To query the components of a SELinux policy.
The combination of the seinfo and sesearch commands is very powerful. It enables one to determine the properties and characteristics of a security policy configuration.
See "man seinfo", and "man sesearch" to learn the specifics.
I use the seinfo command usually to see which types have assigned a specified type attribute, or to see which attributes a specified type has assigned, but it has all kinds of nifty functionality. You can list available security classes, type identifiers, role identifiers, identity identifiers, sensitivities, and categories and lots more.
The sesearch command lets you actually query the security policy configuration rules.
With those two tools one can basically answer almost every question with regards to the behavior of a security policy configuration, provided that you know the SELinux policy language.