1sevisual_query(1)        SELinux Policy Analysis Tool        sevisual_query(1)
2
3
4

NAME

6       sevisual_query - SELinux policy visual query
7

SYNOPSIS

9       sevisual_query [-h] [-s SOURCE | -t TARGET]
10                           [-sg SOURCE_GROUP | -tg TARGET_GROUP] [-c TCLASS]
11                           [-p PERMS] [-a ATTR] [-b BOOL] [-ea] [-dg]
12                           [-fb [FILTER_BOOLS]] [-fa ATTR] [-sm SIZE_MULTIPLIER]
13                           [policy]
14
15

DESCRIPTION

17       Creates  visual representation (pdf containing vector graphics) of part
18       of given SELinux policy (concerning selected type). Rules assigned  via
19       attributes  are  distinguished  by  color codes. Dashed lines represent
20       conditional rules.
21

OPTIONS

23   Positional arguments:
24              policy Path to the SELinux policy to be used.
25
26   Optional arguments:
27              -h, --help
28                     show this help message and exit
29
30              -sm SIZE_MULTIPLIER, --size_multiplier SIZE_MULTIPLIER
31                     Graph canvas size multiplier (>1 increases space  between
32                     nodes)
33
34   Rule search (similar to sesearch):
35              -s SOURCE, --source SOURCE
36                     Source type of the TE rule.
37
38              -t TARGET, --target TARGET
39                     Target type of the TE rule.
40
41              -sg SOURCE_GROUP, --source_group SOURCE_GROUP
42                     Source  type  (consider whole domain group containing the
43                     type) of the TE rule.
44
45              -tg TARGET_GROUP, --target_group TARGET_GROUP
46                     Target type (consider whole domain group  containing  the
47                     type) of the TE rule.
48
49              -c TCLASS, --class TCLASS
50                     Comma separated list of object classes
51
52              -p PERMS, --perms PERMS
53                     Comma separated list of permissions.
54
55              -a ATTR, --attr ATTR
56                     Comma separated list of attributes.
57
58              -b BOOL, --bool BOOL
59                     Comma  separated  list  of  Booleans  in  the conditional
60                     expression.
61
62              -ea    Expand rules ending in attribute (to all types that  have
63                     given attribute).
64
65   Filtering:
66              -dg    Group SELinux domains based on package they belong to.
67
68              -fb [FILTER_BOOLS], --filter_bools [FILTER_BOOLS]
69                     Filter  rules  based  on current boolean setting or comma
70                     separated list of [boolean]:[on/off]
71
72              -fa ATTR, --filter_attrs ATTR
73                     Filter out rules allowed for specified attributes.   ATTR
74                     is comma separated list of attributes.
75

EXAMPLE

77       Show  policy  concerning  bluetooth_t type (only access to files, other
78       types are grouped into packages):
79
80             $ sevisual_query -s bluetooth_t -c file -dg
81             $ okular graph.pdf
82
83

SEE ALSO

85       seextract_cil(1), seexport_graph(1)
86

HINTS

88       Have a look at seexport_graph which can work with whole policy  package
89       and the resulting visualization is interactive.
90

AUTHOR

92       Vit Mojzis <vmojzis@redhat.com>
93
94
95
96                                  2017-02-09                 sevisual_query(1)
Impressum