"A project to get a Linux shell running on iOS, using usermode x86 emulation and syscall translation." https://github.com/ish-app/ish/
So theoretically it could be like an isolated computer game and have no access to anything from the underlying iOS environment. (Maybe it does let you access iOS's filesystem—it's not clear to me at a first glance.) I have the jaded feeling that this has to do with how it got approved.
https://github.com/ish-app/ish/wiki/Mounting-other-file-prov... says: "Additionally, if jailbroken or using the psychic paper exploit (not available through TestFlight nor will we help you do it), you can also mount using real, absolute paths. To do so run "mount -t real <src> <dst>", where <src> is the absolute path from the root of iOS and <dst> is the location in iSH to mount the file." Which suggests that you can only touch the underlying iOS if you've done an exploit.
As mentioned on that page, you can essentially mount whatever shows up in the Files app, but you don't have full filesystem access–iSH is a normal App Store app and is sandboxed as such.
So theoretically it could be like an isolated computer game and have no access to anything from the underlying iOS environment. (Maybe it does let you access iOS's filesystem—it's not clear to me at a first glance.) I have the jaded feeling that this has to do with how it got approved.
https://github.com/ish-app/ish/wiki/Mounting-other-file-prov... says: "Additionally, if jailbroken or using the psychic paper exploit (not available through TestFlight nor will we help you do it), you can also mount using real, absolute paths. To do so run "mount -t real <src> <dst>", where <src> is the absolute path from the root of iOS and <dst> is the location in iSH to mount the file." Which suggests that you can only touch the underlying iOS if you've done an exploit.