1seinfo(1) SETools: SELinux Policy Analysis Tools seinfo(1)
2
6 seinfo - SELinux policy information tool
7
10 seinfo [OPTIONS] [EXPRESSION] [POLICY]
11
14 seinfo allows the user to query the components of a SELinux policy.
15
18 apol supports loading SELinux policies in one of two formats.
19 source:
21 A single text file containing a monolithic policy source.
22 This file is usually named policy.conf.
23 binary:
25 A single file containing a binary policy. This file is
26 usually named by version on Linux systems, for example,
27 policy.30. This file is usually named sepolicy on Android
28 systems.
29 If no policy file is provided, seinfo will search for the policy run‐
31 ning on the current system. If no policy can be found, seinfo will
32 print an error message and exit.
33
36 One or more of the following component types can be queried. If no
37 expressions are provided, policy statistics will be printed.
38 -a [ATTR], --attribute [ATTR]
40 Print a list of type attributes or, if ATTR is provided, print
41 the named attribute. With -x, print a list of types assigned to
42 each displayed attribute.
43 -b [BOOL], --bool [BOOL]
45 Print a list of Booleans or, if BOOL is provided, print the
46 named boolean. With -x, print the statement of each displayed
47 conditional boolean.
48 -c [CLASS], --class [CLASS]
50 Print a list of object classes or, if CLASS is provided, print
51 the named object class. With -x, print a list of permissions
52 for each displayed object class.
53 -r [ROLE], --role [ROLE]
55 Print a list of roles or, if NAME is provided, print the named
56 role. With -x, print the statement for each displayed role.
57 -t [TYPE], --type [TYPE]
59 Print a list of types or, if TYPE is provided, print the named
60 type. With -x, print a list of attributes which include each
61 displayed type.
62 -u [USER], --user [USER]
64 Print a list of users or, if USER is provided, print the named
65 user. With -x, print a list of statement for each displayed
66 user.
67 --category [CAT]
69 Print a list of categories or, if CAT is provided, print the
70 named category. With -x, print a list of sensitivities with
71 which each displayed category may be associated.
72 --common [COMMON]
74 Print a list of common permission sets or, if COMMON is pro‐
75 vided, print the named common. With -x, print a list of permis‐
76 sions in the set.
77 --constrain [CLASS]
79 Print a list of constraints and MLS constraints statements or,
80 if CLASS is provided, print all constraints for the named object
81 class. There is no expanded information for this component.
82 --default [CLASS]
84 Print a list of default_* statements or, if CLASS is provided,
85 print all default_* statements for the named object class.
86 There is no expanded information for this component.
87 --fs_use [FS_TYPE]
89 Print a list of fs_use_* statements or, if FS_TYPE is provided,
90 print the statement for the named filesystem type. There is no
91 expanded information for this component.
92 --genfscon [FS_TYPE]
94 Print a list of genfscon statements or, if FS_TYPE is provided,
95 print the statement for the named filesystem type. There is no
96 expanded information for this component.
97 --initialsid [NAME]
99 Print a list of initial SIDs or, if NAME is provided, print the
100 named initial SID. With -x, print the context assigned to each
101 displayed SID.
102 --netifcon [DEVICE]
104 Print a list of netif contexts or, if DEVICE is provided, print
105 the named statement for the interface. There is no expanded
106 information for this component.
107 --nodecon [ADDR]
109 Print a list of node contexts or, if ADDR is provided, print the
110 named statement for the node with address. There is no expanded
111 information for this component.
112 --permissive [TYPE]
114 Print permissive types or, if TYPE is specified, print the named
115 statement if it is permissive. There is no expanded information
116 for this component.
117 --polcap [NAME]
119 Print policy capabilities or, if NAME is specified, print the
120 named capability, if enabled. With -x, print the statement.
121 --portcon [PORTNUM[-PORTNUM]]
123 Print a list of port contexts or, if PORT or PORT range is pro‐
124 vided, print the named statement for the port/port range. There
125 is no expanded information for this component.
126 --sensitivity [SENS]
128 Print a list of sensitivities or, if SENS is provided, print the
129 named sensitivity. With -x, print the statement for each sensi‐
130 tivity.
131 --typebounds [BOUND_TYPE]
133 Print a list of typebounds statements or, if BOUND_TYPE is pro‐
134 vided, print the statement for the named bound type. There is
135 no expanded information for this component.
136 --validatetrans [CLASS]
138 Print a list of validatetrans and MLS validatetrans rules or, if
139 CLASS is provided, print all constraints for the named object
140 class. There is no expanded information for this component.
141 --all Print all components.
143
146 -x, --expand
147 Print additional details for each component matching the expres‐
148 sion. See the description of each component for the details
149 this option will provide.
150 --flat Exclude headers and indentation in output.
152 -h, --help
154 Print help information and exit.
155 --version
157 Print version information and exit.
158 -v, --verbose
160 Print additional informational messages.
161 --debug
163 Enable debugging output.
164
167 Chris PeBenito <cpebenito@tresys.com>
168
171 Please report bugs via the SETools bug tracker,
172 https://github.com/TresysTechnology/setools/issues
173
176 apol(1), sediff(1), sedta(1), seinfoflow(1), sesearch(1)
177Tresys Technology, LLC 2016-02-20 seinfo(1)