seexport_graph - Man Page

SELinux policy graph export tool

Synopsis

seexport_graph [-h] [-c TCLASS] [-p PERMS] [-a ATTR] [-b BOOL] [-ea]
               [-fb [FILTER_BOOLS]] [-fa ATTR]
               package [policy]

Description

Exports part of given SELinux policy (concerning selected package) to a graphml file. This file can than be visualized (e.g. using Gephi - gephi.org)

Options

Positional arguments

package

Policy concerning this package will be exported

policy

Path to the SELinux policy to be used.

Optional arguments

-h, ā€‰--help

show this help message and exit

Rule search (similar to sesearch)

-c TCLASS, --class TCLASS

Comma separated list of object classes

-p PERMS, --perms PERMS

Comma separated list of permissions.

-a ATTR, --attr ATTR

Comma separated list of attributes.

-b BOOL, --bool BOOL

Comma separated list of Booleans in the conditional expression.

-ea

Expand rules ending in attribute (to all types that have given attribute)

Filtering

-fb [FILTER_BOOLS], --filter_bools [FILTER_BOOLS]

Filter rules based on current boolean setting or comma separated list of [boolean]:[on/off]

-fa ATTR, --filter_attrs ATTR

Filter out rules allowed for specified attributes. ATTR is comma separated list of attributes.

Example

Export policy concerning bluetooth daemon (only access to files, boolean settings is taken into account):

      $ seexport_graph bluetooth -fb -c file,process

See Also

seextract_cil(1)

Bugs

domain_groups_cil.conf has to be kept up to date using seextract_cil command. Only packages present there can be exported.

Author

Vit Mojzis <vmojzis@redhat.com>

Referenced By

seextract_cil(1), sevisual_query(1).

2017-02-09 SELinux Policy Analysis Tool