From 494e988f804ea60f12dba548d07e6564ec4c389a Mon Sep 17 00:00:00 2001
From: Chris PeBenito <cpebenito@tresys.com>
Date: May 18 2005 20:59:38 +0000
Subject: fix xml



---

diff --git a/refpolicy/policy/modules/kernel/storage.if b/refpolicy/policy/modules/kernel/storage.if
index 8602a8a..cf440f1 100644
--- a/refpolicy/policy/modules/kernel/storage.if
+++ b/refpolicy/policy/modules/kernel/storage.if
@@ -1,14 +1,14 @@
 # Copyright (C) 2005 Tresys Technology, LLC
-## <interfaces module="storage">
+## <module name="storage" layer="kernel">
 ## <summary>Policy controlling access to storage devices</summary>
 
-#
+########################################
 ## <interface name="storage_get_fixed_disk_attributes">
 ##	<description>
 ##		Allow the caller to get the attributes of fixed disk
 ##		device nodes.
 ##	</description>
-##	<parameter position="1" name="domain">
+##	<parameter name="domain">
 ##		The type of the process performing this action.
 ##	</parameter>
 ##	<infoflow type="read" weight="7"/>
@@ -25,13 +25,13 @@ type fixed_disk_device_t;
 class blk_file getattr;
 ')
 
-#
+########################################
 ## <interface name="storage_ignore_get_fixed_disk_attributes">
 ##	<description>
 ##		Do not audit attempts made by the caller to get
 ##		the attributes of fixed disk device nodes.
 ##	</description>
-##	<parameter position="1" name="domain">
+##	<parameter name="domain">
 ##		The type of the process to not audit.
 ##	</parameter>
 ##	<infoflow type="none"/>
@@ -47,13 +47,13 @@ type fixed_disk_device_t;
 class blk_file getattr;
 ')
 
-#
+########################################
 ## <interface name="storage_set_fixed_disk_attributes">
 ##	<description>
 ##		Allow the caller to set the attributes of fixed disk
 ##		device nodes.
 ##	</description>
-##	<parameter position="1" name="domain">
+##	<parameter name="domain">
 ##		The type of the process performing this action.
 ##	</parameter>
 ##	<infoflow type="write" weight="7"/>
@@ -70,7 +70,7 @@ type fixed_disk_device_t;
 class blk_file setattr;
 ')
 
-#
+########################################
 ## <interface name="storage_raw_read_fixed_disk">
 ##	<description>
 ##		Allow the caller to directly read from a fixed disk.
@@ -78,7 +78,7 @@ class blk_file setattr;
 ##		SELinux protections for filesystem objects, and
 ##		should only be used by trusted domains.
 ##	</description>
-##	<parameter position="1" name="domain">
+##	<parameter name="domain">
 ##		The type of the process performing this action.
 ##	</parameter>
 ##	<infoflow type="read" weight="10"/>
@@ -97,7 +97,7 @@ attribute fixed_disk_raw_read;
 class blk_file { getattr read ioctl };
 ')
 
-#
+########################################
 ## <interface name="storage_write_read_fixed_disk">
 ##	<description>
 ##		Allow the caller to directly write to a fixed disk.
@@ -105,7 +105,7 @@ class blk_file { getattr read ioctl };
 ##		SELinux protections for filesystem objects, and
 ##		should only be used by trusted domains.
 ##	</description>
-##	<parameter position="1" name="domain">
+##	<parameter name="domain">
 ##		The type of the process performing this action.
 ##	</parameter>
 ##	<infoflow type="write" weight="10"/>
@@ -124,8 +124,7 @@ attribute fixed_disk_raw_write;
 class blk_file { getattr write ioctl };
 ')
 
-#
-##
+########################################
 ## <interface name="storage_raw_read_lvm_volume">
 ##	<description>
 ##		Allow the caller to directly read from a logical volume.
@@ -133,7 +132,7 @@ class blk_file { getattr write ioctl };
 ##		SELinux protections for filesystem objects, and
 ##		should only be used by trusted domains.
 ##	</description>
-##	<parameter position="1" name="domain">
+##	<parameter name="domain">
 ##		The type of the process performing this action.
 ##	</parameter>
 ##	<infoflow type="read" weight="10"/>
@@ -152,7 +151,7 @@ attribute fixed_disk_raw_read;
 class blk_file { getattr read ioctl };
 ')
 
-#
+########################################
 ## <interface name="storage_raw_write_lvm_volume">
 ##	<description>
 ##		Allow the caller to directly read from a logical volume.
@@ -160,7 +159,7 @@ class blk_file { getattr read ioctl };
 ##		SELinux protections for filesystem objects, and
 ##		should only be used by trusted domains.
 ##	</description>
-##	<parameter position="1" name="domain">
+##	<parameter name="domain">
 ##		The type of the process performing this action.
 ##	</parameter>
 ##	<infoflow type="write" weight="10"/>
@@ -179,7 +178,7 @@ attribute fixed_disk_raw_write;
 class blk_file { getattr write ioctl };
 ')
 
-#
+########################################
 ## <interface name="storage_read_scsi_generic">
 ##	<description>
 ##		Allow the caller to directly read, in a
@@ -188,7 +187,7 @@ class blk_file { getattr write ioctl };
 ##		SELinux protections for filesystem objects, and
 ##		should only be used by trusted domains.
 ##	</description>
-##	<parameter position="1" name="domain">
+##	<parameter name="domain">
 ##		The type of the process performing this action.
 ##	</parameter>
 ##	<infoflow type="read" weight="10"/>
@@ -207,7 +206,7 @@ attribute scsi_generic_read;
 class blk_file { getattr read ioctl };
 ')
 
-#
+########################################
 ## <interface name="storage_write_scsi_generic">
 ##	<description>
 ##		Allow the caller to directly write, in a
@@ -216,7 +215,7 @@ class blk_file { getattr read ioctl };
 ##		SELinux protections for filesystem objects, and
 ##		should only be used by trusted domains.
 ##	</description>
-##	<parameter position="1" name="domain">
+##	<parameter name="domain">
 ##		The type of the process performing this action.
 ##	</parameter>
 ##	<infoflow type="write" weight="10"/>
@@ -265,13 +264,13 @@ type scsi_generic_device_t;
 class blk_file setattr;
 ')
 
-#
+########################################
 ## <interface name="storage_get_removable_device_attributes">
 ##	<description>
 ##		Allow the caller to get the attributes of removable
 ##		devices device nodes.
 ##	</description>
-##	<parameter position="1" name="domain">
+##	<parameter name="domain">
 ##		The type of the process performing this action.
 ##	</parameter>
 ##	<infoflow type="read" weight="7"/>
@@ -288,13 +287,13 @@ type removable_device_t;
 class blk_file getattr;
 ')
 
-#
+########################################
 ## <interface name="storage_ignore_get_removable_device_attributes">
 ##	<description>
 ##		Do not audit attempts made by the caller to get
 ##		the attributes of removable devices device nodes.
 ##	</description>
-##	<parameter position="1" name="domain">
+##	<parameter name="domain">
 ##		The type of the process to not audit.
 ##	</parameter>
 ##	<infoflow type="none"/>
@@ -415,4 +414,4 @@ type tape_device_t;
 class blk_file setattr;
 ')
 
-## </interfaces>
+## </module>