Provided by: setools_4.1.1-3_amd64 bug

NAME
       sedta - Domain transition analysis for SELinux policies


SYNOPSIS
       sedta [OPTIONS] -s SOURCE [-t TARGET (-S|-A LIMIT)] [EXCLUDE [EXCLUDE ...]]


DESCRIPTION
       sedta is a command line tool that allows the user to perform domain transition analyses on
       an SELinux policy.


POLICY
       sedta supports loading SELinux policies in one of two formats.

              source:
                     A single text file containing a  monolithic  policy  source.  This  file  is
                     usually named policy.conf.

              binary:
                     A  single  file  containing  a  binary policy. This file is usually named by
                     version on Linux systems, for example, policy.30. This file is usually named
                     sepolicy on Android systems.

       If  no  policy  file  is provided, sedta will search for the policy running on the current
       system. If no policy can be found, sedta will print an error message and exit.


OPTIONS
   Analysis Settings
       -p POLICY
              Specify the policy to analyze. If none is specified,  sedta  will  search  for  the
              policy running on the current system.

       -s SOURCE
              Specify the source type to use in the domain transition analysis.

       -t TARGET
              Specify the target type to use in the domain transition analysis. Using this option
              will also require specifying an analysis algorithm.

   Analysis Algorithms
       sedta uses graph algorithms to analyze the domain transition paths of an  SELinux  policy.
       The  following algorithms are options for determining paths from a source type to a target
       type.

       -S     Print the shortest domain transition path(s) from the source  type  to  the  target
              type.  If multiple paths have the same length, all will be displayed.

       -A LIMIT
              Print  all  domain  transition  path(s)  up  to LIMIT steps long.  Depending on the
              connectiveness of the policy, this may be extremely expensive.

   Analysis Options
       -r     Perform a reverse domain transition  analysis.   The  domain  transitions  will  be
              analyzed to find the the parent domains, instead of finding the child domains.

       -l LIMIT_TRANS
              Specify  the  maximum  number  of  domain  transitions  to  output.  The default is
              unlimited.

       EXCLUDE
              A space-separated list of types to exclude from the analysis.

   General Options
       --stats
              Print domain transition graph statistics at the end of the analysis.

       -h, --help
              Print help information and exit.

       --version
              Print version information and exit.

       -v, --verbose
              Print additional informational messages.

       --debug
              Enable debugging output.


AUTHOR
       Chris PeBenito <cpebenito@tresys.com>


BUGS
       Please       report       bugs       via       the       SETools       bug        tracker,
       https://github.com/TresysTechnology/setools/issues


SEE ALSO
       apol(1), sediff(1), seinfo(1), seinfoflow(1), sesearch(1)