domain: grant write perms to cgroups

Was moved to domain_deprecated. Move back to domain.

Files in /acct/uid/*/tasks are well protected by unix permissions.
No information is leaked with write perms.

Change-Id: I8017e906950cba41ce350bc0892a36269ade8d53

bootanim.te

@@ -18,10 +18,6 @@ allow bootanim audio_device:chr_file rw_file_perms;
 
 allow bootanim surfaceflinger_service:service_manager find;
 
-# For /acct/uid/*/tasks.
-allow bootanim cgroup:dir { search write };
-allow bootanim cgroup:file w_file_perms;
-
 # Allow access to ion memory allocation device
 allow bootanim ion_device:chr_file rw_file_perms;
 

domain.te

@@ -121,6 +121,10 @@ allow domain selinuxfs:file getattr;
 allow domain sysfs:dir search;
 allow domain selinuxfs:filesystem getattr;
 
+# For /acct/uid/*/tasks.
+allow domain cgroup:dir { search write };
+allow domain cgroup:file w_file_perms;
+
 # Almost all processes log tracing information to
 # /sys/kernel/debug/tracing/trace_marker
 # The reason behind this is documented in b/6513400

domain_deprecated.te

@@ -49,10 +49,6 @@ allow domain_deprecated cache_file:dir r_dir_perms;
 allow domain_deprecated cache_file:file { getattr read };
 allow domain_deprecated cache_file:lnk_file r_file_perms;
 
-# For /acct/uid/*/tasks.
-allow domain_deprecated cgroup:dir { search write };
-allow domain_deprecated cgroup:file w_file_perms;
-
 #Allow access to ion memory allocation device
 allow domain_deprecated ion_device:chr_file rw_file_perms;