Provided by: setools_4.1.1-3_amd64 bug

NAME
       seinfoflow - Information flow analysis for SELinux policies


SYNOPSIS
       seinfoflow [OPTIONS] -m MAP -s SOURCE [-t TARGET (-S|-A LIMIT)] [EXCLUDE [EXCLUDE ...]]


DESCRIPTION
       seinfoflow  is  a  command  line  tool  that  allows  the user to perform information flow
       analyses on an SELinux policy.


POLICY
       seinfoflow supports loading SELinux policies in one of two formats.

              source:
                     A single text file containing a  monolithic  policy  source.  This  file  is
                     usually named policy.conf.

              binary:
                     A  single  file  containing  a  binary policy. This file is usually named by
                     version on Linux systems, for example, policy.30. This file is usually named
                     sepolicy on Android systems.

       If  no  policy  file  is  provided,  seinfoflow  will search for the policy running on the
       current system. If no policy can be found, seinfoflow will  print  an  error  message  and
       exit.


OPTIONS
   Analysis Settings
       -p POLICY
              Specify the policy to analyze. If none is specified, seinfoflow will search for the
              policy running on the current system.

       -m MAP Specify the path to the  permission  map  file  to  use  in  the  information  flow
              analysis.

       -s SOURCE
              Specify the source type to use in the information flow analysis.

       -t TARGET
              Specify  the target type to use in the information flow analysis. Using this option
              will also require specifying an analysis algorithm.

   Analysis Algorithms
       seinfoflow uses graph algorithms to analyze the  information  flow  paths  of  an  SELinux
       policy.   The following algorithms are options for determining paths from a source type to
       a target type.

       -S     Print the shortest information flow path(s) from the  source  type  to  the  target
              type.  If multiple paths have the same length, all will be displayed.

       -A LIMIT
              Print  all  information  flow  path(s)  up  to  LIMIT steps long.  Depending on the
              connectiveness of the policy, a limit of 5 or more may be extremely expensive.

   Analysis Options
       -w MIN_WEIGHT
              Specify the minimum permission weight to consider  for  the  analysis  (1-10).  The
              default is 3.

       -l LIMIT_FLOWS
              Specify  the  maximum  number  of  information  flows  to  output.  The  default is
              unlimited.

       EXCLUDE
              A space-separated list of types to exclude from the analysis.

   General Options
       --stats
              Print information flow graph statistics at the end of the analysis.

       -h, --help
              Print help information and exit.

       --version
              Print version information and exit.

       -v, --verbose
              Print additional informational messages.

       --debug
              Enable debugging output.


AUTHOR
       Chris PeBenito <cpebenito@tresys.com>


BUGS
       Please       report       bugs       via       the       SETools       bug        tracker,
       https://github.com/TresysTechnology/setools/issues


SEE ALSO
       apol(1), sediff(1), sedta(1), seinfo(1), sesearch(1)