sedta - Domain transition analysis for SELinux policies
sedta [OPTIONS] -s SOURCE [-t TARGET (-S|-A LIMIT)]
[EXCLUDE [EXCLUDE ...]]
sedta is a command line tool that allows the user to
perform domain transition analyses on an SELinux policy.
A single file containing a binary policy. This file is usually
named by version on Linux systems, for example, policy.30. This file
is usually named sepolicy on Android systems. If no policy file is
provided, sedta will search for the policy running on the current
system. If no policy can be found, sedta will print an error message
and exit.
- -p POLICY
- Specify the policy to analyze. If none is specified, sedta will
search for the policy running on the current system.
- -s SOURCE
- Specify the source type to use in the domain transition analysis.
- -t TARGET
- Specify the target type to use in the domain transition analysis. Using
this option will also require specifying an analysis algorithm.
sedta uses graph algorithms to analyze the domain
transition paths of an SELinux policy. The following algorithms are options
for determining paths from a source type to a target type.
- -S
- Print the shortest domain transition path(s) from the source type to the
target type. If multiple paths have the same length, all will be
displayed.
- -A LIMIT
- Print all domain transition path(s) up to LIMIT steps long. Depending on
the connectiveness of the policy, this may be extremely expensive.
- -r
- Perform a reverse domain transition analysis. The domain transitions will
be analyzed to find the the parent domains, instead of finding the child
domains.
- -l LIMIT_TRANS
- Specify the maximum number of domain transitions to output. The default is
unlimited.
- EXCLUDE
- A space-separated list of types to exclude from the analysis.
- --stats
- Print domain transition graph statistics at the end of the analysis.
- -h, --help
- Print help information and exit.
- --version
- Print version information and exit.
- -v, --verbose
- Print additional informational messages.
- --debug
- Enable debugging output.
Chris PeBenito <pebenito@ieee.org>
Please report bugs via the SETools bug tracker,
https://github.com/SELinuxProject/setools/issues