Fixing ramdump and removing it from permissive mode

denied { search } for pid=699 comm="ramdump" name="block" dev="tmpfs"
ino=20656 scontext=u:r:ramdump:s0 tcontext=u:object_r:block_device:s0
tclass=dir

denied  { set } for property=debug.htc.ramdump_new_directory pid=690
uid=0 gid=0 scontext=u:r:ramdump:s0 tcontext=u:object_r:debug_prop:s0
tclass=property_service

Bug: 34784662
Bug: 38261729
Test: ramdump functions in enforcing mode
Change-Id: Iceb7043d97f0f7c393075c565a65105b72aa570d

sepolicy/property.te

@@ -11,4 +11,4 @@ type tee_listener_prop, property_type;
 type wc_prop, property_type;
 type thermal_prop, property_type;
 type modem_diag_prop, property_type;
-type tel_mon_prop, property_type;
+type tel_mon_prop, property_type;

sepolicy/property_contexts

@@ -9,6 +9,7 @@ persist.net.doxlat         u:object_r:net_radio_prop:s0
 sys.post_boot.             u:object_r:post_boot_prop:s0
 radio.                     u:object_r:radio_prop:s0
 debug.htc.hrdump           u:object_r:ramdump_prop:s0
+debug.htc.ramdump          u:object_r:ramdump_prop:s0
 persist.sys.crash_rcu      u:object_r:ramdump_prop:s0
 debug.ssrdump              u:object_r:ssr_prop:s0
 persist.sys.cnss.          u:object_r:cnss_diag_prop:s0

sepolicy/ramdump.te

@@ -12,6 +12,7 @@ userdebug_or_eng(`
   allow ramdump ramdump_vendor_data_file:file create_file_perms;
   allow ramdump proc:file r_file_perms;
 
+  allow ramdump block_device:dir search;
   allow ramdump misc_block_device:blk_file rw_file_perms;
   allow ramdump userdata_block_device:blk_file rw_file_perms;
 
@@ -19,6 +20,4 @@ userdebug_or_eng(`
   allow ramdump rootfs:file r_file_perms;
 
   r_dir_file(ramdump, sysfs_type)
-
-  permissive ramdump;
 ')