Section 4.5. Exploring Object Classes with Apol

4.5. Exploring Object Classes with Apol

Apol offers a variety of features for browsing and querying object classes and permissions. Under the Policy Components tab is the Classes/Perms tab, which allows browsing and searching all object classes, common permissions, and unique permissions. Figure 4-1, shows apol with this tab displayed. On the left are all the object classes, common permissions, and permissions. On the right is an interface that enables you to search for object classes or permissions.

Figure 4-1. Apol displaying object classes, common permissions, and permissions

Double-clicking a policy component in the lists on the left displays detailed information about the component. For example, double-clicking an object class displays its access vector; double-clicking a permission displays all the object classes with which it is associated.

The search interface enables you to search for object classes or permissions using regular expressions. For example, in Figure 4-1, we performed a search for all object classes that contain "file" as part of their name. We did not set options to include the class-specific permissions or to expand common permissions in the result. As you can see in the Search Results window, apol is showing the object class file including the class-specific permissions and the expanded common permissions. This is a convenient method to obtain a full list of the permissions associated with an object class.

Most other features in apol that interact with object classes, including the rule searching and automated analyses features, which allow filtering of results based on object classes and permissions. For example, Figure 4-2 shows a search for rules referring to the object class file.

Figure 4-2. Apol displaying a search for rules with the object class file