NAME

       seinfo - SELinux policy information tool

SYNOPSIS

       seinfo [OPTIONS] [EXPRESSION] [POLICY]

DESCRIPTION

       seinfo allows the user to query the components of a SELinux policy.

POLICY

       A  single  file  containing  a binary policy. This file is usually named by version on Linux systems, for
       example, policy.30. This file is usually named sepolicy  on  Android  systems.   If  no  policy  file  is
       provided,  seinfo  will  search  for the policy running on the current system. If no policy can be found,
       seinfo will print an error message and exit.

EXPRESSIONS

       One or more of the following component types can be queried.  If  no  expressions  are  provided,  policy
       statistics will be printed.

       -a [ATTR], --attribute [ATTR]
              Print  a  list  of  type  attributes or, if ATTR is provided, print the named attribute.  With -x,
              print a list of types assigned to each displayed attribute.

       -b [BOOL], --bool [BOOL]
              Print a list of Booleans or, if BOOL is provided, print the named boolean.   With  -x,  print  the
              statement of each displayed conditional boolean.

       -c [CLASS], --class [CLASS]
              Print  a  list of object classes or, if CLASS is provided, print the named object class.  With -x,
              print a list of permissions for each displayed object class.

       -r [ROLE], --role [ROLE]
              Print a list of roles or, if NAME is provided, print the named role.  With -x, print the statement
              for each displayed role.

       -t [TYPE], --type [TYPE]
              Print  a  list  of  types or, if TYPE is provided, print the named type.  With -x, print a list of
              attributes which include each displayed type.

       -u [USER], --user [USER]
              Print a list of users or, if USER is provided, print the named user.  With -x,  print  a  list  of
              statement for each displayed user.

       --category [CAT]
              Print  a  list  of  categories or, if CAT is provided, print the named category.  With -x, print a
              list of sensitivities with which each displayed category may be associated.

       --common [COMMON]
              Print a list of common permission sets or, if COMMON is provided, print the  named  common.   With
              -x, print a list of permissions in the set.

       --constrain [CLASS]
              Print  a  list  of  constraints and MLS constraints statements or, if CLASS is provided, print all
              constraints for the named object class.  There is no expanded information for this component.

       --default [CLASS]
              Print a list of default_* statements or, if CLASS is provided, print all default_* statements  for
              the named object class.  There is no expanded information for this component.

       --fs_use [FS_TYPE]
              Print  a list of fs_use_* statements or, if FS_TYPE is provided, print the statement for the named
              filesystem type.  There is no expanded information for this component.

       --genfscon [FS_TYPE]
              Print a list of genfscon statements or, if FS_TYPE is provided, print the statement for the  named
              filesystem type.  There is no expanded information for this component.

       --initialsid [NAME]
              Print a list of initial SIDs or, if NAME is provided, print the named initial SID.  With -x, print
              the context assigned to each displayed SID.

       --netifcon [DEVICE]
              Print a list of netif contexts or, if DEVICE is  provided,  print  the  named  statement  for  the
              interface.  There is no expanded information for this component.

       --nodecon [ADDR]
              Print a list of node contexts or, if ADDR is provided, print the named statement for the node with
              address.  There is no expanded information for this component.

       --permissive [TYPE]
              Print permissive types or, if TYPE is specified, print the named statement if  it  is  permissive.
              There is no expanded information for this component.

       --polcap [NAME]
              Print  policy capabilities or, if NAME is specified, print the named capability, if enabled.  With
              -x, print the statement.

       --portcon [PORTNUM[-PORTNUM]]
              Print a list of port contexts or, if PORT or PORT range is provided, print the named statement for
              the port/port range.  There is no expanded information for this component.

       --sensitivity [SENS]
              Print  a  list  of  sensitivities  or, if SENS is provided, print the named sensitivity.  With -x,
              print the statement for each sensitivity.

       --typebounds [BOUND_TYPE]
              Print a list of typebounds statements or, if BOUND_TYPE is provided, print the statement  for  the
              named bound type.  There is no expanded information for this component.

       --validatetrans [CLASS]
              Print  a  list  of  validatetrans  and MLS validatetrans rules or, if CLASS is provided, print all
              constraints for the named object class.  There is no expanded information for this component.

       --all  Print all components.

OPTIONS

       -x, --expand
              Print additional details for each component matching the expression.  See the description of  each
              component for the details this option will provide.

       --flat Exclude headers and indentation in output.

       -h, --help
              Print help information and exit.

       --version
              Print version information and exit.

       -v, --verbose
              Print additional informational messages.

       --debug
              Enable debugging output.

AUTHOR

       Chris PeBenito <pebenito@ieee.org>

BUGS

       Please report bugs via the SETools bug tracker, https://github.com/SELinuxProject/setools/issues

SEE ALSO

       apol(1), sediff(1), sedta(1), seinfoflow(1), sesearch(1)