Red Hat ENTERPRISE LINUX 4 - SELINUX GUIDE Manual page 99

Chapter 6. Tools for Manipulating and Analyzing SELinux
Note
There are declared types that do not have any rules written for them or file contexts set for them.
For example,
swapfile_t
menu within the Types tab. However, the file type is not assigned to any file nor are there rules about
it.
If you are wondering if a particular type is used in the policy, you can search for it under the Policy
Rules tab. If no rules are found, then it is an unused type.
Tip
One feature of the Booleans tab is that you can set Boolean values within the policy loaded into apol.
This does not affect the Boolean value on the disk or in memory. This lets you test the effect on the
policy of changing different Booleans, entirely within apol. You can then do TE rule and information
flow analysis with the new Boolean settings.
6.3.2. TE Rule Analysis
Rule analysis looks into the relationship between a pair of types, trying to find the ways they interact.
The interaction could be direct or indirect due to the use of attributes, and enabled or disabled by a
Boolean setting.
Under the Policy Rules tab are search options and regular expression fields for defining the source
and target type or attribute. The Rule Selection menu lets you choose the kind of rule, such as
, and
neverallow auditallow
since it is disabled:
is declared in
$SELINUX_SRC/types/file.te
. In Figure 6-7, the menu for Default Type is squeezed in the image
, so it appears in the Types
allow
85
,