Provided by: setools_4.4.3-1_amd64 bug

NAME

       sedta - Domain transition analysis for SELinux policies

SYNOPSIS

       sedta [OPTIONS] -s SOURCE [-t TARGET (-S|-A LIMIT)] [EXCLUDE [EXCLUDE ...]]

DESCRIPTION

       sedta is a command line tool that allows the user to perform domain transition analyses on
       an SELinux policy.

POLICY

       A single file containing a binary policy. This file is usually named by version  on  Linux
       systems,  for  example, policy.30. This file is usually named sepolicy on Android systems.
       If no policy file is provided, sedta will search for the policy  running  on  the  current
       system. If no policy can be found, sedta will print an error message and exit.

OPTIONS

   Analysis Settings
       -p POLICY
              Specify  the  policy  to  analyze.  If none is specified, sedta will search for the
              policy running on the current system.

       -s SOURCE
              Specify the source type to use in the domain transition analysis.

       -t TARGET
              Specify the target type to use in the domain transition analysis. Using this option
              will also require specifying an analysis algorithm.

   Analysis Algorithms
       sedta  uses  graph algorithms to analyze the domain transition paths of an SELinux policy.
       The following algorithms are options for determining paths from a source type to a  target
       type.

       -S     Print  the  shortest  domain  transition path(s) from the source type to the target
              type.  If multiple paths have the same length, all will be displayed.

       -A LIMIT
              Print all domain transition path(s) up to  LIMIT  steps  long.   Depending  on  the
              connectiveness of the policy, this may be extremely expensive.

   Analysis Options
       -r     Perform  a  reverse  domain  transition  analysis.   The domain transitions will be
              analyzed to find the the parent domains, instead of finding the child domains.

       -l LIMIT_TRANS
              Specify the maximum  number  of  domain  transitions  to  output.  The  default  is
              unlimited.

       EXCLUDE
              A space-separated list of types to exclude from the analysis.

   General Options
       --full Print rule lists for transitions.

       --stats
              Print domain transition graph statistics at the end of the analysis.

       -h, --help
              Print help information and exit.

       --version
              Print version information and exit.

       -v, --verbose
              Print additional informational messages.

       --debug
              Enable debugging output.

EXAMPLE

       Show the shortest transition paths from httpd_t to unconfined_t, while not using container_runtime_t
       # sedta -s httpd_t -t unconfined_t -S container_runtime_t
       List all domain transition paths shorter than 3 steps from init_t to smbd_t
       # sedta -s init_t -t smbd_t -A 3

AUTHOR

       Chris PeBenito <pebenito@ieee.org>

BUGS

       Please        report       bugs       via       the       SETools       bug       tracker,
       https://github.com/SELinuxProject/setools/issues

SEE ALSO

       apol(1), sediff(1), seinfo(1), seinfoflow(1), sesearch(1)