sepolicy/shell.te - android_device_samsung_j5lte - Gitiles

 #============= shell ==============
 allow shell block_device:dir search;
 #allow shell labeledfs:filesystem remount;
 allow shell efs_file:dir { read search ioctl open getattr };
 allow shell firmware_file:dir { read search ioctl open getattr };
 allow shell firmware_file:file { read lock ioctl open getattr };
 allow shell firmware_file:lnk_file { read lock ioctl open getattr };
	#============= shell ==============
	allow shell block_device:dir search;
	#allow shell labeledfs:filesystem remount;
	allow shell efs_file:dir { read search ioctl open getattr };
	allow shell firmware_file:dir { read search ioctl open getattr };
	allow shell firmware_file:file { read lock ioctl open getattr };
	allow shell firmware_file:lnk_file { read lock ioctl open getattr };