1seinfo(1)           SETools: SELinux Policy Analysis Tools           seinfo(1)
2
3
4

NAME

6       seinfo - SELinux policy information tool
7
8

SYNOPSIS

10       seinfo [OPTIONS] [EXPRESSION] [POLICY]
11
12

DESCRIPTION

14       seinfo allows the user to query the components of a SELinux policy.
15
16

POLICY

18       A single file containing a binary policy. This file is usually named by
19       version on Linux systems, for example, policy.30. This file is  usually
20       named  sepolicy on Android systems.  If no policy file is provided, se‐
21       info will search for the policy running on the current  system.  If  no
22       policy can be found, seinfo will print an error message and exit.
23
24

EXPRESSIONS

26       One or more of the following component types can be queried.  If no ex‐
27       pressions are provided, policy statistics will be printed.
28
29       -a [ATTR], --attribute [ATTR]
30              Print a list of type attributes or, if ATTR is  provided,  print
31              the named attribute.  With -x, print a list of types assigned to
32              each displayed attribute.
33
34       -b [BOOL], --bool [BOOL]
35              Print a list of Booleans or, if  BOOL  is  provided,  print  the
36              named  boolean.   With -x, print the statement of each displayed
37              conditional boolean.
38
39       -c [CLASS], --class [CLASS]
40              Print a list of object classes or, if CLASS is  provided,  print
41              the  named  object  class.  With -x, print a list of permissions
42              for each displayed object class.
43
44       -r [ROLE], --role [ROLE]
45              Print a list of roles or, if NAME is provided, print  the  named
46              role.  With -x, print the statement for each displayed role.
47
48       -t [TYPE], --type [TYPE]
49              Print  a  list of types or, if TYPE is provided, print the named
50              type.  With -x, print a list of attributes  which  include  each
51              displayed type.
52
53       -u [USER], --user [USER]
54              Print  a  list of users or, if USER is provided, print the named
55              user.  With -x, print a list of  statement  for  each  displayed
56              user.
57
58       --category [CAT]
59              Print  a  list  of  categories or, if CAT is provided, print the
60              named category.  With -x, print a  list  of  sensitivities  with
61              which each displayed category may be associated.
62
63       --common [COMMON]
64              Print  a  list  of  common permission sets or, if COMMON is pro‐
65              vided, print the named common.  With -x, print a list of permis‐
66              sions in the set.
67
68       --constrain [CLASS]
69              Print  a  list of constraints and MLS constraints statements or,
70              if CLASS is provided, print all constraints for the named object
71              class.  There is no expanded information for this component.
72
73       --default [CLASS]
74              Print  a  list of default_* statements or, if CLASS is provided,
75              print all default_*  statements  for  the  named  object  class.
76              There is no expanded information for this component.
77
78       --fs_use [FS_TYPE]
79              Print  a list of fs_use_* statements or, if FS_TYPE is provided,
80              print the statement for the named filesystem type.  There is  no
81              expanded information for this component.
82
83       --genfscon [FS_TYPE]
84              Print  a list of genfscon statements or, if FS_TYPE is provided,
85              print the statement for the named filesystem type.  There is  no
86              expanded information for this component.
87
88       --ibpkeycon [PKEY[-PKEY]]
89              Print a list of InfiniBand parition key contexts.
90
91       --ibendportcon [NAME]
92              Print a list of InfiniBand endport contexts.
93
94       --initialsid [NAME]
95              Print  a list of initial SIDs or, if NAME is provided, print the
96              named initial SID.  With -x, print the context assigned to  each
97              displayed SID.
98
99       --netifcon [DEVICE]
100              Print  a list of netif contexts or, if DEVICE is provided, print
101              the named statement for the interface.  There is no expanded in‐
102              formation for this component.
103
104       --nodecon [ADDR]
105              Print a list of node contexts or, if ADDR is provided, print the
106              named statement for the node with address.  There is no expanded
107              information for this component.
108
109       --permissive [TYPE]
110              Print permissive types or, if TYPE is specified, print the named
111              statement if it is permissive.  There is no expanded information
112              for this component.
113
114       --polcap [NAME]
115              Print  policy  capabilities  or, if NAME is specified, print the
116              named capability, if enabled.  With -x, print the statement.
117
118       --portcon [PORTNUM[-PORTNUM]]
119              Print a list of port contexts or, if PORT or PORT range is  pro‐
120              vided, print the named statement for the port/port range.  There
121              is no expanded information for this component.
122
123       --sensitivity [SENS]
124              Print a list of sensitivities or, if SENS is provided, print the
125              named sensitivity.  With -x, print the statement for each sensi‐
126              tivity.
127
128       --typebounds [BOUND_TYPE]
129              Print a list of typebounds statements or, if BOUND_TYPE is  pro‐
130              vided,  print  the statement for the named bound type.  There is
131              no expanded information for this component.
132
133       --validatetrans [CLASS]
134              Print a list of validatetrans and MLS validatetrans rules or, if
135              CLASS  is  provided,  print all constraints for the named object
136              class.  There is no expanded information for this component.
137
138       --all  Print all components.
139
140
141        Xen Component Queries:
142
143       --ioportcon
144              Print all ioportcon statements.
145
146       --iomemcon
147              Print all iomemcon statements.
148
149       --pcidevicecon
150              Print all pcidevicecon statements.
151
152       --pirqcon
153              Print all pirqcon statements.
154
155       --devicetreecon
156              Print all devicetreecon statements.
157
158

OPTIONS

160       -x, --expand
161              Print additional details for each component matching the expres‐
162              sion.   See  the  description  of each component for the details
163              this option will provide.
164
165       --flat Exclude headers and indentation in output.
166
167       -h, --help
168              Print help information and exit.
169
170       --version
171              Print version information and exit.
172
173       -v, --verbose
174              Print additional informational messages.
175
176       --debug
177              Enable debugging output.
178
179

EXAMPLE

181       List aliases of and attributes assigned to type httpd_t
182       # seinfo -t httpd_t -x
183       List all executable types (all types assigned to "exec_type" attribute)
184       # seinfo -a exec_type -x
185       List all constrains and mlsconstrains for class "file"
186       # seinfo --constrain file
187
188

AUTHOR

190       Chris PeBenito <pebenito@ieee.org>
191
192

BUGS

194       Please    report    bugs    via    the     SETools     bug     tracker,
195       https://github.com/SELinuxProject/setools/issues
196
197

SEE ALSO

199       apol(1), sediff(1), sedta(1), seinfoflow(1), sesearch(1)
200
201
202
203SELinux Project                   2016-02-20                         seinfo(1)
Impressum