pebenito
commented
8 years ago I'm having a tough time understanding how to reproduce this. If you run apol with --debug, you should get debug information when you click Apply. It should have all of the settings being used by the query, from the library's perspective; it should look similar to this:
2016-05-25 15:54:09,419|INFO|setools.terulequery|Generating TE rule results from /sys/fs/selinux/policy
2016-05-25 15:54:09,419|DEBUG|setools.terulequery|Ruletypes: {'allow', 'allowxperm'}
2016-05-25 15:54:09,419|DEBUG|setools.terulequery|Source: <Type(<qpol_policy_t id=139869474319824>,"xserver_t")>, indirect: True, regex: False
2016-05-25 15:54:09,419|DEBUG|setools.terulequery|Target: <Type(<qpol_policy_t id=139869474319824>,"iso9660_t")>, indirect: True, regex: False
2016-05-25 15:54:09,419|DEBUG|setools.terulequery|Class: {<ObjClass(<qpol_policy_t id=139869474319824>,"file")>}, regex: False
2016-05-25 15:54:09,419|DEBUG|setools.terulequery|Perms: {'read'}, regex: False, eq: False, subset: False
2016-05-25 15:54:09,419|DEBUG|setools.terulequery|Xperms: None, eq: False
2016-05-25 15:54:09,419|DEBUG|setools.terulequery|Default: None, regex: False
2016-05-25 15:54:09,420|DEBUG|setools.terulequery|Boolean: None, eq: False, regex: FalseIf you can reproduce this and identify if any of the fields in the query are not corresponding to the GUI settings, that would be a helpful starting point.
My basic search process on SETools is to have tab open for doing searches on domains of interest. I just replace the source type with whatever I'm interested in. However, it seems that the new APOL is retaining some info or not clearing it out when it does searches.
Just now I was looking for all the allow rules for a domain, we'll call it, gui_t, and I noticed it didn't have access to the CDROM files labeled iso9660_t. I thought this was odd so I opened up another TE Rule query tab and put iso9660_t as the target and lo and behold gui_t showed up. So I went back and hit the "Clear" button on object class and perm set and boolean and searched again and the same thing happened. The sorting by target makes it really easy to search so I'm 100% sure I'm not missing it. So then I open up another new TE Rule query tab, copy gui_t from the source field in the original Rule just to make sure I'm not typing it wrong and place it as the source in the new tab and a whole bunch of rules that weren't there before show up.
I've checked my rule types to make sure that they are correct, I've check the oclass, perm set, boolean to make sure that they're correct. They both return different object classes as well so that doesn't seem to be the issue.
The first search found 41 TE rules, the new tab found 175 TE rules doing the same search.