1sedta(1)            SETools: SELinux Policy Analysis Tools            sedta(1)
2
3
4

NAME

6       sedta - Domain transition analysis for SELinux policies
7
8

SYNOPSIS

10       sedta  [OPTIONS]  -s SOURCE [-t TARGET (-S|-A LIMIT)] [EXCLUDE [EXCLUDE
11       ...]]
12
13

DESCRIPTION

15       sedta is a command line tool that allows the  user  to  perform  domain
16       transition analyses on an SELinux policy.
17
18

POLICY

20       sedta supports loading SELinux policies in one of two formats.
21
22              source:
23                     A single text file containing a monolithic policy source.
24                     This file is usually named policy.conf.
25
26              binary:
27                     A single file containing a binary policy.  This  file  is
28                     usually  named  by version on Linux systems, for example,
29                     policy.30. This file is usually named sepolicy on Android
30                     systems.
31
32       If no policy file is provided, sedta will search for the policy running
33       on the current system. If no policy can be found, sedta will  print  an
34       error message and exit.
35
36

OPTIONS

38   Analysis Settings
39       -p POLICY
40              Specify  the policy to analyze. If none is specified, sedta will
41              search for the policy running on the current system.
42
43       -s SOURCE
44              Specify the source type to use in the domain  transition  analy‐
45              sis.
46
47       -t TARGET
48              Specify  the  target type to use in the domain transition analy‐
49              sis. Using this option will also require specifying an  analysis
50              algorithm.
51
52
53   Analysis Algorithms
54       sedta  uses  graph algorithms to analyze the domain transition paths of
55       an SELinux policy.  The following algorithms are options for  determin‐
56       ing paths from a source type to a target type.
57
58       -S     Print  the  shortest  domain  transition path(s) from the source
59              type to the target  type.   If  multiple  paths  have  the  same
60              length, all will be displayed.
61
62       -A LIMIT
63              Print  all  domain  transition  path(s)  up to LIMIT steps long.
64              Depending on the connectiveness  of  the  policy,  this  may  be
65              extremely expensive.
66
67
68   Analysis Options
69       -r     Perform  a reverse domain transition analysis.  The domain tran‐
70              sitions will be analyzed to find the the parent domains, instead
71              of finding the child domains.
72
73       -l LIMIT_TRANS
74              Specify  the maximum number of domain transitions to output. The
75              default is unlimited.
76
77       EXCLUDE
78              A space-separated list of types to exclude from the analysis.
79
80
81   General Options
82       --stats
83              Print domain transition graph statistics at the end of the anal‐
84              ysis.
85
86       -h, --help
87              Print help information and exit.
88
89       --version
90              Print version information and exit.
91
92       -v, --verbose
93              Print additional informational messages.
94
95       --debug
96              Enable debugging output.
97
98

AUTHOR

100       Chris PeBenito <cpebenito@tresys.com>
101
102

BUGS

104       Please     report     bugs     via    the    SETools    bug    tracker,
105       https://github.com/TresysTechnology/setools/issues
106
107

SEE ALSO

109       apol(1), sediff(1), seinfo(1), seinfoflow(1), sesearch(1)
110
111
112
113Tresys Technology, LLC            2016-02-20                          sedta(1)
Impressum