All, Currently, shell has very limited permission (i.e., can't do ps) and we have to move to su domain to do those commands. On our devices, su is not available, thus, we can't use the su transition rule. Can we do type transition based on the shell id ? Since seandroid uses both DAC and MAC, I think it make sense to have unconfined_domain for account with low privilege so that it can't cause much damage to the system.
Thanks, Tai
