Ubuntu Manpage: sesearch - SELinux policy query tool

Provided by: setools_4.2.2-1ubuntu2_amd64

NAME

       sesearch - SELinux policy query tool

SYNOPSIS

       sesearch [OPTIONS] [OPTIONS] [EXPRESSION] [POLICY]

DESCRIPTION

       sesearch allows the user to search the rules in a SELinux policy.

POLICY

       A  single  file  containing  a binary policy. This file is usually named by version on Linux systems, for
       example, policy.30. This file is usually named sepolicy  on  Android  systems.   If  no  policy  file  is
       provided,  sesearch  will search for the policy running on the current system. If no policy can be found,
       sesearch will print an error message and exit.

EXPRESSIONS

The user may specify an expression containing values for a given field(s) in a rule. If no expression is
specified or if none of the specified fields apply to a given rule type, all rules of that type are
considered to match the expression.

Type Enforcement Rule Types
-A Find allow and allowxperm rules.

--allow
Find allow rules.

--auditallow
Find auditallow rules.

--dontaudit
Find dontaudit rules.

--neverallow
Find neverallow rules.

--allowxperm
Find allowxperm rules.

--auditallowxperm
Find auditallowxperm rules.

--dontauditxperm
Find dontauditxperm rules.

--neverallowxperm
Find neverallowxperm rules.

-T, --type_trans
Find type_transition rules.

--type_member
Find type_member rules.

--type_change
Find type_change rules.

RBAC Rule Types
--role_allow
Find role allow rules.

--role_trans
Find role_transition rules.

MLS Rule Types
--range_trans
Find range_transition rules.

Rule Fields
-s NAME, --source NAME
Find rules with NAME as their source type/role.

-t NAME, --target NAME
Find rules with NAME as their target type/role.

-D NAME, --default NAME
Find rules with NAME as their default type/role/level.

-c NAME, --class NAME
Find rules with NAME as their object class.

-p P1[,P2,...] --perm P1[,P2...]
Find rules with at least one of the specified permissions. Multiple permissions may be specified
as a comma-separated list.

-b BOOL[,B2,...], --bool BOOL[,B2,...]
Find conditional rules with the named Boolean in their conditional expression. Multiple Booleans
may be specified as a comma-separated list. This option will include rules in both the true and
false lists of the conditional.

Search Options
The following additional options modify how the search is performed.

-ds A matching rule must have the specified source attribute/type/role explicitly, instead of matching
by attribute contents.

-dt A matching rule must have the specified target attribute/type/role explicitly, instead of matching
by attribute contents.

-eb A matching rule must have all specified Booleans, instead of matching any of the specified
Boolean.

-ep A matching rule must have all specified permissions, instead of matching any of the specified
permission.

-rs Use regular expression for matching the source type/role.

-rt Use regular expression for matching the target type/role.

-rc Use regular expression for matching the object class.

-rd Use regular expression for matching the default type/role.

-rb Use regular expression for matching Booleans.

OPTIONS

       -h, --help
              Print help information and exit.

       --version
              Print version information and exit.

       -v, --verbose
              Print additional informational messages.

       --debug
              Enable debugging output.

AUTHOR

       Chris PeBenito <pebenito@ieee.org>

BUGS

       Please report bugs via the SETools bug tracker, https://github.com/SELinuxProject/setools/issues