1seinfo(1)           SETools: SELinux Policy Analysis Tools           seinfo(1)
2
3
4

NAME

6       seinfo - SELinux policy information tool
7
8

SYNOPSIS

10       seinfo [OPTIONS] [EXPRESSION] [POLICY]
11
12

DESCRIPTION

14       seinfo allows the user to query the components of a SELinux policy.
15
16

POLICY

18       apol supports loading SELinux policies in one of two formats.
19
20              source:
21                     A single text file containing a monolithic policy source.
22                     This file is usually named policy.conf.
23
24              binary:
25                     A single file containing a binary policy.  This  file  is
26                     usually  named  by version on Linux systems, for example,
27                     policy.30. This file is usually named sepolicy on Android
28                     systems.
29
30       If  no  policy file is provided, seinfo will search for the policy run‐
31       ning on the current system. If no policy  can  be  found,  seinfo  will
32       print an error message and exit.
33
34

EXPRESSIONS

36       One  or  more  of  the following component types can be queried.  If no
37       expressions are provided, policy statistics will be printed.
38
39       -a [ATTR], --attribute [ATTR]
40              Print a list of type attributes or, if ATTR is  provided,  print
41              the named attribute.  With -x, print a list of types assigned to
42              each displayed attribute.
43
44       -b [BOOL], --bool [BOOL]
45              Print a list of Booleans or, if  BOOL  is  provided,  print  the
46              named  boolean.   With -x, print the statement of each displayed
47              conditional boolean.
48
49       -c [CLASS], --class [CLASS]
50              Print a list of object classes or, if CLASS is  provided,  print
51              the  named  object  class.  With -x, print a list of permissions
52              for each displayed object class.
53
54       -r [ROLE], --role [ROLE]
55              Print a list of roles or, if NAME is provided, print  the  named
56              role.  With -x, print the statement for each displayed role.
57
58       -t [TYPE], --type [TYPE]
59              Print  a  list of types or, if TYPE is provided, print the named
60              type.  With -x, print a list of attributes  which  include  each
61              displayed type.
62
63       -u [USER], --user [USER]
64              Print  a  list of users or, if USER is provided, print the named
65              user.  With -x, print a list of  statement  for  each  displayed
66              user.
67
68       --category [CAT]
69              Print  a  list  of  categories or, if CAT is provided, print the
70              named category.  With -x, print a  list  of  sensitivities  with
71              which each displayed category may be associated.
72
73       --common [COMMON]
74              Print  a  list  of  common permission sets or, if COMMON is pro‐
75              vided, print the named common.  With -x, print a list of permis‐
76              sions in the set.
77
78       --constrain [CLASS]
79              Print  a  list of constraints and MLS constraints statements or,
80              if CLASS is provided, print all constraints for the named object
81              class.  There is no expanded information for this component.
82
83       --default [CLASS]
84              Print  a  list of default_* statements or, if CLASS is provided,
85              print all default_*  statements  for  the  named  object  class.
86              There is no expanded information for this component.
87
88       --fs_use [FS_TYPE]
89              Print  a list of fs_use_* statements or, if FS_TYPE is provided,
90              print the statement for the named filesystem type.  There is  no
91              expanded information for this component.
92
93       --genfscon [FS_TYPE]
94              Print  a list of genfscon statements or, if FS_TYPE is provided,
95              print the statement for the named filesystem type.  There is  no
96              expanded information for this component.
97
98       --initialsid [NAME]
99              Print  a list of initial SIDs or, if NAME is provided, print the
100              named initial SID.  With -x, print the context assigned to  each
101              displayed SID.
102
103       --netifcon [DEVICE]
104              Print  a list of netif contexts or, if DEVICE is provided, print
105              the named statement for the interface.   There  is  no  expanded
106              information for this component.
107
108       --nodecon [ADDR]
109              Print a list of node contexts or, if ADDR is provided, print the
110              named statement for the node with address.  There is no expanded
111              information for this component.
112
113       --permissive [TYPE]
114              Print permissive types or, if TYPE is specified, print the named
115              statement if it is permissive.  There is no expanded information
116              for this component.
117
118       --polcap [NAME]
119              Print  policy  capabilities  or, if NAME is specified, print the
120              named capability, if enabled.  With -x, print the statement.
121
122       --portcon [PORTNUM[-PORTNUM]]
123              Print a list of port contexts or, if PORT or PORT range is  pro‐
124              vided, print the named statement for the port/port range.  There
125              is no expanded information for this component.
126
127       --sensitivity [SENS]
128              Print a list of sensitivities or, if SENS is provided, print the
129              named sensitivity.  With -x, print the statement for each sensi‐
130              tivity.
131
132       --typebounds [BOUND_TYPE]
133              Print a list of typebounds statements or, if BOUND_TYPE is  pro‐
134              vided,  print  the statement for the named bound type.  There is
135              no expanded information for this component.
136
137       --validatetrans [CLASS]
138              Print a list of validatetrans and MLS validatetrans rules or, if
139              CLASS  is  provided,  print all constraints for the named object
140              class.  There is no expanded information for this component.
141
142       --all  Print all components.
143
144

OPTIONS

146       -x, --expand
147              Print additional details for each component matching the expres‐
148              sion.   See  the  description  of each component for the details
149              this option will provide.
150
151       --flat Exclude headers and indentation in output.
152
153       -h, --help
154              Print help information and exit.
155
156       --version
157              Print version information and exit.
158
159       -v, --verbose
160              Print additional informational messages.
161
162       --debug
163              Enable debugging output.
164
165

AUTHOR

167       Chris PeBenito <cpebenito@tresys.com>
168
169

BUGS

171       Please    report    bugs    via    the     SETools     bug     tracker,
172       https://github.com/TresysTechnology/setools/issues
173
174

SEE ALSO

176       apol(1), sediff(1), sedta(1), seinfoflow(1), sesearch(1)
177
178
179
180Tresys Technology, LLC            2016-02-20                         seinfo(1)
Impressum