Allow unconfined users to transition to dpkg_t domain

dpkg is now using rpm_execcon()/setexecfilecon()-like function to
transition to the dpkg_script_t domain. This function will fail in
enforcing mode if the transition is not allowed.

policy/modules/system/unconfined.te

@@ -79,6 +79,10 @@ optional_policy(`
 	cron_unconfined_role(unconfined_r, unconfined_t)
 ')
 
+optional_policy(`
+	dpkg_run(unconfined_t, unconfined_r)
+')
+
 optional_policy(`
 	firstboot_run(unconfined_t, unconfined_r)
 ')