On 11/08/2013 07:33 AM, Joshua Brindle wrote: > On Fri, Nov 8, 2013 at 12:54 AM, Jaejyn Shin <[email protected]> wrote: > >> I want to know which domain was translated from which domain. >> (domain??? -> domain_1) >> >> And also want to know that which domain can not be translated to another >> domain because that has no translation rule. >> (domain_1 call process_1. but domain_2 can not translated to >> process_1_domain because there is no explicit transition rule) >> >> Is there some tools which can analyze domain translation ? >> >> For example, like TOMOYO Linux tool: >> http://tomoyo.sourceforge.jp/1.8/media/editpolicy-httpd-profile0.png >> >> > You want apol: > > http://oss.tresys.com/projects/setools/wiki/WikiStart#apol > > domain transition under the analysis tab
Or you can just use iterative sesearch queries, e.g. sesearch -A -s domain_1 -c process -p transition <displays list of domains directly reachable from domain_t> sesearch -A -s domain_2 -c process -p transition ... transition permission for exec-based transitions. dyntransition permission for setcon-based transitions (should only be zygote and runas, plus unconfined domains). -- This message was distributed to subscribers of the seandroid-list mailing list. If you no longer wish to subscribe, send mail to [email protected] with the words "unsubscribe seandroid-list" without quotes as the message.
