This file contains basic help information for using apol, a graphical policy analysis tool for Security Enhanced (SELinux) policies. The tool provides the ability to:
Apol supports source, and binary policies. Certain apol features may be disabled if the underlying policy does not support the action. For example, rule searches will not report line numbers when searching monolithic binary polices.
Apol provides compatibility with the current and previous policy syntax. It supports analysis of policy versions 15 and up.
Use Open from the File menu to open a valid policy. Only one policy can be open at a time; opening a second policy will result in the first being closed.
The Permission Map menu allows for opening, editing, and saving permission mappings. These are used by apol's information flow analysis.
To begin analyzing a policy, click the new analysis button. A menu of available analysis tools will be presented. Select one, and a new analysis tab will open. Any analysis can be started multiple times, and each will operate independently, so multiple concurrent analyses can be performed. To help manage multiple tabs, the tabs can be renamed by double-click the tab.