Allow execmem and ashmem_device execute as required.

bootanim requires execmem.
bootanim and surfaceflinger requires execute to ashmem_device.

Change-Id: I3b4964c5acd31a44ce81672077c70353a375c072
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>

target/board/generic/BoardConfig.mk

@@ -76,4 +76,7 @@ BOARD_FLASH_BLOCK_SIZE := 512
 TARGET_USERIMAGES_SPARSE_EXT_DISABLED := true
 
 BOARD_SEPOLICY_DIRS += build/target/board/generic/sepolicy
-BOARD_SEPOLICY_UNION += domain.te surfaceflinger.te
+BOARD_SEPOLICY_UNION += \
+        bootanim.te \
+        domain.te \
+        surfaceflinger.te

target/board/generic/sepolicy/bootanim.te

@@ -0,0 +1,2 @@
+allow bootanim self:process execmem;
+allow bootanim ashmem_device:chr_file execute;

target/board/generic/sepolicy/surfaceflinger.te

@@ -1 +1,2 @@
 allow surfaceflinger self:process execmem;
+allow surfaceflinger ashmem_device:chr_file execute;