Tool included with the reference policy that sorts filecontext files during policy build time Tool nameĬreate a policy module from a module source fileĬreate a kernel policy from a policy source file They would not be used on secure end-systems. They are required on systems that intend to build policies from source, including production systems that use tools such as audit2allow to add new policy rules at runtime. Query a policy file for various parts of the policy such as te rules, symbols, etcīuild time tools are used during building a policy from source into modules or a monolithic kernel policy. Perform a semantic difference between two policies Perform many analyses on the target policy including domain transition, information flow, standard queries, filesystem analysis and so on They are required on development systems being used to analyze a target policy, and are rarely installed on the target production systems. These tools form the basis on which we can make claims concerning the security properties of an SELinux system.
Analysis tools are primarily used to analyze the on-disk policy for certain criteria, for example information flow.
0 kommentar(er)
