1sesearch(1)         SETools: SELinux Policy Analysis Tools         sesearch(1)
2
3
4

NAME

6       sesearch - SELinux policy query tool
7
8

SYNOPSIS

10       sesearch [OPTIONS] [OPTIONS] [EXPRESSION] [POLICY]
11
12

DESCRIPTION

14       sesearch allows the user to search the rules in a SELinux policy.
15
16

POLICY

18       sesearch supports loading SELinux policies in one of two formats.
19
20              source:
21                     A single text file containing a monolithic policy source.
22                     This file is usually named policy.conf.
23
24              binary:
25                     A single file containing a binary policy.  This  file  is
26                     usually  named  by version on Linux systems, for example,
27                     policy.30. This file is usually named sepolicy on Android
28                     systems.
29
30       If no policy file is provided, sesearch will search for the policy run‐
31       ning on the current system. If no policy can be  found,  sesearch  will
32       print an error message and exit.
33
34

EXPRESSIONS

36       The  user  may  specify  an  expression  containing  values for a given
37       field(s) in a rule.  If no expression is specified or if  none  of  the
38       specified fields apply to a given rule type, all rules of that type are
39       considered to match the expression.
40
41
42   Type Enforcement Rule Types
43       -A     Find allow and allowxperm rules.
44
45       --allow
46              Find allow rules.
47
48       --auditallow
49              Find auditallow rules.
50
51       --dontaudit
52              Find dontaudit rules.
53
54       --neverallow
55              Find neverallow rules.
56
57       --allowxperm
58              Find allowxperm rules.
59
60       --auditallowxperm
61              Find auditallowxperm rules.
62
63       --dontauditxperm
64              Find dontauditxperm rules.
65
66       --neverallowxperm
67              Find neverallowxperm rules.
68
69       -T, --type_trans
70              Find type_transition rules.
71
72       --type_member
73              Find type_member rules.
74
75       --type_change
76              Find type_change rules.
77
78
79   RBAC Rule Types
80       --role_allow
81              Find role allow rules.
82
83       --role_trans
84              Find role_transition rules.
85
86
87   MLS Rule Types
88       --range_trans
89              Find range_transition rules.
90
91
92   Rule Fields
93       -s NAME, --source NAME
94              Find rules with NAME as their source type/role.
95
96       -t NAME, --target NAME
97              Find rules with NAME as their target type/role.
98
99       -D NAME, --default NAME
100              Find rules with NAME as their default type/role/level.
101
102       -c NAME, --class NAME
103              Find rules with NAME as their object class.
104
105       -p P1[,P2,...] --perm P1[,P2...]
106              Find rules with at least one of the specified permissions.  Mul‐
107              tiple permissions may be specified as a comma-separated list.
108
109       -b BOOL[,B2,...], --bool BOOL[,B2,...]
110              Find  conditional  rules  with the named Boolean in their condi‐
111              tional expression.  Multiple Booleans  may  be  specified  as  a
112              comma-separated  list.   This  option will include rules in both
113              the true and false lists of the conditional.
114
115
116   Search Options
117       The following additional options modify how the search is performed.
118
119       -ds    A   matching   rule   must    have    the    specified    source
120              attribute/type/role explicitly, instead of matching by attribute
121              contents.
122
123       -dt    A   matching   rule   must    have    the    specified    target
124              attribute/type/role explicitly, instead of matching by attribute
125              contents.
126
127       -eb    A matching rule must have all  specified  Booleans,  instead  of
128              matching any of the specified Boolean.
129
130       -ep    A  matching rule must have all specified permissions, instead of
131              matching any of the specified permission.
132
133       -rs    Use regular expression for matching the source type/role.
134
135       -rt    Use regular expression for matching the target type/role.
136
137       -rc    Use regular expression for matching the object class.
138
139       -rd    Use regular expression for matching the default type/role.
140
141       -rb    Use regular expression for matching Booleans.
142
143

OPTIONS

145       -h, --help
146              Print help information and exit.
147
148       --version
149              Print version information and exit.
150
151       -v, --verbose
152              Print additional informational messages.
153
154       --debug
155              Enable debugging output.
156
157

AUTHOR

159       Chris PeBenito <cpebenito@tresys.com>
160
161

BUGS

163       Please    report    bugs    via    the     SETools     bug     tracker,
164       https://github.com/TresysTechnology/setools/issues
165
166

SEE ALSO

168       apol(1), sediff(1), sedta(1), seinfo(1), seinfoflow(1)
169
170
171
172Tresys Technology, LLC            2016-04-19                       sesearch(1)
Impressum