1sesearch(1) SETools: SELinux Policy Analysis Tools sesearch(1)
2
6 sesearch - SELinux policy query tool
7
10 sesearch [OPTIONS] [OPTIONS] [EXPRESSION] [POLICY]
11
14 sesearch allows the user to search the rules in a SELinux policy.
15
18 A single file containing a binary policy. This file is usually named by
19 version on Linux systems, for example, policy.30. This file is usually
20 named sepolicy on Android systems. If no policy file is provided,
21 sesearch will search for the policy running on the current system. If
22 no policy can be found, sesearch will print an error message and exit.
23
26 The user may specify an expression containing values for a given
27 field(s) in a rule. If no expression is specified or if none of the
28 specified fields apply to a given rule type, all rules of that type are
29 considered to match the expression.
30 Type Enforcement Rule Types
33 -A Find allow and allowxperm rules.
34 --allow
36 Find allow rules.
37 --auditallow
39 Find auditallow rules.
40 --dontaudit
42 Find dontaudit rules.
43 --neverallow
45 Find neverallow rules.
46 --allowxperm
48 Find allowxperm rules.
49 --auditallowxperm
51 Find auditallowxperm rules.
52 --dontauditxperm
54 Find dontauditxperm rules.
55 --neverallowxperm
57 Find neverallowxperm rules.
58 -T, --type_trans
60 Find type_transition rules.
61 --type_member
63 Find type_member rules.
64 --type_change
66 Find type_change rules.
67 RBAC Rule Types
70 --role_allow
71 Find role allow rules.
72 --role_trans
74 Find role_transition rules.
75 MLS Rule Types
78 --range_trans
79 Find range_transition rules.
80 Rule Fields
83 -s NAME, --source NAME
84 Find rules with NAME as their source type/role.
85 -t NAME, --target NAME
87 Find rules with NAME as their target type/role.
88 -D NAME, --default NAME
90 Find rules with NAME as their default type/role/level.
91 -c NAME, --class NAME
93 Find rules with NAME as their object class.
94 -p P1[,P2,...] --perm P1[,P2...]
96 Find rules with at least one of the specified permissions. Mul‐
97 tiple permissions may be specified as a comma-separated list.
98 -b BOOL[,B2,...], --bool BOOL[,B2,...]
100 Find conditional rules with the named Boolean in their condi‐
101 tional expression. Multiple Booleans may be specified as a
102 comma-separated list. This option will include rules in both
103 the true and false lists of the conditional.
104 Search Options
107 The following additional options modify how the search is performed.
108 -ds A matching rule must have the specified source
110 attribute/type/role explicitly, instead of matching by attribute
111 contents.
112 -dt A matching rule must have the specified target
114 attribute/type/role explicitly, instead of matching by attribute
115 contents.
116 -eb A matching rule must have all specified Booleans, instead of
118 matching any of the specified Boolean.
119 -ep A matching rule must have all specified permissions, instead of
121 matching any of the specified permission.
122 -rs Use regular expression for matching the source type/role.
124 -rt Use regular expression for matching the target type/role.
126 -rc Use regular expression for matching the object class.
128 -rd Use regular expression for matching the default type/role.
130 -rb Use regular expression for matching Booleans.
132
135 -h, --help
136 Print help information and exit.
137 --version
139 Print version information and exit.
140 -v, --verbose
142 Print additional informational messages.
143 --debug
145 Enable debugging output.
146
149 Chris PeBenito <pebenito@ieee.org>
150
153 Please report bugs via the SETools bug tracker,
154 https://github.com/SELinuxProject/setools/issues
155
158 apol(1), sediff(1), sedta(1), seinfo(1), seinfoflow(1)
159SELinux Project 2016-02-20 sesearch(1)