Chapter 6. Tools for Manipulating and Analyzing SELinux
85
Note
There are declared types that do not have any rules written for them or file contexts set for them.
For example, swapfile_t is declared in $SELINUX_SRC/types/file.te, so it appears in the Types
menu within the Types tab. However, the file type is not assigned to any file nor are there rules about
it.
If you are wondering if a particular type is used in the policy, you can search for it under the Policy
Rules tab. If no rules are found, then it is an unused type.
Tip
One feature of the Booleans tab is that you can set Boolean values within the policy loaded into apol.
This does not affect the Boolean value on the disk or in memory. This lets you test the effect on the
policy of changing different Booleans, entirely within apol. You can then do TE rule and information
flow analysis with the new Boolean settings.
6.3.2. TE Rule Analysis
Rule analysis looks into the relationship between a pair of types, trying to find the ways they interact.
The interaction could be direct or indirect due to the use of attributes, and enabled or disabled by a
Boolean setting.
Under the Policy Rules tab are search options and regular expression fields for defining the source
and target type or attribute. The Rule Selection menu lets you choose the kind of rule, such as
allow
,
neverallow
, and
auditallow
. In Figure 6 7, the menu for Default Type is squeezed in the image
since it is disabled:
footer
Our partners:
PHP: Hypertext Preprocessor Best Web Hosting
Java Web Hosting
Inexpensive Web Hosting
Jsp Web Hosting
Cheapest Web Hosting
Jsp Hosting
Cheap Hosting
Visionwebhosting.net Business web hosting division of Web
Design Plus. All rights reserved