setools/man/sedta.1

.\" Copyright (c) 2016 Tresys Technology, LLC.  All rights reserved.
.TH sedta 1 2016-02-20 "SELinux Project" "SETools: SELinux Policy Analysis Tools"

.SH NAME
sedta \- Domain transition analysis for SELinux policies

.SH SYNOPSIS
\fBsedta\fR [OPTIONS] -s SOURCE [-t TARGET (-S|-A LIMIT)] [EXCLUDE [EXCLUDE ...]]

.SH DESCRIPTION
.PP
\fBsedta\fR is a command line tool that allows the user to perform domain transition analyses
on an SELinux policy.

.SH POLICY
.PP
A single file containing a binary policy. This file is usually named by version on Linux systems, for example, \fIpolicy.30\fR. This file is usually named \fIsepolicy\fR on Android systems.
If no policy file is provided, \fBsedta\fR will search for the policy running on the current
system. If no policy can be found, \fBsedta\fR will print an error message and exit.

.SH OPTIONS
.SS Analysis Settings
.IP "-p POLICY"
Specify the policy to analyze. If none is specified, \fBsedta\fR will search for the policy
running on the current system.
.IP "-s SOURCE"
Specify the source type to use in the domain transition analysis.
.IP "-t TARGET"
Specify the target type to use in the domain transition analysis. Using this option will also
require specifying an analysis algorithm.

.SS Analysis Algorithms
\fBsedta\fR uses graph algorithms to analyze the domain transition paths of an SELinux policy.
The following algorithms are options for determining paths from a source type to a target type.
.IP "-S"
Print the shortest domain transition path(s) from the source type to the target type.  If multiple
paths have the same length, all will be displayed.
.IP "-A LIMIT"
Print all domain transition path(s) up to LIMIT steps long.  Depending on the connectiveness of
the policy, this may be extremely expensive.

.SS Analysis Options
.IP -r
Perform a reverse domain transition analysis.  The domain transitions will be analyzed to find the
the parent domains, instead of finding the child domains.
.IP "-l LIMIT_TRANS"
Specify the maximum number of domain transitions to output. The default is unlimited.
.IP EXCLUDE
A space-separated list of types to exclude from the analysis.

.SS General Options
.IP "--stats"
Print domain transition graph statistics at the end of the analysis.
.IP "-h, --help"
Print help information and exit.
.IP "--version"
Print version information and exit.
.IP "-v, --verbose"
Print additional informational messages.
.IP "--debug"
Enable debugging output.

.SH AUTHOR
Chris PeBenito <pebenito@ieee.org>

.SH BUGS
Please report bugs via the SETools bug tracker, https://github.com/SELinuxProject/setools/issues

.SH SEE ALSO
apol(1), sediff(1), seinfo(1), seinfoflow(1), sesearch(1)
Add man pages. Closes #95 2016-02-21 21:27:44 +00:00			`.\" Copyright (c) 2016 Tresys Technology, LLC. All rights reserved.`
Update old documentation references. Closes #12 2018-11-12 16:36:21 +00:00			`.TH sedta 1 2016-02-20 "SELinux Project" "SETools: SELinux Policy Analysis Tools"`
Add man pages. Closes #95 2016-02-21 21:27:44 +00:00
			`.SH NAME`
			`sedta \- Domain transition analysis for SELinux policies`

			`.SH SYNOPSIS`
			`\fBsedta\fR [OPTIONS] -s SOURCE [-t TARGET (-S\|-A LIMIT)] [EXCLUDE [EXCLUDE ...]]`

			`.SH DESCRIPTION`
			`.PP`
			`\fBsedta\fR is a command line tool that allows the user to perform domain transition analyses`
			`on an SELinux policy.`

			`.SH POLICY`
			`.PP`
			`A single file containing a binary policy. This file is usually named by version on Linux systems, for example, \fIpolicy.30\fR. This file is usually named \fIsepolicy\fR on Android systems.`
			`If no policy file is provided, \fBsedta\fR will search for the policy running on the current`
			`system. If no policy can be found, \fBsedta\fR will print an error message and exit.`

			`.SH OPTIONS`
			`.SS Analysis Settings`
			`.IP "-p POLICY"`
			`Specify the policy to analyze. If none is specified, \fBsedta\fR will search for the policy`
			`running on the current system.`
			`.IP "-s SOURCE"`
			`Specify the source type to use in the domain transition analysis.`
			`.IP "-t TARGET"`
			`Specify the target type to use in the domain transition analysis. Using this option will also`
			`require specifying an analysis algorithm.`

			`.SS Analysis Algorithms`
			`\fBsedta\fR uses graph algorithms to analyze the domain transition paths of an SELinux policy.`
			`The following algorithms are options for determining paths from a source type to a target type.`
			`.IP "-S"`
			`Print the shortest domain transition path(s) from the source type to the target type. If multiple`
			`paths have the same length, all will be displayed.`
			`.IP "-A LIMIT"`
			`Print all domain transition path(s) up to LIMIT steps long. Depending on the connectiveness of`
			`the policy, this may be extremely expensive.`

			`.SS Analysis Options`
			`.IP -r`
			`Perform a reverse domain transition analysis. The domain transitions will be analyzed to find the`
			`the parent domains, instead of finding the child domains.`
			`.IP "-l LIMIT_TRANS"`
			`Specify the maximum number of domain transitions to output. The default is unlimited.`
			`.IP EXCLUDE`
			`A space-separated list of types to exclude from the analysis.`

			`.SS General Options`
			`.IP "--stats"`
			`Print domain transition graph statistics at the end of the analysis.`
			`.IP "-h, --help"`
			`Print help information and exit.`
			`.IP "--version"`
			`Print version information and exit.`
			`.IP "-v, --verbose"`
			`Print additional informational messages.`
			`.IP "--debug"`
			`Enable debugging output.`

			`.SH AUTHOR`
Update old documentation references. Closes #12 2018-11-12 16:36:21 +00:00			`Chris PeBenito <pebenito@ieee.org>`
Add man pages. Closes #95 2016-02-21 21:27:44 +00:00
			`.SH BUGS`
Update old documentation references. Closes #12 2018-11-12 16:36:21 +00:00			`Please report bugs via the SETools bug tracker, https://github.com/SELinuxProject/setools/issues`
Add man pages. Closes #95 2016-02-21 21:27:44 +00:00
			`.SH SEE ALSO`
			`apol(1), sediff(1), seinfo(1), seinfoflow(1), sesearch(1)`