auditallow priv_app app_data_file execution

In general, apps shouldn't be executing data from their writable data
directories. Allowing this is a security risk and use cases for this are
almost always anti-patterns where saner alternatives are available such
as using one of the standard systems for shipping libraries (extracted
by the package manager or aligned/uncompressed in the apk) or using the
existing package system to handle plugins. It's reasonable for the
untrusted_app domain to have this (not just for backwards compatibility)
for priv_app should be held to a higher standard.

Ideally, untrusted apps would be able to opt-in to disabling this and
then the default could then be switched at a new API level. It could do
more than just hardening apps not requiring it by having documentation
explain the risks and offer alternatives to reduce 'legitimate' use. The
base system could disable it for all of the bundled untrusted apps.

Change-Id: I4efcfaf01c6b6c33c39e98c22a1934e8892e2147

public/priv_app.te

@@ -14,6 +14,7 @@ allow priv_app self:process ptrace;
 # Some apps ship with shared libraries and binaries that they write out
 # to their sandbox directory and then execute.
 allow priv_app app_data_file:file rx_file_perms;
+auditallow priv_app app_data_file:file { execute execute_no_trans };
 
 # android.process.media uses /dev/mtp_usb
 allow priv_app mtp_device:chr_file rw_file_perms;