1sedta(1)            SETools: SELinux Policy Analysis Tools            sedta(1)
2
3
4

NAME

6       sedta - Domain transition analysis for SELinux policies
7
8

SYNOPSIS

10       sedta  [OPTIONS]  -s SOURCE [-t TARGET (-S|-A LIMIT)] [EXCLUDE [EXCLUDE
11       ...]]
12
13

DESCRIPTION

15       sedta is a command line tool that allows the  user  to  perform  domain
16       transition analyses on an SELinux policy.
17
18

POLICY

20       A single file containing a binary policy. This file is usually named by
21       version on Linux systems, for example, policy.30. This file is  usually
22       named  sepolicy  on  Android  systems.   If no policy file is provided,
23       sedta will search for the policy running on the current system.  If  no
24       policy can be found, sedta will print an error message and exit.
25
26

OPTIONS

28   Analysis Settings
29       -p POLICY
30              Specify  the policy to analyze. If none is specified, sedta will
31              search for the policy running on the current system.
32
33       -s SOURCE
34              Specify the source type to use in the domain  transition  analy‐
35              sis.
36
37       -t TARGET
38              Specify  the  target type to use in the domain transition analy‐
39              sis. Using this option will also require specifying an  analysis
40              algorithm.
41
42
43   Analysis Algorithms
44       sedta  uses  graph algorithms to analyze the domain transition paths of
45       an SELinux policy.  The following algorithms are options for  determin‐
46       ing paths from a source type to a target type.
47
48       -S     Print  the  shortest  domain  transition path(s) from the source
49              type to the target  type.   If  multiple  paths  have  the  same
50              length, all will be displayed.
51
52       -A LIMIT
53              Print  all  domain  transition  path(s)  up to LIMIT steps long.
54              Depending on the connectiveness  of  the  policy,  this  may  be
55              extremely expensive.
56
57
58   Analysis Options
59       -r     Perform  a reverse domain transition analysis.  The domain tran‐
60              sitions will be analyzed to find the the parent domains, instead
61              of finding the child domains.
62
63       -l LIMIT_TRANS
64              Specify  the maximum number of domain transitions to output. The
65              default is unlimited.
66
67       EXCLUDE
68              A space-separated list of types to exclude from the analysis.
69
70
71   General Options
72       --stats
73              Print domain transition graph statistics at the end of the anal‐
74              ysis.
75
76       -h, --help
77              Print help information and exit.
78
79       --version
80              Print version information and exit.
81
82       -v, --verbose
83              Print additional informational messages.
84
85       --debug
86              Enable debugging output.
87
88

AUTHOR

90       Chris PeBenito <pebenito@ieee.org>
91
92

BUGS

94       Please     report     bugs     via    the    SETools    bug    tracker,
95       https://github.com/SELinuxProject/setools/issues
96
97

SEE ALSO

99       apol(1), sediff(1), seinfo(1), seinfoflow(1), sesearch(1)
100
101
102
103SELinux Project                   2016-02-20                          sedta(1)
Impressum