sepolicy/vendor/kernel.te - LeafOS-Devices/android_device_samsung_universal7904-common - Gitiles

 allow kernel app_efs_file:dir search;
 allow kernel app_efs_file:file open;
 allow kernel sensor_factoryapp_efs_file:file open;
 allow kernel efs_file:dir search;

 allow kernel device:chr_file { getattr setattr unlink create };
 allow kernel device:dir create_dir_perms;
 allow kernel self:capability { sys_rawio mknod };

 allow kernel block_device:dir search;
 dontaudit kernel device:blk_file create;

 allow kernel sysfs_sec_key:dir search;
 r_dir_file(kernel, sysfs_virtual)
	allow kernel app_efs_file:dir search;
	allow kernel app_efs_file:file open;
	allow kernel sensor_factoryapp_efs_file:file open;
	allow kernel efs_file:dir search;

	allow kernel device:chr_file { getattr setattr unlink create };
	allow kernel device:dir create_dir_perms;
	allow kernel self:capability { sys_rawio mknod };

	allow kernel block_device:dir search;
	dontaudit kernel device:blk_file create;

	allow kernel sysfs_sec_key:dir search;
	r_dir_file(kernel, sysfs_virtual)