ecde57ba7a1777a73e9

private/domain_deprecated.te

@@ -253,7 +253,7 @@ auditallow {
   -surfaceflinger
   -system_server
   -zygote
-} cgroup:dir r_dir_perms;
+} cgroup:dir { open getattr read ioctl lock }; # search granted to domain
 auditallow {
   domain_deprecated
   -appdomain
@@ -267,7 +267,21 @@ auditallow {
   -surfaceflinger
   -system_server
   -zygote
-} cgroup:{ file lnk_file } r_file_perms;
+} cgroup:file { getattr read ioctl }; # open and lock granted to domain
+auditallow {
+  domain_deprecated
+  -appdomain
+  -dumpstate
+  -fingerprintd
+  -healthd
+  -inputflinger
+  -installd
+  -keystore
+  -netd
+  -surfaceflinger
+  -system_server
+  -zygote
+} cgroup:lnk_file r_file_perms;
 auditallow {
   domain_deprecated
   -appdomain