fix sepolicy denials and move system/bin to /vendor/bin

sepolicy/common/keystore.te

@@ -1,2 +1,3 @@
 allow keystore vfat:dir search;
+allow keystore vfat:file getattr;
 allow keystore vfat:file { open read };

sepolicy/common/mediaserver.te

@@ -5,3 +5,4 @@ allow mediaserver sysfs_camera:dir search;
 allow mediaserver sysfs_camera:file r_file_perms;
 allow mediaserver thermal-engine:unix_stream_socket connectto;
 allow mediaserver vendor_file:file execmod;
+allow mediaserver system_data_file:sock_file write;

sepolicy/common/mm-qcamerad.te

@@ -2,8 +2,9 @@ type_transition mm-qcamerad system_data_file:sock_file camera_socket "cam_socket
 
 #allow mm-qcamerad camera_socket:sock_file create_file_perms;
 
-# Allow mm-qcamera-daemon to create the socket camera_socket
+# Allow mm-qcamera-daemon to create and unlink the socket camera_socket
 allow mm-qcamerad system_data_file:dir w_dir_perms;
+allow mm-qcamerad system_data_file:sock_file unlink;
 
 allow mm-qcamerad sysfs_camera:dir search;
 allow mm-qcamerad sysfs_camera:file rw_file_perms;

sepolicy/common/rild.te

@@ -6,5 +6,6 @@ allow rild radio_data_file:lnk_file read;
 
 allow rild proc_net:file w_file_perms;
 allow rild sysfs_sec:file rw_file_perms;
+allow rild unlabeled:dir search;
 
 allow rild unlabeled:file { getattr open read };

sepolicy/common/wcnss.te

@@ -0,0 +1 @@
+allow wcnss_service efs_file:dir search;