sedta - Domain transition analysis for SELinux policies
sedta [OPTIONS] -s SOURCE [-t TARGET (-S|-A LIMIT)] [EXCLUDE [EXCLUDE
...]]
sedta is a command line tool that allows the user to perform domain
transition analyses on an SELinux policy.
A single file containing a binary policy. This file is usually named by version
on Linux systems, for example,
policy.30. This file is usually named
sepolicy on Android systems. If no policy file is provided,
sedta will search for the policy running on the current system. If no
policy can be found,
sedta will print an error message and exit.
- -p POLICY
- Specify the policy to analyze. If none is specified,
sedta will search for the policy running on the current
system.
- -s SOURCE
- Specify the source type to use in the domain transition
analysis.
- -t TARGET
- Specify the target type to use in the domain transition
analysis. Using this option will also require specifying an analysis
algorithm.
sedta uses graph algorithms to analyze the domain transition paths of an
SELinux policy. The following algorithms are options for determining paths
from a source type to a target type.
- -S
- Print the shortest domain transition path(s) from the
source type to the target type. If multiple paths have the same length,
all will be displayed.
- -A LIMIT
- Print all domain transition path(s) up to LIMIT steps long.
Depending on the connectiveness of the policy, this may be extremely
expensive.
- -r
- Perform a reverse domain transition analysis. The domain
transitions will be analyzed to find the the parent domains, instead of
finding the child domains.
- -l LIMIT_TRANS
- Specify the maximum number of domain transitions to output.
The default is unlimited.
- EXCLUDE
- A space-separated list of types to exclude from the
analysis.
- --stats
- Print domain transition graph statistics at the end of the
analysis.
- -h, --help
- Print help information and exit.
- --version
- Print version information and exit.
- -v, --verbose
- Print additional informational messages.
- --debug
- Enable debugging output.
Chris PeBenito <
[email protected]>
Please report bugs via the SETools bug tracker,
https://github.com/SELinuxProject/setools/issues
apol(1),
sediff(1),
seinfo(1),
seinfoflow(1),
sesearch(1)