From 888d9e4652391f10cb6b764a25ecef86f4ae7af2 Mon Sep 17 00:00:00 2001
From: Chris PeBenito <cpebenito@tresys.com>
Date: Mar 02 2010 16:28:44 +0000
Subject: Improve the documentation of ubac_constrained().


---

diff --git a/policy/modules/kernel/ubac.if b/policy/modules/kernel/ubac.if
index 7477750..464f759 100644
--- a/policy/modules/kernel/ubac.if
+++ b/policy/modules/kernel/ubac.if
@@ -5,13 +5,26 @@
 
 ########################################
 ## <summary>
-##	Constrain by user-based access control.
+##	Constrain by user-based access control (UBAC).
 ## </summary>
+## <desc>
+##	<p>
+##	Constrain the specified type by user-based
+##	access control (UBAC).  Typically, these are
+##	user processes or user files that need to be
+##	differentiated by SELinux user.  Normally this
+##	does not include administrative or privileged
+##	programs. For the UBAC rules to be enforced,
+##	both the subject (source) type and the object
+##	(target) types must be UBAC constrained.
+##	</p>
+## </desc>
 ## <param name="type">
 ##	<summary>
 ##	Type to be constrained by UBAC.
 ##	</summary>
 ## </param>
+## <infoflow type="none"/>
 #
 interface(`ubac_constrained',`
 	gen_require(`