Move update_engine rules out of update_engine_common.te

Grant update_engine access to sysfs.
Ran fake ota go/manual-ab-ota, and this denial was fixed:
avc: denied { read } for pid=912 comm="update_engine" name="compatible"
dev="sysfs" ino=17399 scontext=u:r:update_engine:s0
tcontext=u:object_r:sysfs:s0 tclass=file permissive=0

Test: boots with no new denials
Change-Id: I8697da3af254aea1cec44d9dbb1eca18be31859c

public/update_engine.te

@@ -39,3 +39,13 @@ allow update_engine ota_package_file:dir r_dir_perms;
 
 # Use Boot Control HAL
 hal_client_domain(update_engine, hal_bootctl)
+
+# access /proc/misc and /proc/sys/kernel/random/boot_id
+allow update_engine proc:file r_file_perms;
+allow update_engine proc_misc:file r_file_perms;
+
+# read directories on /system and /vendor
+allow update_engine system_file:dir r_dir_perms;
+
+# Read files in /sys
+r_dir_file(update_engine, sysfs)

public/update_engine_common.te

@@ -37,13 +37,3 @@ allow update_engine_common shell_exec:file rx_file_perms;
 
 # Allow update_engine_common to suspend, resume and kill the postinstall program.
 allow update_engine_common postinstall:process { signal sigstop sigkill };
-
-# access /proc/misc and /proc/sys/kernel/random/boot_id
-allow update_engine proc:file r_file_perms;
-allow update_engine proc_misc:file r_file_perms;
-
-# read directories on /system and /vendor
-allow update_engine system_file:dir r_dir_perms;
-
-# Read files in /sys
-r_dir_file(uncrypt, sysfs)