1seinfoflow(1)       SETools: SELinux Policy Analysis Tools       seinfoflow(1)
2
3
4

NAME

6       seinfoflow - Information flow analysis for SELinux policies
7
8

SYNOPSIS

10       seinfoflow  [OPTIONS]  -m  MAP  -s  SOURCE  [-t  TARGET  (-S|-A LIMIT)]
11       [EXCLUDE [EXCLUDE ...]]
12
13

DESCRIPTION

15       seinfoflow is a command line tool  that  allows  the  user  to  perform
16       information flow analyses on an SELinux policy.
17
18

POLICY

20       A single file containing a binary policy. This file is usually named by
21       version on Linux systems, for example, policy.30. This file is  usually
22       named  sepolicy  on  Android  systems.   If no policy file is provided,
23       seinfoflow will search for the policy running on the current system. If
24       no  policy  can  be  found,  seinfoflow will print an error message and
25       exit.
26
27

OPTIONS

29   Analysis Settings
30       -p POLICY
31              Specify the policy to analyze. If none is specified,  seinfoflow
32              will search for the policy running on the current system.
33
34       -m MAP Specify the path to the permission map file to use in the infor‐
35              mation flow analysis.
36
37       -s SOURCE
38              Specify the source type to use in the information flow analysis.
39
40       -t TARGET
41              Specify the target type to use in the information flow analysis.
42              Using this option will also require specifying an analysis algo‐
43              rithm.
44
45
46   Analysis Algorithms
47       seinfoflow uses graph algorithms to analyze the information flow  paths
48       of  an SELinux policy.  The following algorithms are options for deter‐
49       mining paths from a source type to a target type.
50
51       -S     Print the shortest information flow path(s) from the source type
52              to the target type.  If multiple paths have the same length, all
53              will be displayed.
54
55       -A LIMIT
56              Print all information flow  path(s)  up  to  LIMIT  steps  long.
57              Depending  on  the connectiveness of the policy, a limit of 5 or
58              more may be extremely expensive.
59
60
61   Analysis Options
62       -w MIN_WEIGHT
63              Specify the minimum permission weight to consider for the analy‐
64              sis (1-10). The default is 3.
65
66       -l LIMIT_FLOWS
67              Specify  the  maximum number of information flows to output. The
68              default is unlimited.
69
70       EXCLUDE
71              A space-separated list of types to exclude from the analysis.
72
73
74   General Options
75       --stats
76              Print information flow graph statistics at the end of the analy‐
77              sis.
78
79       -h, --help
80              Print help information and exit.
81
82       --version
83              Print version information and exit.
84
85       -v, --verbose
86              Print additional informational messages.
87
88       --debug
89              Enable debugging output.
90
91

AUTHOR

93       Chris PeBenito <pebenito@ieee.org>
94
95

BUGS

97       Please     report     bugs     via    the    SETools    bug    tracker,
98       https://github.com/SELinuxProject/setools/issues
99
100

SEE ALSO

102       apol(1), sediff(1), sedta(1), seinfo(1), sesearch(1)
103
104
105
106SELinux Project                   2016-02-20                     seinfoflow(1)
Impressum