update support for polkit agent helper (bsc#1251931)

init_nnp_daemon_domain(policykit_auth_t):
type=AVC msg=audit(..): avc:  denied  { nnp_transition } for  pid=1850 comm="(helper-1)" scontext=system_u:system_r:init_t:s0 tcontext=system_u:system_r:policykit_auth_t:s0 tclass=process2 permissive=0

auth_nnp_domtrans_chkpwd():
type=AVC msg=audit(..): avc:  denied  { nnp_transition } for  pid=2353 comm="polkit-agent-he" scontext=system_u:system_r:policykit_auth_t:s0 tcontext=system_u:system_r:chkpwd_t:s0 tclass=process2 permissive=0

label socket placed under /run/polkit as policykit_var_run_t

Author: rfrohl

policy/modules/contrib/policykit.fc

@@ -20,3 +20,4 @@
 /var/lib/PolicyKit-public(/.*)?			gen_context(system_u:object_r:policykit_var_lib_t,s0)
 /run/PolicyKit(/.*)?			gen_context(system_u:object_r:policykit_var_run_t,s0)
 /run/polkit-1(/.*)?			gen_context(system_u:object_r:policykit_var_run_t,s0)
+/run/polkit(/.*)?			gen_context(system_u:object_r:policykit_var_run_t,s0)

policy/modules/contrib/policykit.te

@@ -15,6 +15,7 @@ init_nnp_daemon_domain(policykit_t)
 type policykit_auth_t, policykit_domain;
 type policykit_auth_exec_t;
 init_daemon_domain(policykit_auth_t, policykit_auth_exec_t)
+init_nnp_daemon_domain(policykit_auth_t)
 
 type policykit_grant_t, policykit_domain;
 type policykit_grant_exec_t;
@@ -209,6 +210,7 @@ fs_dontaudit_append_ecryptfs_files(policykit_auth_t)
 auth_rw_var_auth(policykit_auth_t)
 auth_use_nsswitch(policykit_auth_t)
 auth_domtrans_chk_passwd(policykit_auth_t)
+auth_nnp_domtrans_chkpwd(policykit_auth_t)
 
 logging_send_syslog_msg(policykit_auth_t)