Restore netdomain allow rules.

Change I4be1c987a5d69ac784a56d42fc2c9063c402de11 removed all
netdomain allow rules at the same time domains were made unconfined.
Prior to that change, any domain that used the net_domain() macro
would be granted permissions required to use the network via these rules.
The change made the netdomain attribute unused in any rules, thereby
rendering the net_domain() calls pointless and requiring the allow
rules to be duplicated for any domain requiring network access. There
are two ways to resolve this inconsistency:
1.  Restore the netdomain rules as in this change.  In that case,
some rules in app.te can be removed as they are redundant with these rules.
-or-
2.  Completely remove the netdomain attribute, the net_domain() macro,
and all calls to it.  In that case, each domain that requires network
access will need to duplicate these rules or the necessary subset in order
to function.

Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>

Change-Id: Ia54f0cd0bbda5c510423b1046626bd50f79ed7b6

net.te

@@ -2,3 +2,17 @@
 type node, node_type;
 type netif, netif_type;
 type port, port_type;
+
+# Use network sockets.
+allow netdomain self:{ tcp_socket udp_socket } *;
+# Connect to ports.
+allow netdomain port_type:tcp_socket name_connect;
+# Bind to ports.
+allow netdomain node_type:{ tcp_socket udp_socket } node_bind;
+allow netdomain port_type:udp_socket name_bind;
+allow netdomain port_type:tcp_socket name_bind;
+# Get route information.
+allow netdomain self:netlink_route_socket { create bind read nlmsg_read };
+
+# Talks to netd via dnsproxyd socket.
+unix_socket_connect(netdomain, dnsproxyd, netd)