systemd: allow tmpfiles to relabel various unlabeled objects

For example, I have `/var/tmp/portage` on zram. On startup, zram-generator
mounts it, and later, systemd-tmpfiles processes a (pre-existing) tmpfiles.d
entry to create `/var/tmp/portage`. We need a way to keep the context.

Allow tmpfiles to relabel for these cases:
```
AVC avc:  denied  { getattr } for  pid=1439 comm="systemd-tmpfile" path="/var/tmp/portage" dev="zram0" ino=128
scontext=system_u:system_r:systemd_tmpfiles_t:s0
tcontext=system_u:object_r:unlabeled_t:s0
tclass=dir

AVC avc:  denied  { setattr } for  pid=1439 comm="systemd-tmpfile" name="/" dev="zram0" ino=128
scontext=system_u:system_r:systemd_tmpfiles_t:s0
tcontext=system_u:object_r:unlabeled_t:s0
tclass=dir

AVC avc:  denied  { relabelfrom } for  pid=1439 comm="systemd-tmpfile" name="/" dev="zram0" ino=128
scontext=system_u:system_r:systemd_tmpfiles_t:s0
tcontext=system_u:object_r:unlabeled_t:s0
tclass=dir
```

Signed-off-by: Sam James <sam@gentoo.org>

Author: thesamesam

policy/modules/system/systemd.te

@@ -2234,6 +2234,14 @@ init_relabel_utmp(systemd_tmpfiles_t)
 init_relabel_var_lib_dirs(systemd_tmpfiles_t)
 init_read_runtime_files(systemd_tmpfiles_t)
 
+kernel_relabelfrom_unlabeled_dirs(systemd_tmpfiles_t)
+kernel_relabelfrom_unlabeled_files(systemd_tmpfiles_t)
+kernel_relabelfrom_unlabeled_symlinks(systemd_tmpfiles_t)
+kernel_relabelfrom_unlabeled_pipes(systemd_tmpfiles_t)
+kernel_relabelfrom_unlabeled_sockets(systemd_tmpfiles_t)
+kernel_relabelfrom_unlabeled_blk_devs(systemd_tmpfiles_t)
+kernel_relabelfrom_unlabeled_chr_devs(systemd_tmpfiles_t)
+
 logging_relabel_generic_log_dirs(systemd_tmpfiles_t)
 logging_relabel_syslogd_tmp_files(systemd_tmpfiles_t)
 logging_relabel_syslogd_tmp_dirs(systemd_tmpfiles_t)