|
|
|
|
|
|
by blockoperation
3390 days ago
|
|
|
sesearch is one way of doing it, for example: $ sesearch -A -s some_app_t -c file -p read -p write
allow some_app_t some_type_t:file { read write };
allow some_app_t some_other_type_t:file { read write };
allow some_attribute_of_some_app_t yet_another_type_t:file { read write };
Or, say you want to do the opposite – you know the label, and want to find all domains that can read and write it: $ sesearch -A -t some_type_t -c file -p read -p write
allow some_app_t some_type_t:file { read write };
allow some_other_app_t some_type_t:file { read write };
You can use regexes for the parameters if you don't know the exact types (just specify '-r[stcdb]'). |
|
|