private/shell.te - LeafOS-Project/android_system_sepolicy - Gitiles

 # systrace support - allow atrace to run
 allow shell debugfs_tracing:dir r_dir_perms;
 allow shell debugfs_tracing:file rw_file_perms;
 allow shell debugfs_trace_marker:file getattr;
 allow shell atrace_exec:file rx_file_perms;

 # app_domain fallout
 tmpfs_domain(shell)
 # Map with PROT_EXEC.
 allow shell shell_tmpfs:file execute;
	# systrace support - allow atrace to run
	allow shell debugfs_tracing:dir r_dir_perms;
	allow shell debugfs_tracing:file rw_file_perms;
	allow shell debugfs_trace_marker:file getattr;
	allow shell atrace_exec:file rx_file_perms;

	# app_domain fallout
	tmpfs_domain(shell)
	# Map with PROT_EXEC.
	allow shell shell_tmpfs:file execute;