Restore app_domain macro and move to private use.

app_domain was split up in commit: 2e00e637 to
enable compilation by hiding type_transition rules from public policy.  These
rules need to be hidden from public policy because they describe how objects are
labeled, of which non-platform should be unaware.  Instead of cutting apart the
app_domain macro, which non-platform policy may rely on for implementing new app
types, move all app_domain calls to private policy.

Bug: 33428593
Test: bullhead and sailfish both boot. sediff shows no policy change.
Change-Id: I4beead8ccc9b6e13c6348da98bb575756f539665

public/system_app.te

@@ -4,7 +4,7 @@
 # server.
 #
 type system_app, domain, domain_deprecated;
-app_domain(system_app)
+
 net_domain(system_app)
 binder_service(system_app)
 

public/te_macros

@@ -95,6 +95,10 @@ tmpfs_domain($1)
 # Allow a base set of permissions required for all apps.
 define(`app_domain', `
 typeattribute $1 appdomain;
+# Label ashmem objects with our own unique type.
+tmpfs_domain($1)
+# Map with PROT_EXEC.
+allow $1 $1_tmpfs:file execute;
 ')
 
 #####################################

public/untrusted_app.te

@@ -21,7 +21,7 @@
 ###
 
 type untrusted_app, domain;
-app_domain(untrusted_app)
+
 net_domain(untrusted_app)
 bluetooth_domain(untrusted_app)