Provided by: setools_4.4.0-1build1_amd64 bug

NAME
       seinfoflow - Information flow analysis for SELinux policies


SYNOPSIS
       seinfoflow [OPTIONS] -m MAP -s SOURCE [-t TARGET (-S|-A LIMIT)] [EXCLUDE [EXCLUDE ...]]


DESCRIPTION
       seinfoflow is a command line tool that allows the user to perform information flow analyses on an SELinux
       policy.


POLICY
       A single file containing a binary policy. This file is usually named by version  on  Linux  systems,  for
       example,  policy.30.  This  file  is  usually  named  sepolicy  on Android systems.  If no policy file is
       provided, seinfoflow will search for the policy running on the current system. If no policy can be found,
       seinfoflow will print an error message and exit.


PERMISSION MAP
       A file containing mappings of object permissions for object classes.  These mappings are the basis on how
       to compute the infoflow between types.  On Debian a standard permission map can be found when the package
       python3-sepolgen is installed at /var/lib/sepolgen/perm_map.


OPTIONS
   Analysis Settings
       -p POLICY
              Specify the policy to analyze. If none is specified, seinfoflow will search for the policy running
              on the current system.

       -m MAP Specify the path to the permission map file to use in the information flow analysis.

       -s SOURCE
              Specify the source type to use in the information flow analysis.

       -t TARGET
              Specify the target type to use in the information flow  analysis.  Using  this  option  will  also
              require specifying an analysis algorithm.

   Analysis Algorithms
       seinfoflow  uses  graph  algorithms  to  analyze  the  information  flow paths of an SELinux policy.  The
       following algorithms are options for determining paths from a source type to a target type.

       -S     Print the shortest information flow path(s) from the source type to the target type.  If  multiple
              paths have the same length, all will be displayed.

       -A LIMIT
              Print all information flow path(s) up to LIMIT steps long.  Depending on the connectiveness of the
              policy, a limit of 5 or more may be extremely expensive.

   Analysis Options
       -w MIN_WEIGHT
              Specify the minimum permission weight to consider for the analysis (1-10). The default is 3.

       -l LIMIT_FLOWS
              Specify the maximum number of information flows to output. The default is unlimited.

       EXCLUDE
              A space-separated list of types to exclude from the analysis.

   General Options
       --stats
              Print information flow graph statistics at the end of the analysis.

       -h, --help
              Print help information and exit.

       --version
              Print version information and exit.

       -v, --verbose
              Print additional informational messages.

       --debug
              Enable debugging output.


AUTHOR
       Chris PeBenito <pebenito@ieee.org>


BUGS
       Please report bugs via the SETools bug tracker, https://github.com/SELinuxProject/setools/issues


SEE ALSO
       apol(1), sediff(1), sedta(1), seinfo(1), sesearch(1)