kernel: grant perms from domain_deprecated

In preparation of removing permissions from domain_deprecated.

Addresses:
avc: denied { read } for name="enforce" dev="selinuxfs" ino=4 scontext=u:r:kernel:s0 tcontext=u:object_r:selinuxfs:s0 tclass=file permissive=1
avc: denied { open } for path="/sys/fs/selinux/enforce" dev="selinuxfs" ino=4 scontext=u:r:kernel:s0 tcontext=u:object_r:selinuxfs:s0 tclass=file permissive=1
avc: denied { read } for name="selinux_version" dev="rootfs" ino=4765 scontext=u:r:kernel:s0 tcontext=u:object_r:rootfs:s0 tclass=file permissive=1
avc: denied { open } for path="/selinux_version" dev="rootfs" ino=4765 scontext=u:r:kernel:s0 tcontext=u:object_r:rootfs:s0 tclass=file permissive=1
avc: denied { getattr } for path="/selinux_version" dev="rootfs" ino=4765 scontext=u:r:kernel:s0 tcontext=u:object_r:rootfs:s0 tclass=file permissive=1

Change-Id: I62cbffe85941677283d3b7bf8fc1c437671569a3

kernel.te

@@ -3,6 +3,15 @@ type kernel, domain, domain_deprecated, mlstrustedsubject;
 
 allow kernel self:capability sys_nice;
 
+# Root fs.
+allow kernel rootfs:dir r_dir_perms;
+allow kernel rootfs:file r_file_perms;
+allow kernel rootfs:lnk_file r_file_perms;
+
+# Get SELinux enforcing status.
+allow kernel selinuxfs:dir r_dir_perms;
+allow kernel selinuxfs:file r_file_perms;
+
 # Allow init relabel itself.
 allow kernel rootfs:file relabelfrom;
 allow kernel init_exec:file relabelto;