Other policy analysis
Two additional tools (sediff and sepolicy) exist that provide some insight into the current SELinux policy. The next two subsections cover these in more detail.
Comparing policies with sediff
The sediff tool, part of the setools package, looks at the differences between two policy files and reports the differences to the user. It does not provide patch-like capabilities (which the regular diff does) but is powerful to find and analyze small differences.
A common use case for the sediff tool is to validate that a source-built policy file is the same as the distribution-provided binary policy file. Administrators can then be certain that the source code they used to build a policy file is the same as that used by the distribution to generate the provided policy.
Its basic usage is simply to provide the two binary files:
$ sediff distro-policy.30 selfbuilt-policy.30
Policy Properties (0 Modified)
Booleans (0 Added, 0 Removed, 1 Modified)
Modified Booleans: 1
*...
