sesearch allows the user to query a SELinux policy for type enforcement rules.

-s NAME, --source NAME

find rules with NAME type/attrib (regex) as source

-t NAME, --target NAME

find rules with NAME type/attrib (regex) as target

--role_source NAME

find rules with NAME role (regex) as source

--role_target NAME

find rules with NAME role (regex) as target

-c NAME, --class NAME

find rules with NAME as the object class

-p P1[,P2,...] --perms P1[,P2...]

find rules with the specified permissions

-b NAME, --boolean NAME

find conditional rules with NAME in the expression

--allow

search for allow rules only

--neverallow

search for neverallow rules only

--audit

search for auditallow and dontaudit rules only

--type

search for type_trans and type_change rules only

--rangetrans

search for range transition rules

--role_allow

search for role allow rules

--role_trans

search for role transition rules

-a, --all

show all rules regardless of type, class, or perms

-i, --indirect

also search for the type's attributes

-n, --noregex

do not use regular expression to match type/attributes

-l, --lineno

include line # in policy.conf for each rule. This option is ignored if using a binary policy.

-C, --show_cond

show conditional expression for conditional rules

-h, --help

display this help and exit

-v, --version

output version information and exit

The default source policy, or if that is unavailable the default binary policy, will be opened if no policy file name is provided.