To reduce the likelihood of malicious symlink attacks, neverallow
read access to shell- and app-writable symlinks.

Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
(cherry picked from commit 9d439d3d)

Bug: 21924438
Change-Id: Icf1ccca71ef4395de8be8503359f76f89cc9e1a5