diff --git a/Changelog b/Changelog
index 122a632..9408404 100644
--- a/Changelog
+++ b/Changelog
@@ -1,3 +1,4 @@
+- Large whitespace fix from Dominick Grift.
- Pam_mount fix for local login from Stefan Schulze Frielinghaus.
- Issuing commands to upstart is over a datagram socket, not the initctl
named pipe. Updated init_telinit() to match.
diff --git a/policy/modules/admin/acct.if b/policy/modules/admin/acct.if
index 77b6200..9409a02 100644
--- a/policy/modules/admin/acct.if
+++ b/policy/modules/admin/acct.if
@@ -16,7 +16,7 @@ interface(`acct_domtrans',`
')
corecmd_search_bin($1)
- domtrans_pattern($1,acct_exec_t,acct_t)
+ domtrans_pattern($1, acct_exec_t, acct_t)
')
########################################
@@ -35,7 +35,7 @@ interface(`acct_exec',`
')
corecmd_search_bin($1)
- can_exec($1,acct_exec_t)
+ can_exec($1, acct_exec_t)
')
########################################
@@ -56,7 +56,7 @@ interface(`acct_exec_data',`
')
files_search_var($1)
- can_exec($1,acct_data_t)
+ can_exec($1, acct_data_t)
')
########################################
@@ -75,6 +75,6 @@ interface(`acct_manage_data',`
')
files_search_var($1)
- manage_files_pattern($1,acct_data_t,acct_data_t)
- manage_lnk_files_pattern($1,acct_data_t,acct_data_t)
+ manage_files_pattern($1, acct_data_t, acct_data_t)
+ manage_lnk_files_pattern($1, acct_data_t, acct_data_t)
')
diff --git a/policy/modules/admin/acct.te b/policy/modules/admin/acct.te
index ad2c49e..6d084c9 100644
--- a/policy/modules/admin/acct.te
+++ b/policy/modules/admin/acct.te
@@ -8,7 +8,7 @@ policy_module(acct, 1.2.0)
type acct_t;
type acct_exec_t;
-init_system_domain(acct_t,acct_exec_t)
+init_system_domain(acct_t, acct_exec_t)
type acct_data_t;
logging_log_file(acct_data_t)
@@ -26,10 +26,10 @@ dontaudit acct_t self:capability { kill sys_tty_config };
allow acct_t self:fifo_file { read write getattr };
allow acct_t self:process signal_perms;
-manage_files_pattern(acct_t,acct_data_t,acct_data_t)
-manage_lnk_files_pattern(acct_t,acct_data_t,acct_data_t)
+manage_files_pattern(acct_t, acct_data_t, acct_data_t)
+manage_lnk_files_pattern(acct_t, acct_data_t, acct_data_t)
-can_exec(acct_t,acct_exec_t)
+can_exec(acct_t, acct_exec_t)
kernel_list_proc(acct_t)
kernel_read_system_state(acct_t)
@@ -77,7 +77,7 @@ optional_policy(`
auth_manage_login_records(acct_t)
')
- cron_system_entry(acct_t,acct_exec_t)
+ cron_system_entry(acct_t, acct_exec_t)
')
optional_policy(`
diff --git a/policy/modules/admin/alsa.if b/policy/modules/admin/alsa.if
index ffbe9bc..9533b67 100644
--- a/policy/modules/admin/alsa.if
+++ b/policy/modules/admin/alsa.if
@@ -12,8 +12,7 @@
#
interface(`alsa_domtrans',`
gen_require(`
- type alsa_t;
- type alsa_exec_t;
+ type alsa_t, alsa_exec_t;
')
domtrans_pattern($1, alsa_exec_t, alsa_t)
@@ -71,8 +70,8 @@ interface(`alsa_read_rw_config',`
')
allow $1 alsa_etc_rw_t:dir list_dir_perms;
- read_files_pattern($1,alsa_etc_rw_t,alsa_etc_rw_t)
- read_lnk_files_pattern($1,alsa_etc_rw_t,alsa_etc_rw_t)
+ read_files_pattern($1, alsa_etc_rw_t, alsa_etc_rw_t)
+ read_lnk_files_pattern($1, alsa_etc_rw_t, alsa_etc_rw_t)
')
########################################
diff --git a/policy/modules/admin/amanda.if b/policy/modules/admin/amanda.if
index 649099f..e877b02 100644
--- a/policy/modules/admin/amanda.if
+++ b/policy/modules/admin/amanda.if
@@ -15,7 +15,7 @@ interface(`amanda_domtrans_recover',`
type amanda_recover_t, amanda_recover_exec_t;
')
- domtrans_pattern($1,amanda_recover_exec_t,amanda_recover_t)
+ domtrans_pattern($1, amanda_recover_exec_t, amanda_recover_t)
')
########################################
diff --git a/policy/modules/admin/amanda.te b/policy/modules/admin/amanda.te
index b6c802e..fc0672b 100644
--- a/policy/modules/admin/amanda.te
+++ b/policy/modules/admin/amanda.te
@@ -8,11 +8,11 @@ policy_module(amanda, 1.9.0)
type amanda_t;
type amanda_inetd_exec_t;
-inetd_service_domain(amanda_t,amanda_inetd_exec_t)
+inetd_service_domain(amanda_t, amanda_inetd_exec_t)
role system_r types amanda_t;
type amanda_exec_t;
-domain_entry_file(amanda_t,amanda_exec_t)
+domain_entry_file(amanda_t, amanda_exec_t)
type amanda_log_t;
logging_log_file(amanda_log_t)
@@ -51,7 +51,7 @@ files_type(amanda_data_t)
# type for amrecover
type amanda_recover_t;
type amanda_recover_exec_t;
-application_domain(amanda_recover_t,amanda_recover_exec_t)
+application_domain(amanda_recover_t, amanda_recover_exec_t)
role system_r types amanda_recover_t;
# type for recover files ( restored data )
@@ -88,8 +88,8 @@ allow amanda_t amanda_data_t:file manage_file_perms;
# access to amanda_dumpdates_t
allow amanda_t amanda_dumpdates_t:file { getattr lock read write };
-can_exec(amanda_t,amanda_exec_t)
-can_exec(amanda_t,amanda_inetd_exec_t)
+can_exec(amanda_t, amanda_exec_t)
+can_exec(amanda_t, amanda_inetd_exec_t)
# access to amanda_gnutarlists_t (/var/lib/amanda/gnutar-lists)
allow amanda_t amanda_gnutarlists_t:dir rw_dir_perms;
@@ -99,12 +99,12 @@ allow amanda_t amanda_gnutarlists_t:lnk_file manage_lnk_file_perms;
manage_dirs_pattern(amanda_t,amanda_var_lib_t,amanda_var_lib_t)
manage_files_pattern(amanda_t,amanda_var_lib_t,amanda_var_lib_t)
-manage_files_pattern(amanda_t,amanda_log_t,amanda_log_t)
-manage_dirs_pattern(amanda_t,amanda_log_t,amanda_log_t)
-logging_log_filetrans(amanda_t,amanda_log_t,{ file dir })
+manage_files_pattern(amanda_t, amanda_log_t, amanda_log_t)
+manage_dirs_pattern(amanda_t, amanda_log_t, amanda_log_t)
+logging_log_filetrans(amanda_t, amanda_log_t, { file dir })
-manage_files_pattern(amanda_t,amanda_tmp_t,amanda_tmp_t)
-manage_dirs_pattern(amanda_t,amanda_tmp_t,amanda_tmp_t)
+manage_files_pattern(amanda_t, amanda_tmp_t, amanda_tmp_t)
+manage_dirs_pattern(amanda_t, amanda_tmp_t, amanda_tmp_t)
files_tmp_filetrans(amanda_t, amanda_tmp_t, { file dir })
kernel_read_system_state(amanda_t)
@@ -172,23 +172,23 @@ allow amanda_recover_t self:unix_stream_socket { connect create read write };
allow amanda_recover_t self:tcp_socket create_stream_socket_perms;
allow amanda_recover_t self:udp_socket create_socket_perms;
-manage_files_pattern(amanda_recover_t,amanda_log_t,amanda_log_t)
-manage_lnk_files_pattern(amanda_recover_t,amanda_log_t,amanda_log_t)
+manage_files_pattern(amanda_recover_t, amanda_log_t, amanda_log_t)
+manage_lnk_files_pattern(amanda_recover_t, amanda_log_t, amanda_log_t)
# access to amanda_recover_dir_t
-manage_dirs_pattern(amanda_recover_t,amanda_recover_dir_t,amanda_recover_dir_t)
-manage_files_pattern(amanda_recover_t,amanda_recover_dir_t,amanda_recover_dir_t)
-manage_lnk_files_pattern(amanda_recover_t,amanda_recover_dir_t,amanda_recover_dir_t)
-manage_fifo_files_pattern(amanda_recover_t,amanda_recover_dir_t,amanda_recover_dir_t)
-manage_sock_files_pattern(amanda_recover_t,amanda_recover_dir_t,amanda_recover_dir_t)
-sysadm_home_dir_filetrans(amanda_recover_t,amanda_recover_dir_t,{ dir file lnk_file sock_file fifo_file })
-
-manage_dirs_pattern(amanda_recover_t,amanda_tmp_t,amanda_tmp_t)
-manage_files_pattern(amanda_recover_t,amanda_tmp_t,amanda_tmp_t)
-manage_lnk_files_pattern(amanda_recover_t,amanda_tmp_t,amanda_tmp_t)
-manage_fifo_files_pattern(amanda_recover_t,amanda_tmp_t,amanda_tmp_t)
-manage_sock_files_pattern(amanda_recover_t,amanda_tmp_t,amanda_tmp_t)
-files_tmp_filetrans(amanda_recover_t,amanda_tmp_t,{ dir file lnk_file sock_file fifo_file })
+manage_dirs_pattern(amanda_recover_t, amanda_recover_dir_t, amanda_recover_dir_t)
+manage_files_pattern(amanda_recover_t, amanda_recover_dir_t, amanda_recover_dir_t)
+manage_lnk_files_pattern(amanda_recover_t, amanda_recover_dir_t, amanda_recover_dir_t)
+manage_fifo_files_pattern(amanda_recover_t, amanda_recover_dir_t, amanda_recover_dir_t)
+manage_sock_files_pattern(amanda_recover_t, amanda_recover_dir_t, amanda_recover_dir_t)
+sysadm_home_dir_filetrans(amanda_recover_t, amanda_recover_dir_t, { dir file lnk_file sock_file fifo_file })
+
+manage_dirs_pattern(amanda_recover_t, amanda_tmp_t, amanda_tmp_t)
+manage_files_pattern(amanda_recover_t, amanda_tmp_t, amanda_tmp_t)
+manage_lnk_files_pattern(amanda_recover_t, amanda_tmp_t, amanda_tmp_t)
+manage_fifo_files_pattern(amanda_recover_t, amanda_tmp_t, amanda_tmp_t)
+manage_sock_files_pattern(amanda_recover_t, amanda_tmp_t, amanda_tmp_t)
+files_tmp_filetrans(amanda_recover_t, amanda_tmp_t, { dir file lnk_file sock_file fifo_file })
kernel_read_system_state(amanda_recover_t)
kernel_read_kernel_sysctls(amanda_recover_t)
diff --git a/policy/modules/admin/amtu.if b/policy/modules/admin/amtu.if
index 02559be..01432cc 100644
--- a/policy/modules/admin/amtu.if
+++ b/policy/modules/admin/amtu.if
@@ -16,7 +16,7 @@ interface(`amtu_domtrans',`
')
corecmd_search_bin($1)
- domtrans_pattern($1,amtu_exec_t,amtu_t)
+ domtrans_pattern($1, amtu_exec_t, amtu_t)
')
########################################
diff --git a/policy/modules/admin/anaconda.te b/policy/modules/admin/anaconda.te
index e707e23..626acf4 100644
--- a/policy/modules/admin/anaconda.te
+++ b/policy/modules/admin/anaconda.te
@@ -19,7 +19,7 @@ role system_r types anaconda_t;
allow anaconda_t self:process execmem;
-kernel_domtrans_to(anaconda_t,anaconda_exec_t)
+kernel_domtrans_to(anaconda_t, anaconda_exec_t)
# Run other rc scripts in the anaconda_t domain.
init_domtrans_script(anaconda_t)
@@ -34,7 +34,7 @@ seutil_domtrans_semanage(anaconda_t)
unconfined_domain(anaconda_t)
-unprivuser_home_dir_filetrans_home_content(anaconda_t,{ dir file lnk_file fifo_file sock_file })
+unprivuser_home_dir_filetrans_home_content(anaconda_t, { dir file lnk_file fifo_file sock_file })
optional_policy(`
dmesg_domtrans(anaconda_t)
diff --git a/policy/modules/admin/apt.if b/policy/modules/admin/apt.if
index 06ae950..99004b5 100644
--- a/policy/modules/admin/apt.if
+++ b/policy/modules/admin/apt.if
@@ -17,7 +17,7 @@ interface(`apt_domtrans',`
files_search_usr($1)
corecmd_search_bin($1)
- domtrans_pattern($1,apt_exec_t,apt_t)
+ domtrans_pattern($1, apt_exec_t, apt_t)
')
########################################
@@ -144,8 +144,8 @@ interface(`apt_read_db',`
files_search_var_lib($1)
allow $1 apt_var_lib_t:dir list_dir_perms;
- read_files_pattern($1,apt_var_lib_t,apt_var_lib_t)
- read_lnk_files_pattern($1,apt_var_lib_t,apt_var_lib_t)
+ read_files_pattern($1, apt_var_lib_t, apt_var_lib_t)
+ read_lnk_files_pattern($1, apt_var_lib_t, apt_var_lib_t)
')
########################################
@@ -164,10 +164,10 @@ interface(`apt_manage_db',`
')
files_search_var_lib($1)
- manage_files_pattern($1,apt_var_lib_t,apt_var_lib_t)
+ manage_files_pattern($1, apt_var_lib_t, apt_var_lib_t)
# cjp: shouldnt this be manage_lnk_files?
- rw_lnk_files_pattern($1,apt_var_lib_t,apt_var_lib_t)
- delete_lnk_files_pattern($1,apt_var_lib_t,apt_var_lib_t)
+ rw_lnk_files_pattern($1, apt_var_lib_t, apt_var_lib_t)
+ delete_lnk_files_pattern($1, apt_var_lib_t, apt_var_lib_t)
')
########################################
diff --git a/policy/modules/admin/apt.te b/policy/modules/admin/apt.te
index d57451b..09c463b 100644
--- a/policy/modules/admin/apt.te
+++ b/policy/modules/admin/apt.te
@@ -1,5 +1,5 @@
-policy_module(apt,1.4.0)
+policy_module(apt, 1.4.0)
########################################
#
@@ -8,7 +8,7 @@ policy_module(apt,1.4.0)
type apt_t;
type apt_exec_t;
-init_system_domain(apt_t,apt_exec_t)
+init_system_domain(apt_t, apt_exec_t)
domain_system_change_exemption(apt_t)
role system_r types apt_t;
@@ -54,23 +54,23 @@ allow apt_t self:msgq create_msgq_perms;
allow apt_t self:msg { send receive };
# Access /var/cache/apt files
-manage_files_pattern(apt_t,apt_var_cache_t,apt_var_cache_t)
-files_var_filetrans(apt_t,apt_var_cache_t,dir)
+manage_files_pattern(apt_t, apt_var_cache_t, apt_var_cache_t)
+files_var_filetrans(apt_t, apt_var_cache_t, dir)
-manage_dirs_pattern(apt_t,apt_tmp_t,apt_tmp_t)
-manage_files_pattern(apt_t,apt_tmp_t,apt_tmp_t)
+manage_dirs_pattern(apt_t, apt_tmp_t, apt_tmp_t)
+manage_files_pattern(apt_t, apt_tmp_t, apt_tmp_t)
files_tmp_filetrans(apt_t, apt_tmp_t, { file dir })
-manage_dirs_pattern(apt_t,apt_tmpfs_t,apt_tmpfs_t)
-manage_files_pattern(apt_t,apt_tmpfs_t,apt_tmpfs_t)
-manage_lnk_files_pattern(apt_t,apt_tmpfs_t,apt_tmpfs_t)
-manage_fifo_files_pattern(apt_t,apt_tmpfs_t,apt_tmpfs_t)
-manage_sock_files_pattern(apt_t,apt_tmpfs_t,apt_tmpfs_t)
-fs_tmpfs_filetrans(apt_t,apt_tmpfs_t,{ dir file lnk_file sock_file fifo_file })
+manage_dirs_pattern(apt_t, apt_tmpfs_t, apt_tmpfs_t)
+manage_files_pattern(apt_t, apt_tmpfs_t, apt_tmpfs_t)
+manage_lnk_files_pattern(apt_t, apt_tmpfs_t, apt_tmpfs_t)
+manage_fifo_files_pattern(apt_t, apt_tmpfs_t, apt_tmpfs_t)
+manage_sock_files_pattern(apt_t, apt_tmpfs_t, apt_tmpfs_t)
+fs_tmpfs_filetrans(apt_t, apt_tmpfs_t, { dir file lnk_file sock_file fifo_file })
# Access /var/lib/apt files
-manage_files_pattern(apt_t,apt_var_lib_t,apt_var_lib_t)
-files_var_lib_filetrans(apt_t,apt_var_lib_t,dir)
+manage_files_pattern(apt_t, apt_var_lib_t, apt_var_lib_t)
+files_var_lib_filetrans(apt_t, apt_var_lib_t, dir)
kernel_read_system_state(apt_t)
kernel_read_kernel_sysctls(apt_t)
diff --git a/policy/modules/admin/backup.if b/policy/modules/admin/backup.if
index 87d1349..8720ae7 100644
--- a/policy/modules/admin/backup.if
+++ b/policy/modules/admin/backup.if
@@ -15,7 +15,7 @@ interface(`backup_domtrans',`
type backup_t, backup_exec_t;
')
- domtrans_pattern($1,backup_exec_t,backup_t)
+ domtrans_pattern($1, backup_exec_t, backup_t)
')
########################################
diff --git a/policy/modules/admin/backup.te b/policy/modules/admin/backup.te
index a67d03e..73abd58 100644
--- a/policy/modules/admin/backup.te
+++ b/policy/modules/admin/backup.te
@@ -1,5 +1,5 @@
-policy_module(backup,1.3.0)
+policy_module(backup, 1.3.0)
########################################
#
@@ -9,7 +9,7 @@ policy_module(backup,1.3.0)
type backup_t;
type backup_exec_t;
domain_type(backup_t)
-domain_entry_file(backup_t,backup_exec_t)
+domain_entry_file(backup_t, backup_exec_t)
role system_r types backup_t;
type backup_store_t;
@@ -27,9 +27,9 @@ allow backup_t self:tcp_socket create_socket_perms;
allow backup_t self:udp_socket create_socket_perms;
allow backup_t backup_store_t:file setattr;
-manage_files_pattern(backup_t,backup_store_t,backup_store_t)
-rw_files_pattern(backup_t,backup_store_t,backup_store_t)
-read_lnk_files_pattern(backup_t,backup_store_t,backup_store_t)
+manage_files_pattern(backup_t, backup_store_t, backup_store_t)
+rw_files_pattern(backup_t, backup_store_t, backup_store_t)
+read_lnk_files_pattern(backup_t, backup_store_t, backup_store_t)
kernel_read_system_state(backup_t)
kernel_read_kernel_sysctls(backup_t)
@@ -75,7 +75,7 @@ logging_send_syslog_msg(backup_t)
sysnet_read_config(backup_t)
optional_policy(`
- cron_system_entry(backup_t,backup_exec_t)
+ cron_system_entry(backup_t, backup_exec_t)
')
optional_policy(`
diff --git a/policy/modules/admin/bootloader.if b/policy/modules/admin/bootloader.if
index 57800cc..1b14ab6 100644
--- a/policy/modules/admin/bootloader.if
+++ b/policy/modules/admin/bootloader.if
@@ -126,5 +126,5 @@ interface(`bootloader_create_runtime_file',`
')
allow $1 boot_runtime_t:file { create_file_perms rw_file_perms };
- files_boot_filetrans($1,boot_runtime_t,file)
+ files_boot_filetrans($1, boot_runtime_t, file)
')
diff --git a/policy/modules/admin/bootloader.te b/policy/modules/admin/bootloader.te
index 63dd1ed..27b1658 100644
--- a/policy/modules/admin/bootloader.te
+++ b/policy/modules/admin/bootloader.te
@@ -16,7 +16,7 @@ files_type(boot_runtime_t)
type bootloader_t;
type bootloader_exec_t;
-application_domain(bootloader_t,bootloader_exec_t)
+application_domain(bootloader_t, bootloader_exec_t)
role system_r types bootloader_t;
#
@@ -55,14 +55,14 @@ allow bootloader_t bootloader_etc_t:file read_file_perms;
#allow bootloader_t bootloader_etc_t:file manage_file_perms;
#files_etc_filetrans(bootloader_t,bootloader_etc_t,file)
-manage_dirs_pattern(bootloader_t,bootloader_tmp_t,bootloader_tmp_t)
-manage_files_pattern(bootloader_t,bootloader_tmp_t,bootloader_tmp_t)
-manage_lnk_files_pattern(bootloader_t,bootloader_tmp_t,bootloader_tmp_t)
-manage_blk_files_pattern(bootloader_t,bootloader_tmp_t,bootloader_tmp_t)
-manage_chr_files_pattern(bootloader_t,bootloader_tmp_t,bootloader_tmp_t)
-files_tmp_filetrans(bootloader_t,bootloader_tmp_t,{ dir file lnk_file chr_file blk_file })
+manage_dirs_pattern(bootloader_t, bootloader_tmp_t, bootloader_tmp_t)
+manage_files_pattern(bootloader_t, bootloader_tmp_t, bootloader_tmp_t)
+manage_lnk_files_pattern(bootloader_t, bootloader_tmp_t, bootloader_tmp_t)
+manage_blk_files_pattern(bootloader_t, bootloader_tmp_t, bootloader_tmp_t)
+manage_chr_files_pattern(bootloader_t, bootloader_tmp_t, bootloader_tmp_t)
+files_tmp_filetrans(bootloader_t, bootloader_tmp_t, { dir file lnk_file chr_file blk_file })
# for tune2fs (cjp: ?)
-files_root_filetrans(bootloader_t,bootloader_tmp_t,file)
+files_root_filetrans(bootloader_t, bootloader_tmp_t, file)
kernel_getattr_core_if(bootloader_t)
kernel_read_network_state(bootloader_t)
@@ -114,7 +114,7 @@ files_read_kernel_modules(bootloader_t)
files_dontaudit_search_pids(bootloader_t)
# for blkid.tab
files_manage_etc_runtime_files(bootloader_t)
-files_etc_filetrans_etc_runtime(bootloader_t,file)
+files_etc_filetrans_etc_runtime(bootloader_t, file)
files_dontaudit_search_home(bootloader_t)
init_getattr_initctl(bootloader_t)
diff --git a/policy/modules/admin/brctl.if b/policy/modules/admin/brctl.if
index 71b431d..5b43db5 100644
--- a/policy/modules/admin/brctl.if
+++ b/policy/modules/admin/brctl.if
@@ -15,5 +15,5 @@ interface(`brctl_domtrans',`
type brctl_t, brctl_exec_t;
')
- domtrans_pattern($1,brctl_exec_t,brctl_t)
+ domtrans_pattern($1, brctl_exec_t, brctl_t)
')
diff --git a/policy/modules/admin/brctl.te b/policy/modules/admin/brctl.te
index 222eebb..fe785f0 100644
--- a/policy/modules/admin/brctl.te
+++ b/policy/modules/admin/brctl.te
@@ -1,4 +1,4 @@
-policy_module(brctl,1.2.0)
+policy_module(brctl, 1.2.0)
########################################
#
diff --git a/policy/modules/admin/certwatch.if b/policy/modules/admin/certwatch.if
index f303bba..6dc459a 100644
--- a/policy/modules/admin/certwatch.if
+++ b/policy/modules/admin/certwatch.if
@@ -17,7 +17,7 @@ interface(`certwatch_domtrans',`
files_search_usr($1)
corecmd_search_bin($1)
- domtrans_pattern($1,certwatch_exec_t,certwatch_t)
+ domtrans_pattern($1, certwatch_exec_t, certwatch_t)
')
########################################
diff --git a/policy/modules/admin/certwatch.te b/policy/modules/admin/certwatch.te
index 24ffe6c..0becba1 100644
--- a/policy/modules/admin/certwatch.te
+++ b/policy/modules/admin/certwatch.te
@@ -1,5 +1,5 @@
-policy_module(certwatch,1.0)
+policy_module(certwatch, 1.0)
########################################
#
@@ -8,7 +8,7 @@ policy_module(certwatch,1.0)
type certwatch_t;
type certwatch_exec_t;
-application_domain(certwatch_t,certwatch_exec_t)
+application_domain(certwatch_t, certwatch_exec_t)
role system_r types certwatch_t;
########################################
@@ -29,5 +29,5 @@ miscfiles_read_localization(certwatch_t)
apache_exec_modules(certwatch_t)
optional_policy(`
- cron_system_entry(certwatch_t,certwatch_exec_t)
+ cron_system_entry(certwatch_t, certwatch_exec_t)
')
diff --git a/policy/modules/admin/consoletype.if b/policy/modules/admin/consoletype.if
index 8a71957..bb06d8c 100644
--- a/policy/modules/admin/consoletype.if
+++ b/policy/modules/admin/consoletype.if
@@ -18,7 +18,7 @@ interface(`consoletype_domtrans',`
')
corecmd_search_bin($1)
- domtrans_pattern($1,consoletype_exec_t,consoletype_t)
+ domtrans_pattern($1, consoletype_exec_t, consoletype_t)
')
########################################
@@ -69,5 +69,5 @@ interface(`consoletype_exec',`
')
corecmd_search_bin($1)
- can_exec($1,consoletype_exec_t)
+ can_exec($1, consoletype_exec_t)
')
diff --git a/policy/modules/admin/consoletype.te b/policy/modules/admin/consoletype.te
index acbff48..0a77e45 100644
--- a/policy/modules/admin/consoletype.te
+++ b/policy/modules/admin/consoletype.te
@@ -1,5 +1,5 @@
-policy_module(consoletype,1.6.0)
+policy_module(consoletype, 1.6.0)
########################################
#
@@ -9,8 +9,8 @@ policy_module(consoletype,1.6.0)
type consoletype_t;
type consoletype_exec_t;
application_executable_file(consoletype_exec_t)
-init_domain(consoletype_t,consoletype_exec_t)
-init_system_domain(consoletype_t,consoletype_exec_t)
+init_domain(consoletype_t, consoletype_exec_t)
+init_system_domain(consoletype_t, consoletype_exec_t)
role system_r types consoletype_t;
########################################
diff --git a/policy/modules/admin/ddcprobe.if b/policy/modules/admin/ddcprobe.if
index e3ea6cc..e334a51 100644
--- a/policy/modules/admin/ddcprobe.if
+++ b/policy/modules/admin/ddcprobe.if
@@ -15,7 +15,7 @@ interface(`ddcprobe_domtrans',`
type ddcprobe_t, ddcprobe_exec_t;
')
- domtrans_pattern($1,ddcprobe_exec_t,ddcprobe_t)
+ domtrans_pattern($1, ddcprobe_exec_t, ddcprobe_t)
')
########################################
diff --git a/policy/modules/admin/ddcprobe.te b/policy/modules/admin/ddcprobe.te
index 0a34808..c48d8e8 100644
--- a/policy/modules/admin/ddcprobe.te
+++ b/policy/modules/admin/ddcprobe.te
@@ -1,5 +1,5 @@
-policy_module(ddcprobe,1.1.0)
+policy_module(ddcprobe, 1.1.0)
########################################
#
@@ -8,7 +8,7 @@ policy_module(ddcprobe,1.1.0)
type ddcprobe_t;
type ddcprobe_exec_t;
-application_domain(ddcprobe_t,ddcprobe_exec_t)
+application_domain(ddcprobe_t, ddcprobe_exec_t)
role system_r types ddcprobe_t;
########################################
diff --git a/policy/modules/admin/dmesg.if b/policy/modules/admin/dmesg.if
index 71081a8..ba622b6 100644
--- a/policy/modules/admin/dmesg.if
+++ b/policy/modules/admin/dmesg.if
@@ -36,5 +36,5 @@ interface(`dmesg_exec',`
')
corecmd_search_bin($1)
- can_exec($1,dmesg_exec_t)
+ can_exec($1, dmesg_exec_t)
')
diff --git a/policy/modules/admin/dmesg.te b/policy/modules/admin/dmesg.te
index bb73424..dab491d 100644
--- a/policy/modules/admin/dmesg.te
+++ b/policy/modules/admin/dmesg.te
@@ -8,7 +8,7 @@ policy_module(dmesg, 1.2.0)
type dmesg_t;
type dmesg_exec_t;
-init_system_domain(dmesg_t,dmesg_exec_t)
+init_system_domain(dmesg_t, dmesg_exec_t)
########################################
#
diff --git a/policy/modules/admin/dmidecode.if b/policy/modules/admin/dmidecode.if
index a2c318f..5a7774a 100644
--- a/policy/modules/admin/dmidecode.if
+++ b/policy/modules/admin/dmidecode.if
@@ -15,7 +15,7 @@ interface(`dmidecode_domtrans',`
type dmidecode_t, dmidecode_exec_t;
')
- domain_auto_trans($1,dmidecode_exec_t,dmidecode_t)
+ domain_auto_trans($1, dmidecode_exec_t, dmidecode_t)
allow $1 dmidecode_t:fd use;
allow dmidecode_t $1:fd use;
diff --git a/policy/modules/admin/dmidecode.te b/policy/modules/admin/dmidecode.te
index 6d1ff85..48e3b5f 100644
--- a/policy/modules/admin/dmidecode.te
+++ b/policy/modules/admin/dmidecode.te
@@ -1,5 +1,5 @@
-policy_module(dmidecode,1.3.0)
+policy_module(dmidecode, 1.3.0)
########################################
#
@@ -8,7 +8,7 @@ policy_module(dmidecode,1.3.0)
type dmidecode_t;
type dmidecode_exec_t;
-application_domain(dmidecode_t,dmidecode_exec_t)
+application_domain(dmidecode_t, dmidecode_exec_t)
role system_r types dmidecode_t;
########################################
diff --git a/policy/modules/admin/dpkg.if b/policy/modules/admin/dpkg.if
index 39b0b77..67b78aa 100644
--- a/policy/modules/admin/dpkg.if
+++ b/policy/modules/admin/dpkg.if
@@ -19,7 +19,7 @@ interface(`dpkg_domtrans',`
files_search_usr($1)
corecmd_search_bin($1)
- domtrans_pattern($1,dpkg_exec_t,dpkg_t)
+ domtrans_pattern($1, dpkg_exec_t, dpkg_t)
')
########################################
@@ -73,7 +73,7 @@ interface(`dpkg_run',`
dpkg_domtrans($1)
role $2 types dpkg_t;
role $2 types dpkg_script_t;
- seutil_run_loadpolicy(dpkg_script_t,$2,$3)
+ seutil_run_loadpolicy(dpkg_script_t, $2, $3)
allow dpkg_t $3:chr_file rw_term_perms;
')
@@ -166,8 +166,8 @@ interface(`dpkg_read_db',`
files_search_var_lib($1)
allow $1 dpkg_var_lib_t:dir list_dir_perms;
- read_files_pattern($1,dpkg_var_lib_t,dpkg_var_lib_t)
- read_lnk_files_pattern($1,dpkg_var_lib_t,dpkg_var_lib_t)
+ read_files_pattern($1, dpkg_var_lib_t, dpkg_var_lib_t)
+ read_lnk_files_pattern($1, dpkg_var_lib_t, dpkg_var_lib_t)
')
########################################
@@ -186,8 +186,8 @@ interface(`dpkg_manage_db',`
')
files_search_var_lib($1)
- manage_files_pattern($1,dpkg_var_lib_t,dpkg_var_lib_t)
- manage_lnk_files_pattern($1,dpkg_var_lib_t,dpkg_var_lib_t)
+ manage_files_pattern($1, dpkg_var_lib_t, dpkg_var_lib_t)
+ manage_lnk_files_pattern($1, dpkg_var_lib_t, dpkg_var_lib_t)
')
########################################
diff --git a/policy/modules/admin/dpkg.te b/policy/modules/admin/dpkg.te
index 4f4beb3..456fca9 100644
--- a/policy/modules/admin/dpkg.te
+++ b/policy/modules/admin/dpkg.te
@@ -1,5 +1,5 @@
-policy_module(dpkg,1.5.0)
+policy_module(dpkg, 1.5.0)
########################################
#
@@ -9,7 +9,7 @@ policy_module(dpkg,1.5.0)
type dpkg_t;
type dpkg_exec_t;
# dpkg can start/stop services
-init_system_domain(dpkg_t,dpkg_exec_t)
+init_system_domain(dpkg_t, dpkg_exec_t)
# dpkg can change file labels, roles, IO
domain_obj_id_change_exemption(dpkg_t)
domain_role_change_exemption(dpkg_t)
@@ -69,20 +69,20 @@ allow dpkg_t self:msg { send receive };
allow dpkg_t dpkg_lock_t:file manage_file_perms;
-manage_dirs_pattern(dpkg_t,dpkg_tmp_t,dpkg_tmp_t)
-manage_files_pattern(dpkg_t,dpkg_tmp_t,dpkg_tmp_t)
+manage_dirs_pattern(dpkg_t, dpkg_tmp_t, dpkg_tmp_t)
+manage_files_pattern(dpkg_t, dpkg_tmp_t, dpkg_tmp_t)
files_tmp_filetrans(dpkg_t, dpkg_tmp_t, { file dir })
-manage_dirs_pattern(dpkg_t,dpkg_tmpfs_t,dpkg_tmpfs_t)
-manage_files_pattern(dpkg_t,dpkg_tmpfs_t,dpkg_tmpfs_t)
-manage_lnk_files_pattern(dpkg_t,dpkg_tmpfs_t,dpkg_tmpfs_t)
-manage_sock_files_pattern(dpkg_t,dpkg_tmpfs_t,dpkg_tmpfs_t)
-manage_fifo_files_pattern(dpkg_t,dpkg_tmpfs_t,dpkg_tmpfs_t)
-fs_tmpfs_filetrans(dpkg_t,dpkg_tmpfs_t,{ dir file lnk_file sock_file fifo_file })
+manage_dirs_pattern(dpkg_t, dpkg_tmpfs_t, dpkg_tmpfs_t)
+manage_files_pattern(dpkg_t, dpkg_tmpfs_t, dpkg_tmpfs_t)
+manage_lnk_files_pattern(dpkg_t, dpkg_tmpfs_t, dpkg_tmpfs_t)
+manage_sock_files_pattern(dpkg_t, dpkg_tmpfs_t, dpkg_tmpfs_t)
+manage_fifo_files_pattern(dpkg_t, dpkg_tmpfs_t, dpkg_tmpfs_t)
+fs_tmpfs_filetrans(dpkg_t, dpkg_tmpfs_t, { dir file lnk_file sock_file fifo_file })
# Access /var/lib/dpkg files
-manage_files_pattern(dpkg_t,dpkg_var_lib_t,dpkg_var_lib_t)
-files_var_lib_filetrans(dpkg_t,dpkg_var_lib_t,dir)
+manage_files_pattern(dpkg_t, dpkg_var_lib_t, dpkg_var_lib_t)
+files_var_lib_filetrans(dpkg_t, dpkg_var_lib_t, dir)
kernel_read_system_state(dpkg_t)
kernel_read_kernel_sysctls(dpkg_t)
@@ -240,7 +240,7 @@ allow dpkg_script_t dpkg_script_tmpfs_t:file manage_file_perms;
allow dpkg_script_t dpkg_script_tmpfs_t:lnk_file manage_lnk_file_perms;
allow dpkg_script_t dpkg_script_tmpfs_t:sock_file manage_sock_file_perms;
allow dpkg_script_t dpkg_script_tmpfs_t:fifo_file manage_fifo_file_perms;
-fs_tmpfs_filetrans(dpkg_script_t,dpkg_script_tmpfs_t,{ dir file lnk_file sock_file fifo_file })
+fs_tmpfs_filetrans(dpkg_script_t, dpkg_script_tmpfs_t, { dir file lnk_file sock_file fifo_file })
kernel_read_kernel_sysctls(dpkg_script_t)
kernel_read_system_state(dpkg_script_t)
diff --git a/policy/modules/admin/firstboot.if b/policy/modules/admin/firstboot.if
index 5d1b2ab..6b6b9fa 100644
--- a/policy/modules/admin/firstboot.if
+++ b/policy/modules/admin/firstboot.if
@@ -18,7 +18,7 @@ interface(`firstboot_domtrans',`
type firstboot_t, firstboot_exec_t;
')
- domtrans_pattern($1,firstboot_exec_t,firstboot_t)
+ domtrans_pattern($1, firstboot_exec_t, firstboot_t)
')
########################################
diff --git a/policy/modules/admin/firstboot.te b/policy/modules/admin/firstboot.te
index a71c529..93a9c3b 100644
--- a/policy/modules/admin/firstboot.te
+++ b/policy/modules/admin/firstboot.te
@@ -12,7 +12,7 @@ gen_require(`
type firstboot_t;
type firstboot_exec_t;
-init_system_domain(firstboot_t,firstboot_exec_t)
+init_system_domain(firstboot_t, firstboot_exec_t)
domain_obj_id_change_exemption(firstboot_t)
domain_subj_id_change_exemption(firstboot_t)
role system_r types firstboot_t;
diff --git a/policy/modules/admin/kudzu.if b/policy/modules/admin/kudzu.if
index 06f4c11..6fb17f7 100644
--- a/policy/modules/admin/kudzu.if
+++ b/policy/modules/admin/kudzu.if
@@ -15,7 +15,7 @@ interface(`kudzu_domtrans',`
type kudzu_t, kudzu_exec_t;
')
- domtrans_pattern($1,kudzu_exec_t,kudzu_t)
+ domtrans_pattern($1, kudzu_exec_t, kudzu_t)
')
########################################
diff --git a/policy/modules/admin/kudzu.te b/policy/modules/admin/kudzu.te
index 76d55e9..b641523 100644
--- a/policy/modules/admin/kudzu.te
+++ b/policy/modules/admin/kudzu.te
@@ -8,7 +8,7 @@ policy_module(kudzu, 1.6.0)
type kudzu_t;
type kudzu_exec_t;
-init_system_domain(kudzu_t,kudzu_exec_t)
+init_system_domain(kudzu_t, kudzu_exec_t)
type kudzu_tmp_t;
files_tmp_file(kudzu_tmp_t)
@@ -29,14 +29,14 @@ allow kudzu_t self:unix_stream_socket { connectto create_stream_socket_perms };
allow kudzu_t self:unix_dgram_socket create_socket_perms;
allow kudzu_t self:udp_socket { create ioctl };
-manage_dirs_pattern(kudzu_t,kudzu_tmp_t,kudzu_tmp_t)
-manage_files_pattern(kudzu_t,kudzu_tmp_t,kudzu_tmp_t)
-manage_chr_files_pattern(kudzu_t,kudzu_tmp_t,kudzu_tmp_t)
+manage_dirs_pattern(kudzu_t, kudzu_tmp_t, kudzu_tmp_t)
+manage_files_pattern(kudzu_t, kudzu_tmp_t, kudzu_tmp_t)
+manage_chr_files_pattern(kudzu_t, kudzu_tmp_t, kudzu_tmp_t)
files_tmp_filetrans(kudzu_t, kudzu_tmp_t, { file dir chr_file })
-manage_dirs_pattern(kudzu_t,kudzu_var_run_t,kudzu_var_run_t)
-manage_files_pattern(kudzu_t,kudzu_var_run_t,kudzu_var_run_t)
-files_pid_filetrans(kudzu_t,kudzu_var_run_t,file)
+manage_dirs_pattern(kudzu_t, kudzu_var_run_t, kudzu_var_run_t)
+manage_files_pattern(kudzu_t, kudzu_var_run_t, kudzu_var_run_t)
+files_pid_filetrans(kudzu_t, kudzu_var_run_t, file)
kernel_change_ring_buffer_level(kudzu_t)
kernel_list_proc(kudzu_t)
diff --git a/policy/modules/admin/logrotate.if b/policy/modules/admin/logrotate.if
index f9efabd..3485d9f 100644
--- a/policy/modules/admin/logrotate.if
+++ b/policy/modules/admin/logrotate.if
@@ -15,7 +15,7 @@ interface(`logrotate_domtrans',`
type logrotate_t, logrotate_exec_t;
')
- domtrans_pattern($1,logrotate_exec_t,logrotate_t)
+ domtrans_pattern($1, logrotate_exec_t, logrotate_t)
')
########################################
@@ -65,7 +65,7 @@ interface(`logrotate_exec',`
type logrotate_exec_t;
')
- can_exec($1,logrotate_exec_t)
+ can_exec($1, logrotate_exec_t)
')
########################################
diff --git a/policy/modules/admin/logrotate.te b/policy/modules/admin/logrotate.te
index eabf875..d423e9c 100644
--- a/policy/modules/admin/logrotate.te
+++ b/policy/modules/admin/logrotate.te
@@ -13,7 +13,7 @@ domain_system_change_exemption(logrotate_t)
role system_r types logrotate_t;
type logrotate_exec_t;
-domain_entry_file(logrotate_t,logrotate_exec_t)
+domain_entry_file(logrotate_t, logrotate_exec_t)
type logrotate_lock_t;
files_lock_file(logrotate_lock_t)
@@ -51,17 +51,17 @@ allow logrotate_t self:msgq create_msgq_perms;
allow logrotate_t self:msg { send receive };
allow logrotate_t logrotate_lock_t:file manage_file_perms;
-files_lock_filetrans(logrotate_t,logrotate_lock_t,file)
+files_lock_filetrans(logrotate_t, logrotate_lock_t, file)
can_exec(logrotate_t, logrotate_tmp_t)
-manage_dirs_pattern(logrotate_t,logrotate_tmp_t,logrotate_tmp_t)
-manage_files_pattern(logrotate_t,logrotate_tmp_t,logrotate_tmp_t)
+manage_dirs_pattern(logrotate_t, logrotate_tmp_t, logrotate_tmp_t)
+manage_files_pattern(logrotate_t, logrotate_tmp_t, logrotate_tmp_t)
files_tmp_filetrans(logrotate_t, logrotate_tmp_t, { file dir })
# for /var/lib/logrotate.status and /var/lib/logcheck
-create_dirs_pattern(logrotate_t,logrotate_var_lib_t,logrotate_var_lib_t)
-manage_files_pattern(logrotate_t,logrotate_var_lib_t,logrotate_var_lib_t)
+create_dirs_pattern(logrotate_t, logrotate_var_lib_t, logrotate_var_lib_t)
+manage_files_pattern(logrotate_t, logrotate_var_lib_t, logrotate_var_lib_t)
files_var_lib_filetrans(logrotate_t, logrotate_var_lib_t, file)
kernel_read_system_state(logrotate_t)
diff --git a/policy/modules/admin/logwatch.te b/policy/modules/admin/logwatch.te
index eb64316..ef4f944 100644
--- a/policy/modules/admin/logwatch.te
+++ b/policy/modules/admin/logwatch.te
@@ -8,7 +8,7 @@ policy_module(logwatch, 1.8.0)
type logwatch_t;
type logwatch_exec_t;
-application_domain(logwatch_t,logwatch_exec_t)
+application_domain(logwatch_t, logwatch_exec_t)
role system_r types logwatch_t;
type logwatch_cache_t;
@@ -30,14 +30,14 @@ allow logwatch_t self:process signal;
allow logwatch_t self:fifo_file rw_file_perms;
allow logwatch_t self:unix_stream_socket create_stream_socket_perms;
-manage_dirs_pattern(logwatch_t,logwatch_cache_t,logwatch_cache_t)
-manage_files_pattern(logwatch_t,logwatch_cache_t,logwatch_cache_t)
+manage_dirs_pattern(logwatch_t, logwatch_cache_t, logwatch_cache_t)
+manage_files_pattern(logwatch_t, logwatch_cache_t, logwatch_cache_t)
allow logwatch_t logwatch_lock_t:file manage_file_perms;
files_lock_filetrans(logwatch_t,logwatch_lock_t,file)
-manage_dirs_pattern(logwatch_t,logwatch_tmp_t,logwatch_tmp_t)
-manage_files_pattern(logwatch_t,logwatch_tmp_t,logwatch_tmp_t)
+manage_dirs_pattern(logwatch_t, logwatch_tmp_t, logwatch_tmp_t)
+manage_files_pattern(logwatch_t, logwatch_tmp_t, logwatch_tmp_t)
files_tmp_filetrans(logwatch_t, logwatch_tmp_t, { file dir })
kernel_read_fs_sysctls(logwatch_t)
diff --git a/policy/modules/admin/mrtg.if b/policy/modules/admin/mrtg.if
index b82864f..5970b9c 100644
--- a/policy/modules/admin/mrtg.if
+++ b/policy/modules/admin/mrtg.if
@@ -15,6 +15,6 @@ interface(`mrtg_append_create_logs',`
type mrtg_log_t;
')
- append_files_pattern($1,mrtg_log_t,mrtg_log_t)
- create_files_pattern($1,mrtg_log_t,mrtg_log_t)
+ append_files_pattern($1, mrtg_log_t, mrtg_log_t)
+ create_files_pattern($1, mrtg_log_t, mrtg_log_t)
')
diff --git a/policy/modules/admin/mrtg.te b/policy/modules/admin/mrtg.te
index 01427ce..df797ad 100644
--- a/policy/modules/admin/mrtg.te
+++ b/policy/modules/admin/mrtg.te
@@ -8,7 +8,7 @@ policy_module(mrtg, 1.4.0)
type mrtg_t;
type mrtg_exec_t;
-init_system_domain(mrtg_t,mrtg_exec_t)
+init_system_domain(mrtg_t, mrtg_exec_t)
type mrtg_etc_t;
files_config_file(mrtg_etc_t)
@@ -39,19 +39,19 @@ allow mrtg_t self:tcp_socket create_socket_perms;
allow mrtg_t self:udp_socket create_socket_perms;
allow mrtg_t mrtg_etc_t:dir list_dir_perms;
-read_files_pattern(mrtg_t,mrtg_etc_t,mrtg_etc_t)
-read_lnk_files_pattern(mrtg_t,mrtg_etc_t,mrtg_etc_t)
+read_files_pattern(mrtg_t, mrtg_etc_t, mrtg_etc_t)
+read_lnk_files_pattern(mrtg_t, mrtg_etc_t, mrtg_etc_t)
dontaudit mrtg_t mrtg_etc_t:dir write;
dontaudit mrtg_t mrtg_etc_t:file { write ioctl };
-manage_files_pattern(mrtg_t,mrtg_lock_t,mrtg_lock_t)
-manage_lnk_files_pattern(mrtg_t,mrtg_lock_t,mrtg_lock_t)
+manage_files_pattern(mrtg_t, mrtg_lock_t, mrtg_lock_t)
+manage_lnk_files_pattern(mrtg_t, mrtg_lock_t, mrtg_lock_t)
-manage_files_pattern(mrtg_t,mrtg_log_t,mrtg_log_t)
-logging_log_filetrans(mrtg_t,mrtg_log_t,{ file dir })
+manage_files_pattern(mrtg_t, mrtg_log_t, mrtg_log_t)
+logging_log_filetrans(mrtg_t, mrtg_log_t, { file dir })
-manage_files_pattern(mrtg_t,mrtg_var_lib_t,mrtg_var_lib_t)
-manage_lnk_files_pattern(mrtg_t,mrtg_var_lib_t,mrtg_var_lib_t)
+manage_files_pattern(mrtg_t, mrtg_var_lib_t, mrtg_var_lib_t)
+manage_lnk_files_pattern(mrtg_t, mrtg_var_lib_t, mrtg_var_lib_t)
allow mrtg_t mrtg_var_run_t:file manage_file_perms;
files_pid_filetrans(mrtg_t,mrtg_var_run_t,file)
@@ -124,7 +124,7 @@ ifdef(`enable_mls',`
ifdef(`distro_redhat',`
allow mrtg_t mrtg_lock_t:file manage_file_perms;
- filetrans_pattern(mrtg_t,mrtg_etc_t,mrtg_lock_t,file)
+ filetrans_pattern(mrtg_t, mrtg_etc_t, mrtg_lock_t, file)
')
optional_policy(`
@@ -132,7 +132,7 @@ optional_policy(`
')
optional_policy(`
- cron_system_entry(mrtg_t,mrtg_exec_t)
+ cron_system_entry(mrtg_t, mrtg_exec_t)
')
optional_policy(`
diff --git a/policy/modules/admin/netutils.if b/policy/modules/admin/netutils.if
index 3025d02..0f65859 100644
--- a/policy/modules/admin/netutils.if
+++ b/policy/modules/admin/netutils.if
@@ -15,7 +15,7 @@ interface(`netutils_domtrans',`
type netutils_t, netutils_exec_t;
')
- domtrans_pattern($1,netutils_exec_t,netutils_t)
+ domtrans_pattern($1, netutils_exec_t, netutils_t)
')
########################################
@@ -65,7 +65,7 @@ interface(`netutils_exec',`
type netutils_exec_t;
')
- can_exec($1,netutils_exec_t)
+ can_exec($1, netutils_exec_t)
')
########################################
@@ -83,7 +83,7 @@ interface(`netutils_domtrans_ping',`
type ping_t, ping_exec_t;
')
- domtrans_pattern($1,ping_exec_t,ping_t)
+ domtrans_pattern($1, ping_exec_t, ping_t)
')
########################################
@@ -205,7 +205,7 @@ interface(`netutils_exec_ping',`
type ping_exec_t;
')
- can_exec($1,ping_exec_t)
+ can_exec($1, ping_exec_t)
')
########################################
@@ -223,7 +223,7 @@ interface(`netutils_domtrans_traceroute',`
type traceroute_t, traceroute_exec_t;
')
- domtrans_pattern($1,traceroute_exec_t,traceroute_t)
+ domtrans_pattern($1, traceroute_exec_t, traceroute_t)
')
########################################
@@ -309,5 +309,5 @@ interface(`netutils_exec_traceroute',`
type traceroute_exec_t;
')
- can_exec($1,traceroute_exec_t)
+ can_exec($1, traceroute_exec_t)
')
diff --git a/policy/modules/admin/netutils.te b/policy/modules/admin/netutils.te
index 741e799..d61c1e0 100644
--- a/policy/modules/admin/netutils.te
+++ b/policy/modules/admin/netutils.te
@@ -1,5 +1,5 @@
-policy_module(netutils,1.6.0)
+policy_module(netutils, 1.6.0)
########################################
#
@@ -11,11 +11,11 @@ policy_module(netutils,1.6.0)
## Control users use of ping and traceroute
##
##
-gen_tunable(user_ping,false)
+gen_tunable(user_ping, false)
type netutils_t;
type netutils_exec_t;
-init_system_domain(netutils_t,netutils_exec_t)
+init_system_domain(netutils_t, netutils_exec_t)
role system_r types netutils_t;
type netutils_tmp_t;
@@ -23,12 +23,12 @@ files_tmp_file(netutils_tmp_t)
type ping_t;
type ping_exec_t;
-init_system_domain(ping_t,ping_exec_t)
+init_system_domain(ping_t, ping_exec_t)
role system_r types ping_t;
type traceroute_t;
type traceroute_exec_t;
-init_system_domain(traceroute_t,traceroute_exec_t)
+init_system_domain(traceroute_t, traceroute_exec_t)
role system_r types traceroute_t;
########################################
@@ -45,8 +45,8 @@ allow netutils_t self:packet_socket create_socket_perms;
allow netutils_t self:udp_socket create_socket_perms;
allow netutils_t self:tcp_socket create_stream_socket_perms;
-manage_dirs_pattern(netutils_t,netutils_tmp_t,netutils_tmp_t)
-manage_files_pattern(netutils_t,netutils_tmp_t,netutils_tmp_t)
+manage_dirs_pattern(netutils_t, netutils_tmp_t, netutils_tmp_t)
+manage_files_pattern(netutils_t, netutils_tmp_t, netutils_tmp_t)
files_tmp_filetrans(netutils_t, netutils_tmp_t, { file dir })
kernel_search_proc(netutils_t)
diff --git a/policy/modules/admin/portage.if b/policy/modules/admin/portage.if
index ffa8e29..1818e03 100644
--- a/policy/modules/admin/portage.if
+++ b/policy/modules/admin/portage.if
@@ -28,7 +28,7 @@ interface(`portage_domtrans',`
allow portage_t $1:process sigchld;
# transition to portage
- domtrans_pattern($1,portage_exec_t,portage_t.merge)
+ domtrans_pattern($1, portage_exec_t, portage_t.merge)
')
########################################
@@ -127,20 +127,20 @@ interface(`portage_compile_domain',`
allow $1 portage_log_t:file { append write setattr };
# run scripts out of the build directory
- can_exec(portage_sandbox_t,portage_tmp_t)
+ can_exec(portage_sandbox_t, portage_tmp_t)
- manage_dirs_pattern($1,portage_tmp_t,portage_tmp_t)
- manage_files_pattern($1,portage_tmp_t,portage_tmp_t)
- manage_lnk_files_pattern($1,portage_tmp_t,portage_tmp_t)
- manage_fifo_files_pattern($1,portage_tmp_t,portage_tmp_t)
- manage_sock_files_pattern($1,portage_tmp_t,portage_tmp_t)
- files_tmp_filetrans($1,portage_tmp_t,{ dir file lnk_file sock_file fifo_file })
+ manage_dirs_pattern($1, portage_tmp_t, portage_tmp_t)
+ manage_files_pattern($1, portage_tmp_t, portage_tmp_t)
+ manage_lnk_files_pattern($1, portage_tmp_t, portage_tmp_t)
+ manage_fifo_files_pattern($1, portage_tmp_t, portage_tmp_t)
+ manage_sock_files_pattern($1, portage_tmp_t, portage_tmp_t)
+ files_tmp_filetrans($1, portage_tmp_t, { dir file lnk_file sock_file fifo_file })
- manage_files_pattern($1,portage_tmpfs_t,portage_tmpfs_t)
- manage_lnk_files_pattern($1,portage_tmpfs_t,portage_tmpfs_t)
- manage_fifo_files_pattern($1,portage_tmpfs_t,portage_tmpfs_t)
- manage_sock_files_pattern($1,portage_tmpfs_t,portage_tmpfs_t)
- fs_tmpfs_filetrans($1,portage_tmpfs_t,{ dir file lnk_file sock_file fifo_file })
+ manage_files_pattern($1, portage_tmpfs_t, portage_tmpfs_t)
+ manage_lnk_files_pattern($1, portage_tmpfs_t, portage_tmpfs_t)
+ manage_fifo_files_pattern($1, portage_tmpfs_t, portage_tmpfs_t)
+ manage_sock_files_pattern($1, portage_tmpfs_t, portage_tmpfs_t)
+ fs_tmpfs_filetrans($1, portage_tmpfs_t, { dir file lnk_file sock_file fifo_file })
kernel_read_system_state($1)
kernel_read_network_state($1)
@@ -232,13 +232,13 @@ interface(`portage_fetch_domain',`
allow $1 self:tcp_socket create_stream_socket_perms;
allow $1 portage_conf_t:dir list_dir_perms;
- read_files_pattern($1,portage_conf_t,portage_conf_t)
+ read_files_pattern($1, portage_conf_t, portage_conf_t)
- manage_dirs_pattern($1,portage_ebuild_t,portage_ebuild_t)
- manage_files_pattern($1,portage_ebuild_t,portage_ebuild_t)
+ manage_dirs_pattern($1, portage_ebuild_t, portage_ebuild_t)
+ manage_files_pattern($1, portage_ebuild_t, portage_ebuild_t)
- manage_dirs_pattern($1,portage_fetch_tmp_t,portage_fetch_tmp_t)
- manage_files_pattern($1,portage_fetch_tmp_t,portage_fetch_tmp_t)
+ manage_dirs_pattern($1, portage_fetch_tmp_t, portage_fetch_tmp_t)
+ manage_files_pattern($1, portage_fetch_tmp_t, portage_fetch_tmp_t)
# portage makes home dir the portage tmp dir, so
# wget looks for .wgetrc there
@@ -309,10 +309,10 @@ interface(`portage_main_domain',`
portage_compile_domain($1)
allow $1 portage_log_t:file manage_file_perms;
- logging_log_filetrans($1,portage_log_t,file)
+ logging_log_filetrans($1, portage_log_t, file)
# run scripts out of the build directory
- can_exec($1,portage_tmp_t)
+ can_exec($1, portage_tmp_t)
# merging baselayout will need this:
kernel_write_proc_files($1)
@@ -378,7 +378,7 @@ interface(`portage_domtrans_gcc_config',`
files_search_usr($1)
corecmd_search_bin($1)
- domtrans_pattern($1,gcc_config_exec_t,gcc_config_t)
+ domtrans_pattern($1, gcc_config_exec_t, gcc_config_t)
')
########################################
diff --git a/policy/modules/admin/portage.te b/policy/modules/admin/portage.te
index 17b152d..d6e817a 100644
--- a/policy/modules/admin/portage.te
+++ b/policy/modules/admin/portage.te
@@ -8,18 +8,18 @@ policy_module(portage, 1.6.0)
type gcc_config_t;
type gcc_config_exec_t;
-application_domain(gcc_config_t,gcc_config_exec_t)
+application_domain(gcc_config_t, gcc_config_exec_t)
# constraining type
type portage_t;
type portage_exec_t;
-application_domain(portage_t,portage_exec_t)
+application_domain(portage_t, portage_exec_t)
rsync_entry_type(portage_t)
corecmd_shell_entry_type(portage_t)
# portage domain for merging packages to the live fs
type portage_t.merge;
-application_domain(portage_t.merge,portage_exec_t)
+application_domain(portage_t.merge, portage_exec_t)
domain_obj_id_change_exemption(portage_t.merge)
# portage compile sandbox domain
@@ -70,12 +70,12 @@ files_tmpfs_file(portage_tmpfs_t)
allow gcc_config_t self:capability { chown fsetid };
allow gcc_config_t self:fifo_file rw_file_perms;
-manage_files_pattern(gcc_config_t,portage_cache_t,portage_cache_t)
+manage_files_pattern(gcc_config_t, portage_cache_t, portage_cache_t)
-read_files_pattern(gcc_config_t,portage_conf_t,portage_conf_t)
+read_files_pattern(gcc_config_t, portage_conf_t, portage_conf_t)
allow gcc_config_t portage_ebuild_t:dir list_dir_perms;
-read_files_pattern(gcc_config_t,portage_ebuild_t,portage_ebuild_t)
+read_files_pattern(gcc_config_t, portage_ebuild_t, portage_ebuild_t)
allow gcc_config_t portage_exec_t:file { execute getattr };
@@ -127,8 +127,8 @@ portage_compile_domain(portage_t)
portage_fetch_domain(portage_t)
# transition between child domains on shells and rsync
-corecmd_shell_spec_domtrans(portage_t,portage_t)
-rsync_entry_spec_domtrans(portage_t,portage_t)
+corecmd_shell_spec_domtrans(portage_t, portage_t)
+rsync_entry_spec_domtrans(portage_t, portage_t)
########################################
#
@@ -144,14 +144,14 @@ allow portage_t.merge { portage_t.fetch portage_t.sandbox }:process signal;
# transition for rsync and wget
corecmd_shell_spec_domtrans(portage_t.merge,portage_t.fetch)
-rsync_entry_domtrans(portage_t.merge,portage_t.fetch)
+rsync_entry_domtrans(portage_t.merge, portage_t.fetch)
allow portage_t.fetch portage_t.merge:fd use;
allow portage_t.fetch portage_t.merge:fifo_file rw_file_perms;
allow portage_t.fetch portage_t.merge:process sigchld;
# transition to sandbox for compiling
-domain_trans(portage_t.merge,portage_exec_t,portage_t.sandbox)
-corecmd_shell_spec_domtrans(portage_t.merge,portage_t.sandbox)
+domain_trans(portage_t.merge, portage_exec_t, portage_t.sandbox)
+corecmd_shell_spec_domtrans(portage_t.merge, portage_t.sandbox)
allow portage_t.sandbox portage_t.merge:fd use;
allow portage_t.sandbox portage_t.merge:fifo_file rw_file_perms;
allow portage_t.sandbox portage_t.merge:process sigchld;
diff --git a/policy/modules/admin/prelink.if b/policy/modules/admin/prelink.if
index cd667b6..94bd0f3 100644
--- a/policy/modules/admin/prelink.if
+++ b/policy/modules/admin/prelink.if
@@ -124,5 +124,5 @@ interface(`prelink_manage_log',`
')
logging_search_logs($1)
- manage_files_pattern($1,prelink_log_t,prelink_log_t)
+ manage_files_pattern($1, prelink_log_t, prelink_log_t)
')
diff --git a/policy/modules/admin/prelink.te b/policy/modules/admin/prelink.te
index cf60153..73b6233 100644
--- a/policy/modules/admin/prelink.te
+++ b/policy/modules/admin/prelink.te
@@ -1,5 +1,5 @@
-policy_module(prelink,1.5.0)
+policy_module(prelink, 1.5.0)
########################################
#
@@ -9,7 +9,7 @@ attribute prelink_object;
type prelink_t;
type prelink_exec_t;
-init_system_domain(prelink_t,prelink_exec_t)
+init_system_domain(prelink_t, prelink_exec_t)
domain_obj_id_change_exemption(prelink_t)
type prelink_cache_t;
@@ -35,9 +35,9 @@ files_etc_filetrans(prelink_t, prelink_cache_t, file)
files_var_lib_filetrans(prelink_t, prelink_cache_t, file)
allow prelink_t prelink_log_t:dir setattr;
-create_files_pattern(prelink_t,prelink_log_t,prelink_log_t)
-append_files_pattern(prelink_t,prelink_log_t,prelink_log_t)
-read_lnk_files_pattern(prelink_t,prelink_log_t,prelink_log_t)
+create_files_pattern(prelink_t, prelink_log_t, prelink_log_t)
+append_files_pattern(prelink_t, prelink_log_t, prelink_log_t)
+read_lnk_files_pattern(prelink_t, prelink_log_t, prelink_log_t)
logging_log_filetrans(prelink_t, prelink_log_t, file)
allow prelink_t prelink_tmp_t:file { manage_file_perms execute relabelfrom };
diff --git a/policy/modules/admin/quota.if b/policy/modules/admin/quota.if
index 9f4618e..8eae304 100644
--- a/policy/modules/admin/quota.if
+++ b/policy/modules/admin/quota.if
@@ -15,7 +15,7 @@ interface(`quota_domtrans',`
type quota_t, quota_exec_t;
')
- domtrans_pattern($1,quota_exec_t,quota_t)
+ domtrans_pattern($1, quota_exec_t, quota_t)
')
########################################
@@ -86,5 +86,5 @@ interface(`quota_manage_flags',`
')
files_search_var_lib($1)
- manage_files_pattern($1,quota_flag_t,quota_flag_t)
+ manage_files_pattern($1, quota_flag_t, quota_flag_t)
')
diff --git a/policy/modules/admin/quota.te b/policy/modules/admin/quota.te
index 1c4b1fe..39d2336 100644
--- a/policy/modules/admin/quota.te
+++ b/policy/modules/admin/quota.te
@@ -1,5 +1,5 @@
-policy_module(quota,1.3.0)
+policy_module(quota, 1.3.0)
########################################
#
@@ -8,7 +8,7 @@ policy_module(quota,1.3.0)
type quota_t;
type quota_exec_t;
-init_system_domain(quota_t,quota_exec_t)
+init_system_domain(quota_t, quota_exec_t)
type quota_db_t;
files_type(quota_db_t)
diff --git a/policy/modules/admin/readahead.te b/policy/modules/admin/readahead.te
index 63e3990..bb944c4 100644
--- a/policy/modules/admin/readahead.te
+++ b/policy/modules/admin/readahead.te
@@ -8,8 +8,8 @@ policy_module(readahead, 1.6.0)
type readahead_t;
type readahead_exec_t;
-init_daemon_domain(readahead_t,readahead_exec_t)
-application_domain(readahead_t,readahead_exec_t)
+init_daemon_domain(readahead_t, readahead_exec_t)
+application_domain(readahead_t, readahead_exec_t)
type readahead_etc_rw_t;
files_pid_file(readahead_etc_rw_t)
@@ -26,10 +26,10 @@ allow readahead_t self:capability { dac_override dac_read_search };
dontaudit readahead_t self:capability sys_tty_config;
allow readahead_t self:process signal_perms;
-manage_files_pattern(readahead_t,readahead_etc_rw_t,readahead_etc_rw_t)
+manage_files_pattern(readahead_t, readahead_etc_rw_t, readahead_etc_rw_t)
-manage_files_pattern(readahead_t,readahead_var_run_t,readahead_var_run_t)
-files_pid_filetrans(readahead_t,readahead_var_run_t,file)
+manage_files_pattern(readahead_t, readahead_var_run_t, readahead_var_run_t)
+files_pid_filetrans(readahead_t, readahead_var_run_t, file)
kernel_read_kernel_sysctls(readahead_t)
kernel_read_system_state(readahead_t)
diff --git a/policy/modules/admin/rpm.if b/policy/modules/admin/rpm.if
index 08d7809..e115154 100644
--- a/policy/modules/admin/rpm.if
+++ b/policy/modules/admin/rpm.if
@@ -17,7 +17,7 @@ interface(`rpm_domtrans',`
files_search_usr($1)
corecmd_search_bin($1)
- domtrans_pattern($1,rpm_exec_t,rpm_t)
+ domtrans_pattern($1, rpm_exec_t, rpm_t)
')
########################################
@@ -71,9 +71,9 @@ interface(`rpm_run',`
rpm_domtrans($1)
role $2 types rpm_t;
role $2 types rpm_script_t;
- seutil_run_loadpolicy(rpm_script_t,$2,$3)
- seutil_run_semanage(rpm_script_t,$2,$3)
- seutil_run_setfiles(rpm_script_t,$2,$3)
+ seutil_run_loadpolicy(rpm_script_t, $2, $3)
+ seutil_run_semanage(rpm_script_t, $2, $3)
+ seutil_run_setfiles(rpm_script_t, $2, $3)
allow rpm_t $3:chr_file rw_term_perms;
')
@@ -93,7 +93,7 @@ interface(`rpm_exec',`
')
corecmd_search_bin($1)
- can_exec($1,rpm_exec_t)
+ can_exec($1, rpm_exec_t)
')
########################################
@@ -225,7 +225,7 @@ interface(`rpm_manage_script_tmp_files',`
')
files_search_tmp($1)
- manage_files_pattern($1,rpm_script_tmp_t,rpm_script_tmp_t)
+ manage_files_pattern($1, rpm_script_tmp_t, rpm_script_tmp_t)
')
########################################
@@ -245,8 +245,8 @@ interface(`rpm_read_db',`
files_search_var_lib($1)
allow $1 rpm_var_lib_t:dir list_dir_perms;
- read_files_pattern($1,rpm_var_lib_t,rpm_var_lib_t)
- read_lnk_files_pattern($1,rpm_var_lib_t,rpm_var_lib_t)
+ read_files_pattern($1, rpm_var_lib_t, rpm_var_lib_t)
+ read_lnk_files_pattern($1, rpm_var_lib_t, rpm_var_lib_t)
')
########################################
@@ -265,8 +265,8 @@ interface(`rpm_manage_db',`
')
files_search_var_lib($1)
- manage_files_pattern($1,rpm_var_lib_t,rpm_var_lib_t)
- manage_lnk_files_pattern($1,rpm_var_lib_t,rpm_var_lib_t)
+ manage_files_pattern($1, rpm_var_lib_t, rpm_var_lib_t)
+ manage_lnk_files_pattern($1, rpm_var_lib_t, rpm_var_lib_t)
')
########################################
diff --git a/policy/modules/admin/rpm.te b/policy/modules/admin/rpm.te
index 485615f..ce325ba 100644
--- a/policy/modules/admin/rpm.te
+++ b/policy/modules/admin/rpm.te
@@ -1,5 +1,5 @@
-policy_module(rpm,1.8.0)
+policy_module(rpm, 1.8.0)
########################################
#
@@ -8,7 +8,7 @@ policy_module(rpm,1.8.0)
type rpm_t;
type rpm_exec_t;
-init_system_domain(rpm_t,rpm_exec_t)
+init_system_domain(rpm_t, rpm_exec_t)
domain_obj_id_change_exemption(rpm_t)
domain_role_change_exemption(rpm_t)
domain_system_change_exemption(rpm_t)
@@ -37,7 +37,7 @@ domain_obj_id_change_exemption(rpm_script_t)
domain_system_change_exemption(rpm_script_t)
corecmd_shell_entry_type(rpm_script_t)
domain_type(rpm_script_t)
-domain_entry_file(rpm_t,rpm_script_exec_t)
+domain_entry_file(rpm_t, rpm_script_exec_t)
domain_interactive_fd(rpm_script_t)
role system_r types rpm_script_t;
@@ -72,22 +72,22 @@ allow rpm_t self:dir search;
allow rpm_t self:file rw_file_perms;;
allow rpm_t rpm_log_t:file manage_file_perms;
-logging_log_filetrans(rpm_t,rpm_log_t,file)
+logging_log_filetrans(rpm_t, rpm_log_t, file)
-manage_dirs_pattern(rpm_t,rpm_tmp_t,rpm_tmp_t)
-manage_files_pattern(rpm_t,rpm_tmp_t,rpm_tmp_t)
+manage_dirs_pattern(rpm_t, rpm_tmp_t, rpm_tmp_t)
+manage_files_pattern(rpm_t, rpm_tmp_t, rpm_tmp_t)
files_tmp_filetrans(rpm_t, rpm_tmp_t, { file dir })
-manage_dirs_pattern(rpm_t,rpm_tmpfs_t,rpm_tmpfs_t)
-manage_files_pattern(rpm_t,rpm_tmpfs_t,rpm_tmpfs_t)
-manage_lnk_files_pattern(rpm_t,rpm_tmpfs_t,rpm_tmpfs_t)
-manage_fifo_files_pattern(rpm_t,rpm_tmpfs_t,rpm_tmpfs_t)
-manage_sock_files_pattern(rpm_t,rpm_tmpfs_t,rpm_tmpfs_t)
-fs_tmpfs_filetrans(rpm_t,rpm_tmpfs_t,{ dir file lnk_file sock_file fifo_file })
+manage_dirs_pattern(rpm_t, rpm_tmpfs_t, rpm_tmpfs_t)
+manage_files_pattern(rpm_t, rpm_tmpfs_t, rpm_tmpfs_t)
+manage_lnk_files_pattern(rpm_t, rpm_tmpfs_t, rpm_tmpfs_t)
+manage_fifo_files_pattern(rpm_t, rpm_tmpfs_t, rpm_tmpfs_t)
+manage_sock_files_pattern(rpm_t, rpm_tmpfs_t, rpm_tmpfs_t)
+fs_tmpfs_filetrans(rpm_t, rpm_tmpfs_t, { dir file lnk_file sock_file fifo_file })
# Access /var/lib/rpm files
-manage_files_pattern(rpm_t,rpm_var_lib_t,rpm_var_lib_t)
-files_var_lib_filetrans(rpm_t,rpm_var_lib_t,dir)
+manage_files_pattern(rpm_t, rpm_var_lib_t, rpm_var_lib_t)
+files_var_lib_filetrans(rpm_t, rpm_var_lib_t, dir)
kernel_read_system_state(rpm_t)
kernel_read_kernel_sysctls(rpm_t)
@@ -175,7 +175,7 @@ seutil_manage_bin_policy(rpm_t)
userdom_use_unpriv_users_fds(rpm_t)
optional_policy(`
- cron_system_entry(rpm_t,rpm_exec_t)
+ cron_system_entry(rpm_t, rpm_exec_t)
')
optional_policy(`
@@ -231,16 +231,16 @@ allow rpm_script_t self:msg { send receive };
allow rpm_script_t rpm_tmp_t:file read_file_perms;
allow rpm_script_t rpm_script_tmp_t:dir mounton;
-manage_dirs_pattern(rpm_script_t,rpm_script_tmp_t,rpm_script_tmp_t)
-manage_files_pattern(rpm_script_t,rpm_script_tmp_t,rpm_script_tmp_t)
+manage_dirs_pattern(rpm_script_t, rpm_script_tmp_t, rpm_script_tmp_t)
+manage_files_pattern(rpm_script_t, rpm_script_tmp_t, rpm_script_tmp_t)
files_tmp_filetrans(rpm_script_t, rpm_script_tmp_t, { file dir })
-manage_dirs_pattern(rpm_script_t,rpm_script_tmpfs_t,rpm_script_tmpfs_t)
-manage_files_pattern(rpm_script_t,rpm_script_tmpfs_t,rpm_script_tmpfs_t)
-manage_lnk_files_pattern(rpm_script_t,rpm_script_tmpfs_t,rpm_script_tmpfs_t)
-manage_fifo_files_pattern(rpm_script_t,rpm_script_tmpfs_t,rpm_script_tmpfs_t)
-manage_sock_files_pattern(rpm_script_t,rpm_script_tmpfs_t,rpm_script_tmpfs_t)
-fs_tmpfs_filetrans(rpm_script_t,rpm_script_tmpfs_t,{ dir file lnk_file sock_file fifo_file })
+manage_dirs_pattern(rpm_script_t, rpm_script_tmpfs_t, rpm_script_tmpfs_t)
+manage_files_pattern(rpm_script_t, rpm_script_tmpfs_t, rpm_script_tmpfs_t)
+manage_lnk_files_pattern(rpm_script_t, rpm_script_tmpfs_t, rpm_script_tmpfs_t)
+manage_fifo_files_pattern(rpm_script_t, rpm_script_tmpfs_t, rpm_script_tmpfs_t)
+manage_sock_files_pattern(rpm_script_t, rpm_script_tmpfs_t, rpm_script_tmpfs_t)
+fs_tmpfs_filetrans(rpm_script_t, rpm_script_tmpfs_t, { dir file lnk_file sock_file fifo_file })
kernel_read_kernel_sysctls(rpm_script_t)
kernel_read_system_state(rpm_script_t)
diff --git a/policy/modules/admin/su.if b/policy/modules/admin/su.if
index 28c5785..d8c2029 100644
--- a/policy/modules/admin/su.if
+++ b/policy/modules/admin/su.if
@@ -34,7 +34,7 @@ template(`su_restricted_domain_template', `
')
type $1_su_t;
- domain_entry_file($1_su_t,su_exec_t)
+ domain_entry_file($1_su_t, su_exec_t)
domain_type($1_su_t)
domain_interactive_fd($1_su_t)
role $3 types $1_su_t;
@@ -185,7 +185,7 @@ template(`su_per_role_template',`
domtrans_pattern($2, su_exec_t, $1_su_t)
# By default, revert to the calling domain when a shell is executed.
- corecmd_shell_domtrans($1_su_t,$2)
+ corecmd_shell_domtrans($1_su_t, $2)
allow $2 $1_su_t:fd use;
allow $2 $1_su_t:fifo_file rw_file_perms;
allow $2 $1_su_t:process sigchld;
@@ -203,7 +203,7 @@ template(`su_per_role_template',`
# needed for pam_rootok
selinux_compute_access_vector($1_su_t)
- auth_domtrans_user_chk_passwd($1,$1_su_t)
+ auth_domtrans_user_chk_passwd($1, $1_su_t)
auth_dontaudit_read_shadow($1_su_t)
auth_use_nsswitch($1_su_t)
auth_rw_faillog($1_su_t)
@@ -230,8 +230,8 @@ template(`su_per_role_template',`
miscfiles_read_localization($1_su_t)
- userdom_use_user_terminals($1,$1_su_t)
- userdom_search_user_home_dirs($1,$1_su_t)
+ userdom_use_user_terminals($1, $1_su_t)
+ userdom_search_user_home_dirs($1, $1_su_t)
ifdef(`distro_rhel4',`
domain_role_change_exemption($1_su_t)
@@ -319,5 +319,5 @@ interface(`su_exec',`
type su_exec_t;
')
- can_exec($1,su_exec_t)
+ can_exec($1, su_exec_t)
')
diff --git a/policy/modules/admin/su.te b/policy/modules/admin/su.te
index 3ca97aa..696a768 100644
--- a/policy/modules/admin/su.te
+++ b/policy/modules/admin/su.te
@@ -1,5 +1,5 @@
-policy_module(su,1.8.0)
+policy_module(su, 1.8.0)
########################################
#
diff --git a/policy/modules/admin/sudo.if b/policy/modules/admin/sudo.if
index edf08ed..3a73b84 100644
--- a/policy/modules/admin/sudo.if
+++ b/policy/modules/admin/sudo.if
@@ -45,7 +45,7 @@ template(`sudo_per_role_template',`
#
type $1_sudo_t;
- application_domain($1_sudo_t,sudo_exec_t)
+ application_domain($1_sudo_t, sudo_exec_t)
domain_interactive_fd($1_sudo_t)
role $3 types $1_sudo_t;
@@ -74,7 +74,7 @@ template(`sudo_per_role_template',`
domtrans_pattern($2, sudo_exec_t, $1_sudo_t)
# By default, revert to the calling domain when a shell is executed.
- corecmd_shell_domtrans($1_sudo_t,$2)
+ corecmd_shell_domtrans($1_sudo_t, $2)
allow $2 $1_sudo_t:fd use;
allow $2 $1_sudo_t:fifo_file rw_file_perms;
allow $2 $1_sudo_t:process sigchld;
@@ -116,11 +116,11 @@ template(`sudo_per_role_template',`
miscfiles_read_localization($1_sudo_t)
- userdom_manage_user_home_content_files($1,$1_sudo_t)
- userdom_manage_user_home_content_symlinks($1,$1_sudo_t)
- userdom_manage_user_tmp_files($1,$1_sudo_t)
- userdom_manage_user_tmp_symlinks($1,$1_sudo_t)
- userdom_use_user_terminals($1,$1_sudo_t)
+ userdom_manage_user_home_content_files($1, $1_sudo_t)
+ userdom_manage_user_home_content_symlinks($1, $1_sudo_t)
+ userdom_manage_user_tmp_files($1, $1_sudo_t)
+ userdom_manage_user_tmp_symlinks($1, $1_sudo_t)
+ userdom_use_user_terminals($1, $1_sudo_t)
userdom_use_unpriv_users_fds($1_sudo_t)
# for some PAM modules and for cwd
userdom_dontaudit_search_all_users_home_content($1_sudo_t)
diff --git a/policy/modules/admin/sudo.te b/policy/modules/admin/sudo.te
index d806074..6af4f6d 100644
--- a/policy/modules/admin/sudo.te
+++ b/policy/modules/admin/sudo.te
@@ -1,5 +1,5 @@
-policy_module(sudo,1.3.0)
+policy_module(sudo, 1.3.0)
########################################
#
diff --git a/policy/modules/admin/sxid.te b/policy/modules/admin/sxid.te
index 465e3b2..406f0f5 100644
--- a/policy/modules/admin/sxid.te
+++ b/policy/modules/admin/sxid.te
@@ -1,5 +1,5 @@
-policy_module(sxid,1.4.0)
+policy_module(sxid, 1.4.0)
########################################
#
@@ -8,7 +8,7 @@ policy_module(sxid,1.4.0)
type sxid_t;
type sxid_exec_t;
-application_domain(sxid_t,sxid_exec_t)
+application_domain(sxid_t, sxid_exec_t)
type sxid_log_t;
logging_log_file(sxid_log_t)
@@ -31,8 +31,8 @@ allow sxid_t self:udp_socket create_socket_perms;
allow sxid_t sxid_log_t:file manage_file_perms;
logging_log_filetrans(sxid_t,sxid_log_t,file)
-manage_dirs_pattern(sxid_t,sxid_tmp_t,sxid_tmp_t)
-manage_files_pattern(sxid_t,sxid_tmp_t,sxid_tmp_t)
+manage_dirs_pattern(sxid_t, sxid_tmp_t, sxid_tmp_t)
+manage_files_pattern(sxid_t, sxid_tmp_t, sxid_tmp_t)
files_tmp_filetrans(sxid_t, sxid_tmp_t, { file dir })
kernel_read_system_state(sxid_t)
@@ -86,7 +86,7 @@ sysnet_read_config(sxid_t)
userdom_dontaudit_use_unpriv_user_fds(sxid_t)
-cron_system_entry(sxid_t,sxid_exec_t)
+cron_system_entry(sxid_t, sxid_exec_t)
optional_policy(`
mta_send_mail(sxid_t)
diff --git a/policy/modules/admin/tmpreaper.if b/policy/modules/admin/tmpreaper.if
index 1fc0d7a..cf65849 100644
--- a/policy/modules/admin/tmpreaper.if
+++ b/policy/modules/admin/tmpreaper.if
@@ -17,5 +17,5 @@ interface(`tmpreaper_exec',`
files_search_usr($1)
corecmd_search_bin($1)
- can_exec($1,tmpreaper_exec_t)
+ can_exec($1, tmpreaper_exec_t)
')
diff --git a/policy/modules/admin/tmpreaper.te b/policy/modules/admin/tmpreaper.te
index eabe894..f128926 100644
--- a/policy/modules/admin/tmpreaper.te
+++ b/policy/modules/admin/tmpreaper.te
@@ -1,5 +1,5 @@
-policy_module(tmpreaper,1.3.0)
+policy_module(tmpreaper, 1.3.0)
########################################
#
@@ -8,7 +8,7 @@ policy_module(tmpreaper,1.3.0)
type tmpreaper_t;
type tmpreaper_exec_t;
-application_domain(tmpreaper_t,tmpreaper_exec_t)
+application_domain(tmpreaper_t, tmpreaper_exec_t)
role system_r types tmpreaper_t;
########################################
@@ -40,7 +40,7 @@ logging_send_syslog_msg(tmpreaper_t)
miscfiles_read_localization(tmpreaper_t)
miscfiles_delete_man_pages(tmpreaper_t)
-cron_system_entry(tmpreaper_t,tmpreaper_exec_t)
+cron_system_entry(tmpreaper_t, tmpreaper_exec_t)
optional_policy(`
lpd_manage_spool(tmpreaper_t)
diff --git a/policy/modules/admin/tripwire.if b/policy/modules/admin/tripwire.if
index 2f2daf8..2bbae12 100644
--- a/policy/modules/admin/tripwire.if
+++ b/policy/modules/admin/tripwire.if
@@ -28,7 +28,7 @@ interface(`tripwire_domtrans_tripwire',`
type tripwire_t, tripwire_exec_t;
')
- domtrans_pattern($1,tripwire_exec_t,tripwire_t)
+ domtrans_pattern($1, tripwire_exec_t, tripwire_t)
')
########################################
@@ -78,7 +78,7 @@ interface(`tripwire_domtrans_twadmin',`
type twadmin_t, twadmin_exec_t;
')
- domtrans_pattern($1,twadmin_exec_t,twadmin_t)
+ domtrans_pattern($1, twadmin_exec_t, twadmin_t)
')
########################################
@@ -128,7 +128,7 @@ interface(`tripwire_domtrans_twprint',`
type twprint_t, twprint_exec_t;
')
- domtrans_pattern($1,twprint_exec_t,twprint_t)
+ domtrans_pattern($1, twprint_exec_t, twprint_t)
')
########################################
@@ -178,7 +178,7 @@ interface(`tripwire_domtrans_siggen',`
type siggen_t, siggen_exec_t;
')
- domtrans_pattern($1,siggen_exec_t,siggen_t)
+ domtrans_pattern($1, siggen_exec_t, siggen_t)
')
########################################
diff --git a/policy/modules/admin/tripwire.te b/policy/modules/admin/tripwire.te
index 4ede89c..0ed471d 100644
--- a/policy/modules/admin/tripwire.te
+++ b/policy/modules/admin/tripwire.te
@@ -1,5 +1,5 @@
-policy_module(tripwire,1.1.0)
+policy_module(tripwire, 1.1.0)
########################################
#
@@ -8,11 +8,11 @@ policy_module(tripwire,1.1.0)
type siggen_t;
type siggen_exec_t;
-application_domain(siggen_t,siggen_exec_t)
+application_domain(siggen_t, siggen_exec_t)
type tripwire_t;
type tripwire_exec_t;
-application_domain(tripwire_t,tripwire_exec_t)
+application_domain(tripwire_t, tripwire_exec_t)
role system_r types tripwire_t;
type tripwire_etc_t;
@@ -29,11 +29,11 @@ files_type(tripwire_var_lib_t)
type twadmin_t;
type twadmin_exec_t;
-application_domain(twadmin_t,twadmin_exec_t)
+application_domain(twadmin_t, twadmin_exec_t)
type twprint_t;
type twprint_exec_t;
-application_domain(twprint_t,twprint_exec_t)
+application_domain(twprint_t, twprint_exec_t)
########################################
#
@@ -43,24 +43,24 @@ application_domain(twprint_t,twprint_exec_t)
allow tripwire_t self:capability { setgid setuid dac_override };
allow tripwire_t tripwire_etc_t:dir list_dir_perms;
-read_files_pattern(tripwire_t,tripwire_etc_t,tripwire_etc_t)
-read_lnk_files_pattern(tripwire_t,tripwire_etc_t,tripwire_etc_t)
+read_files_pattern(tripwire_t, tripwire_etc_t, tripwire_etc_t)
+read_lnk_files_pattern(tripwire_t, tripwire_etc_t, tripwire_etc_t)
files_search_etc(tripwire_t)
# Tripwire report files
-manage_dirs_pattern(tripwire_t,tripwire_report_t,tripwire_report_t)
-manage_files_pattern(tripwire_t,tripwire_report_t,tripwire_report_t)
-manage_lnk_files_pattern(tripwire_t,tripwire_report_t,tripwire_report_t)
+manage_dirs_pattern(tripwire_t, tripwire_report_t, tripwire_report_t)
+manage_files_pattern(tripwire_t, tripwire_report_t, tripwire_report_t)
+manage_lnk_files_pattern(tripwire_t, tripwire_report_t, tripwire_report_t)
-manage_dirs_pattern(tripwire_t,tripwire_tmp_t,tripwire_tmp_t)
-manage_files_pattern(tripwire_t,tripwire_tmp_t,tripwire_tmp_t)
-manage_lnk_files_pattern(tripwire_t,tripwire_tmp_t,tripwire_tmp_t)
-manage_fifo_files_pattern(tripwire_t,tripwire_tmp_t,tripwire_tmp_t)
-manage_sock_files_pattern(tripwire_t,tripwire_tmp_t,tripwire_tmp_t)
-files_tmp_filetrans(tripwire_t,tripwire_tmp_t,{ dir file lnk_file sock_file fifo_file })
+manage_dirs_pattern(tripwire_t, tripwire_tmp_t, tripwire_tmp_t)
+manage_files_pattern(tripwire_t, tripwire_tmp_t, tripwire_tmp_t)
+manage_lnk_files_pattern(tripwire_t, tripwire_tmp_t, tripwire_tmp_t)
+manage_fifo_files_pattern(tripwire_t, tripwire_tmp_t, tripwire_tmp_t)
+manage_sock_files_pattern(tripwire_t, tripwire_tmp_t, tripwire_tmp_t)
+files_tmp_filetrans(tripwire_t, tripwire_tmp_t,{ dir file lnk_file sock_file fifo_file })
-manage_files_pattern(tripwire_t,tripwire_var_lib_t,tripwire_var_lib_t)
-files_var_lib_filetrans(tripwire_t,tripwire_var_lib_t,file)
+manage_files_pattern(tripwire_t, tripwire_var_lib_t, tripwire_var_lib_t)
+files_var_lib_filetrans(tripwire_t, tripwire_var_lib_t, file)
kernel_read_system_state(tripwire_t)
kernel_read_network_state(tripwire_t)
@@ -85,7 +85,7 @@ libs_use_shared_libs(tripwire_t)
logging_send_syslog_msg(tripwire_t)
optional_policy(`
- cron_system_entry(tripwire_t,tripwire_exec_t)
+ cron_system_entry(tripwire_t, tripwire_exec_t)
')
########################################
@@ -93,9 +93,9 @@ optional_policy(`
# Twadmin local policy
#
-manage_dirs_pattern(twadmin_t,tripwire_etc_t,tripwire_etc_t)
-manage_files_pattern(twadmin_t,tripwire_etc_t,tripwire_etc_t)
-manage_lnk_files_pattern(twadmin_t,tripwire_etc_t,tripwire_etc_t)
+manage_dirs_pattern(twadmin_t, tripwire_etc_t, tripwire_etc_t)
+manage_files_pattern(twadmin_t, tripwire_etc_t, tripwire_etc_t)
+manage_lnk_files_pattern(twadmin_t, tripwire_etc_t, tripwire_etc_t)
domain_use_interactive_fds(twadmin_t)
@@ -112,16 +112,16 @@ miscfiles_read_localization(twadmin_t)
#
allow twprint_t tripwire_etc_t:dir list_dir_perms;
-read_files_pattern(twprint_t,tripwire_etc_t,tripwire_etc_t)
-read_lnk_files_pattern(twprint_t,tripwire_etc_t,tripwire_etc_t)
+read_files_pattern(twprint_t, tripwire_etc_t, tripwire_etc_t)
+read_lnk_files_pattern(twprint_t, tripwire_etc_t, tripwire_etc_t)
allow twprint_t tripwire_report_t:dir list_dir_perms;
-read_files_pattern(twprint_t,tripwire_report_t,tripwire_report_t)
-read_lnk_files_pattern(twprint_t,tripwire_report_t,tripwire_report_t)
+read_files_pattern(twprint_t, tripwire_report_t, tripwire_report_t)
+read_lnk_files_pattern(twprint_t, tripwire_report_t, tripwire_report_t)
allow twprint_t tripwire_var_lib_t:dir list_dir_perms;
-read_files_pattern(twprint_t,tripwire_var_lib_t,tripwire_var_lib_t)
-read_lnk_files_pattern(twprint_t,tripwire_var_lib_t,tripwire_var_lib_t)
+read_files_pattern(twprint_t, tripwire_var_lib_t, tripwire_var_lib_t)
+read_lnk_files_pattern(twprint_t, tripwire_var_lib_t, tripwire_var_lib_t)
files_search_var_lib(twprint_t)
domain_use_interactive_fds(twprint_t)
diff --git a/policy/modules/admin/tzdata.if b/policy/modules/admin/tzdata.if
index 747bf4a..f6e3b89 100644
--- a/policy/modules/admin/tzdata.if
+++ b/policy/modules/admin/tzdata.if
@@ -15,7 +15,7 @@ interface(`tzdata_domtrans',`
type tzdata_t, tzdata_exec_t;
')
- domtrans_pattern($1,tzdata_exec_t,tzdata_t)
+ domtrans_pattern($1, tzdata_exec_t, tzdata_t)
')
########################################
diff --git a/policy/modules/admin/tzdata.te b/policy/modules/admin/tzdata.te
index f6996d5..6f19990 100644
--- a/policy/modules/admin/tzdata.te
+++ b/policy/modules/admin/tzdata.te
@@ -1,5 +1,5 @@
-policy_module(tzdata,1.2.0)
+policy_module(tzdata, 1.2.0)
########################################
#
diff --git a/policy/modules/admin/updfstab.if b/policy/modules/admin/updfstab.if
index d96bd07..d98bb72 100644
--- a/policy/modules/admin/updfstab.if
+++ b/policy/modules/admin/updfstab.if
@@ -17,5 +17,5 @@ interface(`updfstab_domtrans',`
files_search_usr($1)
corecmd_search_bin($1)
- domtrans_pattern($1,updfstab_exec_t,updfstab_t)
+ domtrans_pattern($1, updfstab_exec_t, updfstab_t)
')
diff --git a/policy/modules/admin/updfstab.te b/policy/modules/admin/updfstab.te
index e576a53..ccb521f 100644
--- a/policy/modules/admin/updfstab.te
+++ b/policy/modules/admin/updfstab.te
@@ -1,5 +1,5 @@
-policy_module(updfstab,1.4.0)
+policy_module(updfstab, 1.4.0)
########################################
#
@@ -8,7 +8,7 @@ policy_module(updfstab,1.4.0)
type updfstab_t;
type updfstab_exec_t;
-init_system_domain(updfstab_t,updfstab_exec_t)
+init_system_domain(updfstab_t, updfstab_exec_t)
########################################
#
@@ -89,7 +89,7 @@ optional_policy(`
optional_policy(`
init_dbus_chat_script(updfstab_t)
- dbus_system_bus_client_template(updfstab,updfstab_t)
+ dbus_system_bus_client_template(updfstab, updfstab_t)
')
optional_policy(`
diff --git a/policy/modules/admin/usbmodules.te b/policy/modules/admin/usbmodules.te
index 4c7bb32..0886322 100644
--- a/policy/modules/admin/usbmodules.te
+++ b/policy/modules/admin/usbmodules.te
@@ -1,5 +1,5 @@
-policy_module(usbmodules,1.1.0)
+policy_module(usbmodules, 1.1.0)
########################################
#
@@ -8,7 +8,7 @@ policy_module(usbmodules,1.1.0)
type usbmodules_t;
type usbmodules_exec_t;
-init_system_domain(usbmodules_t,usbmodules_exec_t)
+init_system_domain(usbmodules_t, usbmodules_exec_t)
role system_r types usbmodules_t;
########################################
diff --git a/policy/modules/admin/usermanage.if b/policy/modules/admin/usermanage.if
index 8b18379..900d377 100644
--- a/policy/modules/admin/usermanage.if
+++ b/policy/modules/admin/usermanage.if
@@ -17,7 +17,7 @@ interface(`usermanage_domtrans_chfn',`
files_search_usr($1)
corecmd_search_bin($1)
- domtrans_pattern($1,chfn_exec_t,chfn_t)
+ domtrans_pattern($1, chfn_exec_t, chfn_t)
')
########################################
@@ -68,7 +68,7 @@ interface(`usermanage_domtrans_groupadd',`
files_search_usr($1)
corecmd_search_bin($1)
- domtrans_pattern($1,groupadd_exec_t,groupadd_t)
+ domtrans_pattern($1, groupadd_exec_t, groupadd_t)
')
########################################
@@ -124,7 +124,7 @@ interface(`usermanage_domtrans_passwd',`
files_search_usr($1)
corecmd_search_bin($1)
- domtrans_pattern($1,passwd_exec_t,passwd_t)
+ domtrans_pattern($1, passwd_exec_t, passwd_t)
')
########################################
@@ -176,7 +176,7 @@ interface(`usermanage_domtrans_admin_passwd',`
files_search_usr($1)
corecmd_search_bin($1)
- domtrans_pattern($1,admin_passwd_exec_t,sysadm_passwd_t)
+ domtrans_pattern($1, admin_passwd_exec_t, sysadm_passwd_t)
')
########################################
@@ -251,7 +251,7 @@ interface(`usermanage_domtrans_useradd',`
files_search_usr($1)
corecmd_search_bin($1)
- domtrans_pattern($1,useradd_exec_t,useradd_t)
+ domtrans_pattern($1, useradd_exec_t, useradd_t)
')
########################################
@@ -305,5 +305,5 @@ interface(`usermanage_read_crack_db',`
type crack_db_t;
')
- read_files_pattern($1,crack_db_t,crack_db_t)
+ read_files_pattern($1, crack_db_t, crack_db_t)
')
diff --git a/policy/modules/admin/usermanage.te b/policy/modules/admin/usermanage.te
index 0fe4678..9f6e3bc 100644
--- a/policy/modules/admin/usermanage.te
+++ b/policy/modules/admin/usermanage.te
@@ -12,12 +12,12 @@ files_type(admin_passwd_exec_t)
type chfn_t;
type chfn_exec_t;
domain_obj_id_change_exemption(chfn_t)
-application_domain(chfn_t,chfn_exec_t)
+application_domain(chfn_t, chfn_exec_t)
role system_r types chfn_t;
type crack_t;
type crack_exec_t;
-application_domain(crack_t,crack_exec_t)
+application_domain(crack_t, crack_exec_t)
role system_r types crack_t;
type crack_db_t;
@@ -29,18 +29,18 @@ files_tmp_file(crack_tmp_t)
type groupadd_t;
type groupadd_exec_t;
domain_obj_id_change_exemption(groupadd_t)
-init_system_domain(groupadd_t,groupadd_exec_t)
+init_system_domain(groupadd_t, groupadd_exec_t)
role system_r types groupadd_t;
type passwd_t;
type passwd_exec_t;
domain_obj_id_change_exemption(passwd_t)
-application_domain(passwd_t,passwd_exec_t)
+application_domain(passwd_t, passwd_exec_t)
role system_r types passwd_t;
type sysadm_passwd_t;
domain_obj_id_change_exemption(sysadm_passwd_t)
-application_domain(sysadm_passwd_t,admin_passwd_exec_t)
+application_domain(sysadm_passwd_t, admin_passwd_exec_t)
role system_r types sysadm_passwd_t;
type sysadm_passwd_tmp_t;
@@ -132,12 +132,12 @@ userdom_dontaudit_search_all_users_home_content(chfn_t)
allow crack_t self:process { sigkill sigstop signull signal };
allow crack_t self:fifo_file rw_fifo_file_perms;
-manage_files_pattern(crack_t,crack_db_t,crack_db_t)
-manage_lnk_files_pattern(crack_t,crack_db_t,crack_db_t)
+manage_files_pattern(crack_t, crack_db_t, crack_db_t)
+manage_lnk_files_pattern(crack_t, crack_db_t, crack_db_t)
files_search_var(crack_t)
-manage_dirs_pattern(crack_t,crack_tmp_t,crack_tmp_t)
-manage_files_pattern(crack_t,crack_tmp_t,crack_tmp_t)
+manage_dirs_pattern(crack_t, crack_tmp_t, crack_tmp_t)
+manage_files_pattern(crack_t, crack_tmp_t, crack_tmp_t)
files_tmp_filetrans(crack_t, crack_tmp_t, { file dir })
kernel_read_system_state(crack_t)
@@ -169,7 +169,7 @@ ifdef(`distro_debian',`
')
optional_policy(`
- cron_system_entry(crack_t,crack_exec_t)
+ cron_system_entry(crack_t, crack_exec_t)
')
########################################
@@ -275,7 +275,7 @@ allow passwd_t self:msgq create_msgq_perms;
allow passwd_t self:msg { send receive };
allow passwd_t crack_db_t:dir list_dir_perms;
-read_files_pattern(passwd_t,crack_db_t,crack_db_t)
+read_files_pattern(passwd_t, crack_db_t, crack_db_t)
kernel_read_kernel_sysctls(passwd_t)
@@ -361,8 +361,8 @@ allow sysadm_passwd_t self:msgq create_msgq_perms;
allow sysadm_passwd_t self:msg { send receive };
# allow vipw to create temporary files under /var/tmp/vi.recover
-manage_dirs_pattern(sysadm_passwd_t,sysadm_passwd_tmp_t,sysadm_passwd_tmp_t)
-manage_files_pattern(sysadm_passwd_t,sysadm_passwd_tmp_t,sysadm_passwd_tmp_t)
+manage_dirs_pattern(sysadm_passwd_t, sysadm_passwd_tmp_t, sysadm_passwd_tmp_t)
+manage_files_pattern(sysadm_passwd_t, sysadm_passwd_tmp_t, sysadm_passwd_tmp_t)
files_tmp_filetrans(sysadm_passwd_t, sysadm_passwd_tmp_t, { file dir })
files_search_var(sysadm_passwd_t)
files_dontaudit_search_home(sysadm_passwd_t)
@@ -506,7 +506,7 @@ userdom_use_unpriv_users_fds(useradd_t)
userdom_manage_all_users_home_content_dirs(useradd_t)
userdom_manage_all_users_home_content_files(useradd_t)
unprivuser_home_filetrans_home_dir(useradd_t)
-unprivuser_home_dir_filetrans_home_content(useradd_t,notdevfile_class_set)
+unprivuser_home_dir_filetrans_home_content(useradd_t, notdevfile_class_set)
mta_manage_spool(useradd_t)
diff --git a/policy/modules/admin/vbetool.if b/policy/modules/admin/vbetool.if
index fa13cef..001e148 100644
--- a/policy/modules/admin/vbetool.if
+++ b/policy/modules/admin/vbetool.if
@@ -16,5 +16,5 @@ interface(`vbetool_domtrans',`
')
corecmd_search_bin($1)
- domtrans_pattern($1,vbetool_exec_t,vbetool_t)
+ domtrans_pattern($1, vbetool_exec_t, vbetool_t)
')
diff --git a/policy/modules/admin/vbetool.te b/policy/modules/admin/vbetool.te
index 7fa12e5..832bdda 100644
--- a/policy/modules/admin/vbetool.te
+++ b/policy/modules/admin/vbetool.te
@@ -1,5 +1,5 @@
-policy_module(vbetool,1.3.0)
+policy_module(vbetool, 1.3.0)
########################################
#
@@ -8,7 +8,7 @@ policy_module(vbetool,1.3.0)
type vbetool_t;
type vbetool_exec_t;
-init_system_domain(vbetool_t,vbetool_exec_t)
+init_system_domain(vbetool_t, vbetool_exec_t)
########################################
#
diff --git a/policy/modules/admin/vpn.if b/policy/modules/admin/vpn.if
index 795cbfa..afe8f9a 100644
--- a/policy/modules/admin/vpn.if
+++ b/policy/modules/admin/vpn.if
@@ -15,7 +15,7 @@ interface(`vpn_domtrans',`
type vpnc_t, vpnc_exec_t;
')
- domtrans_pattern($1, vpnc_exec_t,vpnc_t)
+ domtrans_pattern($1, vpnc_exec_t, vpnc_t)
')
########################################
diff --git a/policy/modules/admin/vpn.te b/policy/modules/admin/vpn.te
index 3053489..ae69c22 100644
--- a/policy/modules/admin/vpn.te
+++ b/policy/modules/admin/vpn.te
@@ -1,5 +1,5 @@
-policy_module(vpn,1.8.0)
+policy_module(vpn, 1.8.0)
########################################
#
diff --git a/policy/modules/apps/ada.te b/policy/modules/apps/ada.te
index 1371914..048d953 100644
--- a/policy/modules/apps/ada.te
+++ b/policy/modules/apps/ada.te
@@ -1,5 +1,5 @@
-policy_module(ada,1.2.0)
+policy_module(ada, 1.2.0)
########################################
#
@@ -8,7 +8,7 @@ policy_module(ada,1.2.0)
type ada_t;
type ada_exec_t;
-application_domain(ada_t,ada_exec_t)
+application_domain(ada_t, ada_exec_t)
role system_r types ada_t;
########################################
diff --git a/policy/modules/apps/authbind.if b/policy/modules/apps/authbind.if
index e17ee67..d1c32ae 100644
--- a/policy/modules/apps/authbind.if
+++ b/policy/modules/apps/authbind.if
@@ -15,6 +15,6 @@ interface(`authbind_domtrans',`
type authbind_t, authbind_exec_t;
')
- domtrans_pattern($1,authbind_exec_t,authbind_t)
+ domtrans_pattern($1, authbind_exec_t, authbind_t)
allow authbind_t $1:{ tcp_socket udp_socket } rw_socket_perms;
')
diff --git a/policy/modules/apps/authbind.te b/policy/modules/apps/authbind.te
index d97172c..4d91328 100644
--- a/policy/modules/apps/authbind.te
+++ b/policy/modules/apps/authbind.te
@@ -1,5 +1,5 @@
-policy_module(authbind,1.1.0)
+policy_module(authbind, 1.1.0)
########################################
#
@@ -8,7 +8,7 @@ policy_module(authbind,1.1.0)
type authbind_t;
type authbind_exec_t;
-application_domain(authbind_t,authbind_exec_t)
+application_domain(authbind_t, authbind_exec_t)
role system_r types authbind_t;
type authbind_etc_t;
@@ -22,8 +22,8 @@ files_config_file(authbind_etc_t)
allow authbind_t self:capability net_bind_service;
allow authbind_t authbind_etc_t:dir list_dir_perms;
-exec_files_pattern(authbind_t,authbind_etc_t,authbind_etc_t)
-read_lnk_files_pattern(authbind_t,authbind_etc_t,authbind_etc_t)
+exec_files_pattern(authbind_t, authbind_etc_t, authbind_etc_t)
+read_lnk_files_pattern(authbind_t, authbind_etc_t, authbind_etc_t)
files_list_etc(authbind_t)
diff --git a/policy/modules/apps/awstats.if b/policy/modules/apps/awstats.if
index 5a2b1b5..88c9090 100644
--- a/policy/modules/apps/awstats.if
+++ b/policy/modules/apps/awstats.if
@@ -33,11 +33,10 @@ interface(`awstats_rw_pipes',`
#
interface(`awstats_cgi_exec',`
gen_require(`
- type httpd_awstats_script_exec_t;
- type httpd_awstats_content_t;
+ type httpd_awstats_script_exec_t, httpd_awstats_content_t;
')
allow $1 httpd_awstats_content_t:dir search_dir_perms;
allow $1 httpd_awstats_script_exec_t:dir search_dir_perms;
- can_exec($1,httpd_awstats_script_exec_t)
+ can_exec($1, httpd_awstats_script_exec_t)
')
diff --git a/policy/modules/apps/awstats.te b/policy/modules/apps/awstats.te
index a06510f..d59f8be 100644
--- a/policy/modules/apps/awstats.te
+++ b/policy/modules/apps/awstats.te
@@ -1,5 +1,5 @@
-policy_module(awstats,1.0.0)
+policy_module(awstats, 1.0.0)
########################################
#
diff --git a/policy/modules/apps/calamaris.if b/policy/modules/apps/calamaris.if
index 767a181..df183be 100644
--- a/policy/modules/apps/calamaris.if
+++ b/policy/modules/apps/calamaris.if
@@ -16,6 +16,6 @@ interface(`calamaris_read_www_files',`
')
allow $1 calamaris_www_t:dir list_dir_perms;
- read_files_pattern($1,calamaris_www_t,calamaris_www_t)
- read_lnk_files_pattern($1,calamaris_www_t,calamaris_www_t)
+ read_files_pattern($1, calamaris_www_t, calamaris_www_t)
+ read_lnk_files_pattern($1, calamaris_www_t, calamaris_www_t)
')
diff --git a/policy/modules/apps/calamaris.te b/policy/modules/apps/calamaris.te
index b92e459..b739074 100644
--- a/policy/modules/apps/calamaris.te
+++ b/policy/modules/apps/calamaris.te
@@ -8,7 +8,7 @@ policy_module(calamaris, 1.3.0)
type calamaris_t;
type calamaris_exec_t;
-init_system_domain(calamaris_t,calamaris_exec_t)
+init_system_domain(calamaris_t, calamaris_exec_t)
type calamaris_www_t;
files_type(calamaris_www_t)
@@ -29,11 +29,11 @@ allow calamaris_t self:unix_stream_socket create_stream_socket_perms;
allow calamaris_t self:tcp_socket create_stream_socket_perms;
allow calamaris_t self:udp_socket create_socket_perms;
-manage_files_pattern(calamaris_t,calamaris_www_t,calamaris_www_t)
-manage_lnk_files_pattern(calamaris_t,calamaris_www_t,calamaris_www_t)
+manage_files_pattern(calamaris_t, calamaris_www_t, calamaris_www_t)
+manage_lnk_files_pattern(calamaris_t, calamaris_www_t, calamaris_www_t)
-manage_files_pattern(calamaris_t,calamaris_log_t,calamaris_log_t)
-logging_log_filetrans(calamaris_t,calamaris_log_t,{ file dir })
+manage_files_pattern(calamaris_t, calamaris_log_t, calamaris_log_t)
+logging_log_filetrans(calamaris_t, calamaris_log_t, { file dir })
kernel_read_all_sysctls(calamaris_t)
kernel_read_system_state(calamaris_t)
@@ -76,7 +76,7 @@ optional_policy(`
')
optional_policy(`
- cron_system_entry(calamaris_t,calamaris_exec_t)
+ cron_system_entry(calamaris_t, calamaris_exec_t)
')
optional_policy(`
diff --git a/policy/modules/apps/cdrecord.if b/policy/modules/apps/cdrecord.if
index 5d07b9e..b08ead7 100644
--- a/policy/modules/apps/cdrecord.if
+++ b/policy/modules/apps/cdrecord.if
@@ -44,7 +44,7 @@ template(`cdrecord_per_role_template', `
#
type $1_cdrecord_t;
- application_domain($1_cdrecord_t,cdrecord_exec_t)
+ application_domain($1_cdrecord_t, cdrecord_exec_t)
role $3 types $1_cdrecord_t;
########################################
@@ -64,7 +64,7 @@ template(`cdrecord_per_role_template', `
allow $2 $1_cdrecord_t:process signal;
# Transition from the user domain to the derived domain.
- domtrans_pattern($2,cdrecord_exec_t,$1_cdrecord_t)
+ domtrans_pattern($2, cdrecord_exec_t, $1_cdrecord_t)
# allow searching for cdrom-drive
dev_list_all_dev_nodes($1_cdrecord_t)
@@ -89,10 +89,10 @@ template(`cdrecord_per_role_template', `
miscfiles_read_localization($1_cdrecord_t)
# write to the user domain tty.
- userdom_use_user_terminals($1,$1_cdrecord_t)
- userdom_use_user_terminals($1,$2)
+ userdom_use_user_terminals($1, $1_cdrecord_t)
+ userdom_use_user_terminals($1, $2)
- userdom_read_user_home_content_files($1,$1_cdrecord_t)
+ userdom_read_user_home_content_files($1, $1_cdrecord_t)
# Handle nfs home dirs
tunable_policy(`cdrecord_read_content && use_nfs_home_dirs',`
@@ -122,12 +122,12 @@ template(`cdrecord_per_role_template', `
# Handle removable media, /tmp, and /home
tunable_policy(`cdrecord_read_content',`
- userdom_list_user_tmp($1,$1_cdrecord_t)
- userdom_read_user_tmp_files($1,$1_cdrecord_t)
- userdom_read_user_tmp_symlinks($1,$1_cdrecord_t)
- userdom_search_user_home_dirs($1,$1_cdrecord_t)
- userdom_read_user_home_content_files($1,$1_cdrecord_t)
- userdom_read_user_home_content_symlinks($1,$1_cdrecord_t)
+ userdom_list_user_tmp($1, $1_cdrecord_t)
+ userdom_read_user_tmp_files($1, $1_cdrecord_t)
+ userdom_read_user_tmp_symlinks($1, $1_cdrecord_t)
+ userdom_search_user_home_dirs($1, $1_cdrecord_t)
+ userdom_read_user_home_content_files($1, $1_cdrecord_t)
+ userdom_read_user_home_content_symlinks($1, $1_cdrecord_t)
ifdef(`enable_mls',`
',`
@@ -140,10 +140,10 @@ template(`cdrecord_per_role_template', `
files_dontaudit_list_home($1_cdrecord_t)
fs_dontaudit_list_removable($1_cdrecord_t)
fs_dontaudit_read_removable_files($1_cdrecord_t)
- userdom_dontaudit_list_user_tmp($1,$1_cdrecord_t)
- userdom_dontaudit_read_user_tmp_files($1,$1_cdrecord_t)
- userdom_dontaudit_list_user_home_dirs($1,$1_cdrecord_t)
- userdom_dontaudit_read_user_home_content_files($1,$1_cdrecord_t)
+ userdom_dontaudit_list_user_tmp($1, $1_cdrecord_t)
+ userdom_dontaudit_read_user_tmp_files($1, $1_cdrecord_t)
+ userdom_dontaudit_list_user_home_dirs($1, $1_cdrecord_t)
+ userdom_dontaudit_read_user_home_content_files($1, $1_cdrecord_t)
')
# Handle default_t content
@@ -160,22 +160,22 @@ template(`cdrecord_per_role_template', `
tunable_policy(`cdrecord_read_content && read_untrusted_content',`
files_list_tmp($1_cdrecord_t)
files_list_home($1_cdrecord_t)
- userdom_search_user_home_dirs($1,$1_cdrecord_t)
-
- userdom_list_user_untrusted_content($1,$1_cdrecord_t)
- userdom_read_user_untrusted_content_files($1,$1_cdrecord_t)
- userdom_read_user_untrusted_content_symlinks($1,$1_cdrecord_t)
- userdom_list_user_tmp_untrusted_content($1,$1_cdrecord_t)
- userdom_read_user_tmp_untrusted_content_files($1,$1_cdrecord_t)
- userdom_read_user_tmp_untrusted_content_symlinks($1,$1_cdrecord_t)
+ userdom_search_user_home_dirs($1, $1_cdrecord_t)
+
+ userdom_list_user_untrusted_content($1, $1_cdrecord_t)
+ userdom_read_user_untrusted_content_files($1, $1_cdrecord_t)
+ userdom_read_user_untrusted_content_symlinks($1, $1_cdrecord_t)
+ userdom_list_user_tmp_untrusted_content($1, $1_cdrecord_t)
+ userdom_read_user_tmp_untrusted_content_files($1, $1_cdrecord_t)
+ userdom_read_user_tmp_untrusted_content_symlinks($1, $1_cdrecord_t)
',`
files_dontaudit_list_tmp($1_cdrecord_t)
files_dontaudit_list_home($1_cdrecord_t)
- userdom_dontaudit_list_user_home_dirs($1,$1_cdrecord_t)
- userdom_dontaudit_list_user_untrusted_content($1,$1_cdrecord_t)
- userdom_dontaudit_read_user_untrusted_content_files($1,$1_cdrecord_t)
- userdom_dontaudit_list_user_tmp_untrusted_content($1,$1_cdrecord_t)
- userdom_dontaudit_read_user_tmp_untrusted_content_files($1,$1_cdrecord_t)
+ userdom_dontaudit_list_user_home_dirs($1, $1_cdrecord_t)
+ userdom_dontaudit_list_user_untrusted_content($1, $1_cdrecord_t)
+ userdom_dontaudit_read_user_untrusted_content_files($1, $1_cdrecord_t)
+ userdom_dontaudit_list_user_tmp_untrusted_content($1, $1_cdrecord_t)
+ userdom_dontaudit_read_user_tmp_untrusted_content_files($1, $1_cdrecord_t)
')
tunable_policy(`use_nfs_home_dirs',`
diff --git a/policy/modules/apps/cdrecord.te b/policy/modules/apps/cdrecord.te
index 2d22066..26139e6 100644
--- a/policy/modules/apps/cdrecord.te
+++ b/policy/modules/apps/cdrecord.te
@@ -1,5 +1,5 @@
-policy_module(cdrecord,1.4.0)
+policy_module(cdrecord, 1.4.0)
########################################
#
@@ -13,7 +13,7 @@ policy_module(cdrecord,1.4.0)
## and untrusted content files
##
##
-gen_tunable(cdrecord_read_content,false)
+gen_tunable(cdrecord_read_content, false)
type cdrecord_exec_t;
application_executable_file(cdrecord_exec_t)
diff --git a/policy/modules/apps/ethereal.if b/policy/modules/apps/ethereal.if
index 93092bc..d5bf424 100644
--- a/policy/modules/apps/ethereal.if
+++ b/policy/modules/apps/ethereal.if
@@ -45,12 +45,12 @@ template(`ethereal_per_role_template',`
# Type for program
type $1_ethereal_t;
- application_domain($1_ethereal_t,ethereal_exec_t)
+ application_domain($1_ethereal_t, ethereal_exec_t)
role $3 types $1_ethereal_t;
type $1_ethereal_home_t alias $1_ethereal_rw_t;
files_poly_member($1_ethereal_home_t)
- userdom_user_home_content($1,$1_ethereal_home_t)
+ userdom_user_home_content($1, $1_ethereal_home_t)
type $1_ethereal_tmp_t;
files_tmp_file($1_ethereal_tmp_t)
@@ -78,33 +78,33 @@ template(`ethereal_per_role_template',`
corecmd_search_bin($1_ethereal_t)
# /home/.ethereal
- manage_dirs_pattern($1_ethereal_t,$1_ethereal_home_t,$1_ethereal_home_t)
- manage_files_pattern($1_ethereal_t,$1_ethereal_home_t,$1_ethereal_home_t)
- manage_lnk_files_pattern($1_ethereal_t,$1_ethereal_home_t,$1_ethereal_home_t)
- userdom_user_home_dir_filetrans($1,$1_ethereal_t,$1_ethereal_home_t,dir)
+ manage_dirs_pattern($1_ethereal_t, $1_ethereal_home_t, $1_ethereal_home_t)
+ manage_files_pattern($1_ethereal_t, $1_ethereal_home_t, $1_ethereal_home_t)
+ manage_lnk_files_pattern($1_ethereal_t, $1_ethereal_home_t, $1_ethereal_home_t)
+ userdom_user_home_dir_filetrans($1, $1_ethereal_t, $1_ethereal_home_t, dir)
# Store temporary files
- manage_dirs_pattern($1_ethereal_t,$1_ethereal_tmp_t,$1_ethereal_tmp_t)
- manage_files_pattern($1_ethereal_t,$1_ethereal_tmp_t,$1_ethereal_tmp_t)
+ manage_dirs_pattern($1_ethereal_t, $1_ethereal_tmp_t, $1_ethereal_tmp_t)
+ manage_files_pattern($1_ethereal_t, $1_ethereal_tmp_t, $1_ethereal_tmp_t)
files_tmp_filetrans($1_ethereal_t, $1_ethereal_tmp_t, { dir file })
- manage_dirs_pattern($1_ethereal_t,$1_ethereal_tmpfs_t,$1_ethereal_tmpfs_t)
- manage_files_pattern($1_ethereal_t,$1_ethereal_tmpfs_t,$1_ethereal_tmpfs_t)
- manage_lnk_files_pattern($1_ethereal_t,$1_ethereal_tmpfs_t,$1_ethereal_tmpfs_t)
- manage_sock_files_pattern($1_ethereal_t,$1_ethereal_tmpfs_t,$1_ethereal_tmpfs_t)
- manage_fifo_files_pattern($1_ethereal_t,$1_ethereal_tmpfs_t,$1_ethereal_tmpfs_t)
- fs_tmpfs_filetrans($1_ethereal_t,$1_ethereal_tmpfs_t,{ dir file lnk_file sock_file fifo_file })
+ manage_dirs_pattern($1_ethereal_t, $1_ethereal_tmpfs_t, $1_ethereal_tmpfs_t)
+ manage_files_pattern($1_ethereal_t, $1_ethereal_tmpfs_t, $1_ethereal_tmpfs_t)
+ manage_lnk_files_pattern($1_ethereal_t, $1_ethereal_tmpfs_t, $1_ethereal_tmpfs_t)
+ manage_sock_files_pattern($1_ethereal_t, $1_ethereal_tmpfs_t, $1_ethereal_tmpfs_t)
+ manage_fifo_files_pattern($1_ethereal_t, $1_ethereal_tmpfs_t, $1_ethereal_tmpfs_t)
+ fs_tmpfs_filetrans($1_ethereal_t, $1_ethereal_tmpfs_t, { dir file lnk_file sock_file fifo_file })
domain_auto_trans($2, ethereal_exec_t, $1_ethereal_t)
allow $1_ethereal_t $2:fd use;
allow $1_ethereal_t $2:process sigchld;
- manage_dirs_pattern($2,$1_ethereal_home_t,$1_ethereal_home_t)
- manage_files_pattern($2,$1_ethereal_home_t,$1_ethereal_home_t)
- manage_lnk_files_pattern($2,$1_ethereal_home_t,$1_ethereal_home_t)
- relabel_dirs_pattern($2,$1_ethereal_home_t,$1_ethereal_home_t)
- relabel_files_pattern($2,$1_ethereal_home_t,$1_ethereal_home_t)
- relabel_lnk_files_pattern($2,$1_ethereal_home_t,$1_ethereal_home_t)
+ manage_dirs_pattern($2, $1_ethereal_home_t, $1_ethereal_home_t)
+ manage_files_pattern($2, $1_ethereal_home_t, $1_ethereal_home_t)
+ manage_lnk_files_pattern($2, $1_ethereal_home_t, $1_ethereal_home_t)
+ relabel_dirs_pattern($2, $1_ethereal_home_t, $1_ethereal_home_t)
+ relabel_files_pattern($2, $1_ethereal_home_t, $1_ethereal_home_t)
+ relabel_lnk_files_pattern($2, $1_ethereal_home_t, $1_ethereal_home_t)
kernel_read_kernel_sysctls($1_ethereal_t)
kernel_read_system_state($1_ethereal_t)
@@ -134,7 +134,7 @@ template(`ethereal_per_role_template',`
sysnet_read_config($1_ethereal_t)
- userdom_manage_user_home_content_files($1,$1_ethereal_t)
+ userdom_manage_user_home_content_files($1, $1_ethereal_t)
tunable_policy(`use_nfs_home_dirs',`
fs_manage_nfs_dirs($1_ethereal_t)
@@ -154,12 +154,12 @@ template(`ethereal_per_role_template',`
# Manual transition from userhelper
optional_policy(`
- userhelper_use_user_fd($1,$1_ethereal_t)
- userhelper_sigchld_user($1,$1_ethereal_t)
+ userhelper_use_user_fd($1, $1_ethereal_t)
+ userhelper_sigchld_user($1, $1_ethereal_t)
')
optional_policy(`
- xserver_user_x_domain_template($1,$1_ethereal,$1_ethereal_t,$1_ethereal_tmpfs_t)
+ xserver_user_x_domain_template($1, $1_ethereal, $1_ethereal_t, $1_ethereal_tmpfs_t)
xserver_create_xdm_tmp_sockets($1_ethereal_t)
')
@@ -205,9 +205,9 @@ template(`ethereal_admin_template',`
allow $1_ethereal_t self:unix_stream_socket create_stream_socket_perms;
allow $1_ethereal_t self:tcp_socket create_socket_perms;
- userdom_use_user_terminals($1,$1_ethereal_t)
+ userdom_use_user_terminals($1, $1_ethereal_t)
# Ethereal tries to write to user terminal
- userdom_dontaudit_use_user_terminals($1,$1_ethereal_t)
+ userdom_dontaudit_use_user_terminals($1, $1_ethereal_t)
')
########################################
@@ -240,7 +240,7 @@ template(`ethereal_domtrans_user_ethereal',`
type $1_ethereal_t, ethereal_exec_t;
')
- domtrans_pattern($2,ethereal_exec_t,$1_ethereal_t)
+ domtrans_pattern($2, ethereal_exec_t, $1_ethereal_t)
')
########################################
@@ -258,7 +258,7 @@ template(`ethereal_domtrans_tethereal',`
type tethereal_t, tethereal_exec_t;
')
- domtrans_pattern($1,tethereal_exec_t,tethereal_t)
+ domtrans_pattern($1, tethereal_exec_t, tethereal_t)
')
########################################
diff --git a/policy/modules/apps/ethereal.te b/policy/modules/apps/ethereal.te
index b892af3..9348110 100644
--- a/policy/modules/apps/ethereal.te
+++ b/policy/modules/apps/ethereal.te
@@ -1,5 +1,5 @@
-policy_module(ethereal,1.5.0)
+policy_module(ethereal, 1.5.0)
########################################
#
@@ -11,7 +11,7 @@ application_executable_file(ethereal_exec_t)
type tethereal_t;
type tethereal_exec_t;
-application_domain(tethereal_t,tethereal_exec_t)
+application_domain(tethereal_t, tethereal_exec_t)
type tethereal_tmp_t;
files_tmp_file(tethereal_tmp_t)
@@ -29,8 +29,8 @@ allow tethereal_t self:tcp_socket create_socket_perms;
allow tethereal_t self:udp_socket create_socket_perms;
# Store temporary files
-manage_dirs_pattern(tethereal_t,tethereal_tmp_t,tethereal_tmp_t)
-manage_files_pattern(tethereal_t,tethereal_tmp_t,tethereal_tmp_t)
+manage_dirs_pattern(tethereal_t, tethereal_tmp_t, tethereal_tmp_t)
+manage_files_pattern(tethereal_t, tethereal_tmp_t, tethereal_tmp_t)
files_tmp_filetrans(tethereal_t, tethereal_tmp_t, { dir file })
# /proc
diff --git a/policy/modules/apps/evolution.if b/policy/modules/apps/evolution.if
index 384734d..f790c67 100644
--- a/policy/modules/apps/evolution.if
+++ b/policy/modules/apps/evolution.if
@@ -41,7 +41,7 @@ template(`evolution_per_role_template',`
#
type $1_evolution_t;
- application_domain($1_evolution_t,evolution_exec_t)
+ application_domain($1_evolution_t, evolution_exec_t)
role $3 types $1_evolution_t;
type $1_evolution_tmpfs_t;
@@ -49,13 +49,13 @@ template(`evolution_per_role_template',`
type $1_evolution_home_t alias $1_evolution_rw_t;
files_poly_member($1_evolution_home_t)
- userdom_user_home_content($1,$1_evolution_home_t)
+ userdom_user_home_content($1, $1_evolution_home_t)
type $1_evolution_orbit_tmp_t;
files_tmp_file($1_evolution_orbit_tmp_t)
type $1_evolution_alarm_t;
- application_domain($1_evolution_alarm_t,evolution_alarm_exec_t)
+ application_domain($1_evolution_alarm_t, evolution_alarm_exec_t)
role $3 types $1_evolution_alarm_t;
type $1_evolution_alarm_tmpfs_t;
@@ -65,7 +65,7 @@ template(`evolution_per_role_template',`
files_tmp_file($1_evolution_alarm_orbit_tmp_t)
type $1_evolution_exchange_t;
- application_domain($1_evolution_exchange_t,evolution_exchange_exec_t)
+ application_domain($1_evolution_exchange_t, evolution_exchange_exec_t)
role $3 types $1_evolution_exchange_t;
type $1_evolution_exchange_tmpfs_t;
@@ -78,14 +78,14 @@ template(`evolution_per_role_template',`
files_tmp_file($1_evolution_exchange_orbit_tmp_t)
type $1_evolution_server_t;
- application_domain($1_evolution_server_t,evolution_server_exec_t)
+ application_domain($1_evolution_server_t, evolution_server_exec_t)
role $3 types $1_evolution_server_t;
type $1_evolution_server_orbit_tmp_t;
files_tmp_file($1_evolution_server_orbit_tmp_t)
type $1_evolution_webcal_t;
- application_domain($1_evolution_webcal_t,evolution_webcal_exec_t)
+ application_domain($1_evolution_webcal_t, evolution_webcal_exec_t)
role $3 types $1_evolution_webcal_t;
type $1_evolution_webcal_tmpfs_t;
@@ -111,7 +111,7 @@ template(`evolution_per_role_template',`
allow $1_evolution_t $1_evolution_alarm_t:unix_stream_socket connectto;
allow $1_evolution_t $1_evolution_alarm_orbit_tmp_t:sock_file write;
- can_exec($1_evolution_t,evolution_alarm_exec_t)
+ can_exec($1_evolution_t, evolution_alarm_exec_t)
allow $1_evolution_t $1_evolution_exchange_t:unix_stream_socket connectto;
allow $1_evolution_t $1_evolution_exchange_orbit_tmp_t:sock_file write;
@@ -122,11 +122,11 @@ template(`evolution_per_role_template',`
allow $1_evolution_t $1_evolution_orbit_tmp_t:dir manage_dir_perms;
allow $1_evolution_t $1_evolution_orbit_tmp_t:file manage_file_perms;
- files_tmp_filetrans($1_evolution_t,$1_evolution_orbit_tmp_t,{ dir file })
+ files_tmp_filetrans($1_evolution_t, $1_evolution_orbit_tmp_t, { dir file })
allow $1_evolution_server_t $1_evolution_orbit_tmp_t:dir manage_dir_perms;
allow $1_evolution_server_t $1_evolution_orbit_tmp_t:file manage_file_perms;
- files_tmp_filetrans($1_evolution_server_t,$1_evolution_orbit_tmp_t,{ dir file })
+ files_tmp_filetrans($1_evolution_server_t, $1_evolution_orbit_tmp_t, { dir file })
allow $1_evolution_t $1_evolution_server_t:dir search_dir_perms;
allow $1_evolution_t $1_evolution_server_t:file read;
@@ -134,14 +134,14 @@ template(`evolution_per_role_template',`
allow $1_evolution_t $1_evolution_server_t:unix_stream_socket connectto;
allow $1_evolution_t $1_evolution_server_orbit_tmp_t:sock_file write;
- can_exec($1_evolution_t,evolution_server_exec_t)
+ can_exec($1_evolution_t, evolution_server_exec_t)
allow $1_evolution_t $1_evolution_tmpfs_t:dir rw_dir_perms;
allow $1_evolution_t $1_evolution_tmpfs_t:file manage_file_perms;
allow $1_evolution_t $1_evolution_tmpfs_t:lnk_file manage_lnk_file_perms;
allow $1_evolution_t $1_evolution_tmpfs_t:sock_file manage_sock_file_perms;
allow $1_evolution_t $1_evolution_tmpfs_t:fifo_file manage_fifo_file_perms;
- fs_tmpfs_filetrans($1_evolution_t,$1_evolution_tmpfs_t,{ dir file lnk_file sock_file fifo_file })
+ fs_tmpfs_filetrans($1_evolution_t, $1_evolution_tmpfs_t, { dir file lnk_file sock_file fifo_file })
allow $1_evolution_t $2:dir search;
allow $1_evolution_t $2:fd use;
@@ -163,7 +163,7 @@ template(`evolution_per_role_template',`
allow $2 $1_evolution_home_t:file manage_file_perms;
allow $2 $1_evolution_home_t:lnk_file manage_lnk_file_perms;
allow $2 $1_evolution_home_t:{ dir file lnk_file } { relabelfrom relabelto };
- userdom_search_user_home_dirs($1,$1_evolution_t)
+ userdom_search_user_home_dirs($1, $1_evolution_t)
# Allow the user domain to signal/ps.
allow $2 $1_evolution_t:dir { search getattr read };
@@ -235,19 +235,19 @@ template(`evolution_per_role_template',`
udev_read_state($1_evolution_t)
- userdom_rw_user_tmp_files($1,$1_evolution_t)
- userdom_manage_user_tmp_dirs($1,$1_evolution_t)
- userdom_manage_user_tmp_sockets($1,$1_evolution_t)
- userdom_manage_user_tmp_files($1,$1_evolution_t)
+ userdom_rw_user_tmp_files($1, $1_evolution_t)
+ userdom_manage_user_tmp_dirs($1, $1_evolution_t)
+ userdom_manage_user_tmp_sockets($1, $1_evolution_t)
+ userdom_manage_user_tmp_files($1, $1_evolution_t)
userdom_use_user_terminals($1, $1_evolution_t)
# FIXME: suppress access to .local/.icons/.themes until properly implemented
# FIXME: suppress access to .gaim/blist.xml (buddy list synchronization)
# until properly implemented
- userdom_dontaudit_read_user_home_content_files($1,$1_evolution_t)
+ userdom_dontaudit_read_user_home_content_files($1, $1_evolution_t)
mta_read_config($1_evolution_t)
- xserver_user_x_domain_template($1,$1_evolution,$1_evolution_t,$1_evolution_tmpfs_t)
+ xserver_user_x_domain_template($1, $1_evolution, $1_evolution_t, $1_evolution_tmpfs_t)
xserver_read_xdm_tmp_files($1_evolution_t)
tunable_policy(`use_nfs_home_dirs',`
@@ -288,12 +288,12 @@ template(`evolution_per_role_template',`
')
tunable_policy(`mail_read_content',`
- userdom_list_user_tmp($1,$1_evolution_t)
- userdom_read_user_tmp_files($1,$1_evolution_t)
- userdom_read_user_tmp_symlinks($1,$1_evolution_t)
- userdom_search_user_home_dirs($1,$1_evolution_t)
- userdom_read_user_home_content_files($1,$1_evolution_t)
- userdom_read_user_home_content_symlinks($1,$1_evolution_t)
+ userdom_list_user_tmp($1, $1_evolution_t)
+ userdom_read_user_tmp_files($1, $1_evolution_t)
+ userdom_read_user_tmp_symlinks($1, $1_evolution_t)
+ userdom_search_user_home_dirs($1, $1_evolution_t)
+ userdom_read_user_home_content_files($1, $1_evolution_t)
+ userdom_read_user_home_content_symlinks($1, $1_evolution_t)
ifndef(`enable_mls',`
fs_search_removable($1_evolution_t)
@@ -325,20 +325,20 @@ template(`evolution_per_role_template',`
files_list_home($1_evolution_t)
userdom_search_user_home_dirs($1,$1_evolution_t)
- userdom_list_user_untrusted_content($1,$1_evolution_t)
- userdom_read_user_untrusted_content_files($1,$1_evolution_t)
- userdom_read_user_untrusted_content_symlinks($1,$1_evolution_t)
- userdom_list_user_tmp_untrusted_content($1,$1_evolution_t)
- userdom_read_user_tmp_untrusted_content_files($1,$1_evolution_t)
- userdom_read_user_tmp_untrusted_content_symlinks($1,$1_evolution_t)
+ userdom_list_user_untrusted_content($1, $1_evolution_t)
+ userdom_read_user_untrusted_content_files($1, $1_evolution_t)
+ userdom_read_user_untrusted_content_symlinks($1, $1_evolution_t)
+ userdom_list_user_tmp_untrusted_content($1, $1_evolution_t)
+ userdom_read_user_tmp_untrusted_content_files($1, $1_evolution_t)
+ userdom_read_user_tmp_untrusted_content_symlinks($1, $1_evolution_t)
',`
files_dontaudit_list_tmp($1_evolution_t)
files_dontaudit_list_home($1_evolution_t)
- userdom_dontaudit_list_user_home_dirs($1,$1_evolution_t)
- userdom_dontaudit_list_user_untrusted_content($1,$1_evolution_t)
- userdom_dontaudit_read_user_untrusted_content_files($1,$1_evolution_t)
- userdom_dontaudit_list_user_tmp_untrusted_content($1,$1_evolution_t)
- userdom_dontaudit_read_user_tmp_untrusted_content_files($1,$1_evolution_t)
+ userdom_dontaudit_list_user_home_dirs($1, $1_evolution_t)
+ userdom_dontaudit_list_user_untrusted_content($1, $1_evolution_t)
+ userdom_dontaudit_read_user_untrusted_content_files($1, $1_evolution_t)
+ userdom_dontaudit_list_user_tmp_untrusted_content($1, $1_evolution_t)
+ userdom_dontaudit_read_user_tmp_untrusted_content_files($1, $1_evolution_t)
')
tunable_policy(`write_untrusted_content && use_nfs_home_dirs',`
@@ -370,15 +370,15 @@ template(`evolution_per_role_template',`
tunable_policy(`write_untrusted_content',`
files_search_home($1_evolution_t)
- userdom_manage_user_untrusted_content_files($1,$1_evolution_t)
- userdom_user_home_dir_filetrans($1,$1_evolution_t,$1_untrusted_content_tmp_t, { file dir })
- userdom_user_home_content_filetrans($1,$1_evolution_t,$1_untrusted_content_tmp_t, { file dir })
+ userdom_manage_user_untrusted_content_files($1, $1_evolution_t)
+ userdom_user_home_dir_filetrans($1, $1_evolution_t, $1_untrusted_content_tmp_t, { file dir })
+ userdom_user_home_content_filetrans($1, $1_evolution_t, $1_untrusted_content_tmp_t, { file dir })
',`
files_dontaudit_list_home($1_evolution_t)
files_dontaudit_list_tmp($1_evolution_t)
- userdom_dontaudit_list_user_home_dirs($1,$1_evolution_t)
+ userdom_dontaudit_list_user_home_dirs($1, $1_evolution_t)
#userdom_dontaudit_manage_user_tmp($1,$1_evolution_t)
#userdom_dontaudit_manage_user_tmp_files($1,$1_evolution_t)
#userdom_dontaudit_manage_user_home_subdirs($1,$1_evolution_t)
@@ -394,8 +394,8 @@ template(`evolution_per_role_template',`
')
optional_policy(`
- dbus_system_bus_client_template($1_evolution,$1_evolution_t)
- dbus_user_bus_client_template($1,$1_evolution,$1_evolution_t)
+ dbus_system_bus_client_template($1_evolution, $1_evolution_t)
+ dbus_user_bus_client_template($1, $1_evolution, $1_evolution_t)
')
optional_policy(`
@@ -404,12 +404,12 @@ template(`evolution_per_role_template',`
# Encrypt mail
optional_policy(`
- gpg_domtrans_user_gpg($1,$1_evolution_t)
- gpg_signal_user_gpg($1,$1_evolution_t)
+ gpg_domtrans_user_gpg($1, $1_evolution_t)
+ gpg_signal_user_gpg($1, $1_evolution_t)
')
optional_policy(`
- lpd_domtrans_user_lpr($1,$1_evolution_t)
+ lpd_domtrans_user_lpr($1, $1_evolution_t)
')
optional_policy(`
@@ -429,8 +429,8 @@ template(`evolution_per_role_template',`
### Junk mail filtering (start spamd)
optional_policy(`
spamassassin_exec_spamd($1_evolution_t)
- spamassassin_domtrans_user_client($1,$1_evolution_t)
- spamassassin_domtrans_user_local_client($1,$1_evolution_t)
+ spamassassin_domtrans_user_client($1, $1_evolution_t)
+ spamassassin_domtrans_user_local_client($1, $1_evolution_t)
# Allow evolution to signal the daemon
# FIXME: Now evolution can read spamd temp files
spamassassin_read_spamd_tmp_files($1_evolution_t)
@@ -511,9 +511,9 @@ template(`evolution_per_role_template',`
# FIXME: suppress access to .local/.icons/.themes until properly implemented
# FIXME: suppress access to .gaim/blist.xml (buddy list synchronization)
# until properly implemented
- userdom_dontaudit_read_user_home_content_files($1,$1_evolution_alarm_t)
+ userdom_dontaudit_read_user_home_content_files($1, $1_evolution_alarm_t)
- xserver_user_x_domain_template($1,$1_evolution_alarm,$1_evolution_alarm_t,$1_evolution_alarm_tmpfs_t)
+ xserver_user_x_domain_template($1, $1_evolution_alarm, $1_evolution_alarm_t, $1_evolution_alarm_tmpfs_t)
# Access evolution home
tunable_policy(`use_nfs_home_dirs',`
@@ -525,7 +525,7 @@ template(`evolution_per_role_template',`
')
optional_policy(`
- dbus_user_bus_client_template($1,$1_evolution_alarm,$1_evolution_alarm_t)
+ dbus_user_bus_client_template($1, $1_evolution_alarm, $1_evolution_alarm_t)
')
optional_policy(`
@@ -576,7 +576,7 @@ template(`evolution_per_role_template',`
allow $1_evolution_exchange_t $1_evolution_exchange_tmpfs_t:lnk_file manage_lnk_file_perms;
allow $1_evolution_exchange_t $1_evolution_exchange_tmpfs_t:sock_file manage_sock_file_perms;
allow $1_evolution_exchange_t $1_evolution_exchange_tmpfs_t:fifo_file manage_fifo_file_perms;
- fs_tmpfs_filetrans($1_evolution_exchange_t,$1_evolution_exchange_tmpfs_t,{ dir file lnk_file sock_file fifo_file })
+ fs_tmpfs_filetrans($1_evolution_exchange_t, $1_evolution_exchange_tmpfs_t, { dir file lnk_file sock_file fifo_file })
allow $1_evolution_exchange_t $2:unix_stream_socket connectto;
#FIXME, who should own this. I dont think this module should
@@ -609,13 +609,13 @@ template(`evolution_per_role_template',`
miscfiles_read_localization($1_evolution_exchange_t)
# Access evolution home
- userdom_search_user_home_dirs($1,$1_evolution_exchange_t)
+ userdom_search_user_home_dirs($1, $1_evolution_exchange_t)
# FIXME: suppress access to .local/.icons/.themes until properly implemented
# FIXME: suppress access to .gaim/blist.xml (buddy list synchronization)
# until properly implemented
- userdom_dontaudit_read_user_home_content_files($1,$1_evolution_exchange_t)
+ userdom_dontaudit_read_user_home_content_files($1, $1_evolution_exchange_t)
- xserver_user_x_domain_template($1,$1_evolution_exchange,$1_evolution_exchange_t,$1_evolution_exchange_tmpfs_t)
+ xserver_user_x_domain_template($1, $1_evolution_exchange, $1_evolution_exchange_t, $1_evolution_exchange_tmpfs_t)
# Access evolution home
tunable_policy(`use_nfs_home_dirs',`
@@ -706,11 +706,11 @@ template(`evolution_per_role_template',`
sysnet_use_ldap($1_evolution_server_t)
# Access evolution home
- userdom_search_user_home_dirs($1,$1_evolution_server_t)
+ userdom_search_user_home_dirs($1, $1_evolution_server_t)
# FIXME: suppress access to .local/.icons/.themes until properly implemented
# FIXME: suppress access to .gaim/blist.xml (buddy list synchronization)
# until properly implemented
- userdom_dontaudit_read_user_home_content_files($1,$1_evolution_server_t)
+ userdom_dontaudit_read_user_home_content_files($1, $1_evolution_server_t)
# Access evolution home
tunable_policy(`use_nfs_home_dirs',`
@@ -747,7 +747,7 @@ template(`evolution_per_role_template',`
allow $1_evolution_webcal_t $1_evolution_webcal_tmpfs_t:lnk_file manage_lnk_file_perms;
allow $1_evolution_webcal_t $1_evolution_webcal_tmpfs_t:sock_file manage_sock_file_perms;
allow $1_evolution_webcal_t $1_evolution_webcal_tmpfs_t:fifo_file manage_fifo_file_perms;
- fs_tmpfs_filetrans($1_evolution_webcal_t,$1_evolution_webcal_tmpfs_t,{ dir file lnk_file sock_file fifo_file })
+ fs_tmpfs_filetrans($1_evolution_webcal_t, $1_evolution_webcal_tmpfs_t, { dir file lnk_file sock_file fifo_file })
# Transition from user type
domain_auto_trans($2, evolution_webcal_exec_t, $1_evolution_webcal_t)
@@ -770,13 +770,13 @@ template(`evolution_per_role_template',`
sysnet_dns_name_resolve($1_evolution_webcal_t)
# Search home directory (?)
- userdom_search_user_home_dirs($1,$1_evolution_webcal_t)
+ userdom_search_user_home_dirs($1, $1_evolution_webcal_t)
# FIXME: suppress access to .local/.icons/.themes until properly implemented
# FIXME: suppress access to .gaim/blist.xml (buddy list synchronization)
# until properly implemented
- userdom_dontaudit_read_user_home_content_files($1,$1_evolution_webcal_t)
+ userdom_dontaudit_read_user_home_content_files($1, $1_evolution_webcal_t)
- xserver_user_x_domain_template($1,$1_evolution_webcal,$1_evolution_webcal_t,$1_evolution_webcal_tmpfs_t)
+ xserver_user_x_domain_template($1, $1_evolution_webcal, $1_evolution_webcal_t, $1_evolution_webcal_tmpfs_t)
optional_policy(`
nscd_socket_use($1_evolution_webcal_t)
diff --git a/policy/modules/apps/evolution.te b/policy/modules/apps/evolution.te
index 1255e6a..c08a51b 100644
--- a/policy/modules/apps/evolution.te
+++ b/policy/modules/apps/evolution.te
@@ -1,5 +1,5 @@
-policy_module(evolution,1.6.0)
+policy_module(evolution, 1.6.0)
########################################
#
diff --git a/policy/modules/apps/games.if b/policy/modules/apps/games.if
index 9447457..e7cbfee 100644
--- a/policy/modules/apps/games.if
+++ b/policy/modules/apps/games.if
@@ -44,7 +44,7 @@ template(`games_per_role_template',`
#
type $1_games_t;
- application_domain($1_games_t,games_exec_t)
+ application_domain($1_games_t, games_exec_t)
role $3 types $1_games_t;
type $1_games_devpts_t;
@@ -65,21 +65,21 @@ template(`games_per_role_template',`
allow $1_games_t self:tcp_socket create_stream_socket_perms;
allow $1_games_t self:udp_socket create_socket_perms;
- manage_files_pattern($1_games_t,games_data_t,games_data_t)
- manage_lnk_files_pattern($1_games_t,games_data_t,games_data_t)
+ manage_files_pattern($1_games_t, games_data_t, games_data_t)
+ manage_lnk_files_pattern($1_games_t, games_data_t, games_data_t)
allow $1_games_t $1_games_devpts_t:chr_file { rw_chr_file_perms setattr };
term_create_pty($1_games_t,$1_games_devpts_t)
- manage_dirs_pattern($1_games_t,$1_games_tmp_t,$1_games_tmp_t)
- manage_files_pattern($1_games_t,$1_games_tmp_t,$1_games_tmp_t)
+ manage_dirs_pattern($1_games_t, $1_games_tmp_t, $1_games_tmp_t)
+ manage_files_pattern($1_games_t, $1_games_tmp_t, $1_games_tmp_t)
files_tmp_filetrans($1_games_t, $1_games_tmp_t, { file dir })
- manage_files_pattern($1_games_t,$1_games_tmpfs_t,$1_games_tmpfs_t)
- manage_lnk_files_pattern($1_games_t,$1_games_tmpfs_t,$1_games_tmpfs_t)
- manage_fifo_files_pattern($1_games_t,$1_games_tmpfs_t,$1_games_tmpfs_t)
- manage_sock_files_pattern($1_games_t,$1_games_tmpfs_t,$1_games_tmpfs_t)
- fs_tmpfs_filetrans($1_games_t,$1_games_tmpfs_t,{ file lnk_file sock_file fifo_file })
+ manage_files_pattern($1_games_t, $1_games_tmpfs_t, $1_games_tmpfs_t)
+ manage_lnk_files_pattern($1_games_t, $1_games_tmpfs_t, $1_games_tmpfs_t)
+ manage_fifo_files_pattern($1_games_t, $1_games_tmpfs_t, $1_games_tmpfs_t)
+ manage_sock_files_pattern($1_games_t, $1_games_tmpfs_t, $1_games_tmpfs_t)
+ fs_tmpfs_filetrans($1_games_t, $1_games_tmpfs_t, { file lnk_file sock_file fifo_file })
can_exec($1_games_t, games_exec_t)
@@ -146,7 +146,7 @@ template(`games_per_role_template',`
')
optional_policy(`
- xserver_user_x_domain_template($1,$1_games,$1_games_t,$1_games_tmpfs_t)
+ xserver_user_x_domain_template($1, $1_games, $1_games_t, $1_games_tmpfs_t)
xserver_create_xdm_tmp_sockets($1_games_t)
xserver_read_xdm_lib_files($1_games_t)
')
diff --git a/policy/modules/apps/games.te b/policy/modules/apps/games.te
index 316c33b..40a8a85 100644
--- a/policy/modules/apps/games.te
+++ b/policy/modules/apps/games.te
@@ -13,7 +13,7 @@ files_type(games_data_t)
# games recovery scripts
type games_t;
type games_exec_t;
-init_system_domain(games_t,games_exec_t)
+init_system_domain(games_t, games_exec_t)
type games_var_run_t;
files_pid_file(games_var_run_t)
@@ -26,11 +26,11 @@ files_pid_file(games_var_run_t)
dontaudit games_t self:capability sys_tty_config;
allow games_t self:process signal_perms;
-manage_files_pattern(games_t,games_data_t,games_data_t)
-manage_lnk_files_pattern(games_t,games_data_t,games_data_t)
+manage_files_pattern(games_t, games_data_t, games_data_t)
+manage_lnk_files_pattern(games_t, games_data_t, games_data_t)
-manage_files_pattern(games_t,games_var_run_t,games_var_run_t)
-files_pid_filetrans(games_t,games_var_run_t,file)
+manage_files_pattern(games_t, games_var_run_t, games_var_run_t)
+files_pid_filetrans(games_t, games_var_run_t, file)
can_exec(games_t,games_exec_t)
diff --git a/policy/modules/apps/gift.if b/policy/modules/apps/gift.if
index 786fe55..0046af5 100644
--- a/policy/modules/apps/gift.if
+++ b/policy/modules/apps/gift.if
@@ -40,18 +40,18 @@ template(`gift_per_role_template',`
#
type $1_gift_t;
- application_domain($1_gift_t,gift_exec_t)
+ application_domain($1_gift_t, gift_exec_t)
role $3 types $1_gift_t;
type $1_gift_home_t alias $1_gift_rw_t;
files_poly_member($1_gift_home_t)
- userdom_user_home_content($1,$1_gift_home_t)
+ userdom_user_home_content($1, $1_gift_home_t)
type $1_gift_tmpfs_t;
files_tmpfs_file($1_gift_tmpfs_t)
type $1_giftd_t;
- application_domain($1_giftd_t,giftd_exec_t)
+ application_domain($1_giftd_t, giftd_exec_t)
role $3 types $1_giftd_t;
##############################
@@ -61,16 +61,16 @@ template(`gift_per_role_template',`
allow $1_gift_t self:tcp_socket create_socket_perms;
- manage_files_pattern($1_gift_t,$1_gift_tmpfs_t,$1_gift_tmpfs_t)
- manage_lnk_files_pattern($1_gift_t,$1_gift_tmpfs_t,$1_gift_tmpfs_t)
- manage_fifo_files_pattern($1_gift_t,$1_gift_tmpfs_t,$1_gift_tmpfs_t)
- manage_sock_files_pattern($1_gift_t,$1_gift_tmpfs_t,$1_gift_tmpfs_t)
- fs_tmpfs_filetrans($1_gift_t,$1_gift_tmpfs_t,{ dir file lnk_file sock_file fifo_file })
+ manage_files_pattern($1_gift_t, $1_gift_tmpfs_t, $1_gift_tmpfs_t)
+ manage_lnk_files_pattern($1_gift_t, $1_gift_tmpfs_t, $1_gift_tmpfs_t)
+ manage_fifo_files_pattern($1_gift_t, $1_gift_tmpfs_t, $1_gift_tmpfs_t)
+ manage_sock_files_pattern($1_gift_t, $1_gift_tmpfs_t, $1_gift_tmpfs_t)
+ fs_tmpfs_filetrans($1_gift_t, $1_gift_tmpfs_t,{ dir file lnk_file sock_file fifo_file })
- manage_dirs_pattern($1_gift_t,$1_gift_home_t,$1_gift_home_t)
- manage_files_pattern($1_gift_t,$1_gift_home_t,$1_gift_home_t)
- manage_lnk_files_pattern($1_gift_t,$1_gift_home_t,$1_gift_home_t)
- userdom_user_home_dir_filetrans($1,$1_gift_t,$1_gift_home_t,dir)
+ manage_dirs_pattern($1_gift_t, $1_gift_home_t, $1_gift_home_t)
+ manage_files_pattern($1_gift_t, $1_gift_home_t, $1_gift_home_t)
+ manage_lnk_files_pattern($1_gift_t, $1_gift_home_t, $1_gift_home_t)
+ userdom_user_home_dir_filetrans($1, $1_gift_t, $1_gift_home_t,dir)
# Launch gift daemon
domtrans_pattern($1_gift_t, giftd_exec_t, $1_giftd_t)
@@ -79,15 +79,15 @@ template(`gift_per_role_template',`
domtrans_pattern($2, gift_exec_t, $1_gift_t)
# user managed content
- manage_dirs_pattern($2,$1_gift_home_t,$1_gift_home_t)
- manage_files_pattern($2,$1_gift_home_t,$1_gift_home_t)
- manage_lnk_files_pattern($2,$1_gift_home_t,$1_gift_home_t)
- relabel_dirs_pattern($2,$1_gift_home_t,$1_gift_home_t)
- relabel_files_pattern($2,$1_gift_home_t,$1_gift_home_t)
- relabel_lnk_files_pattern($2,$1_gift_home_t,$1_gift_home_t)
+ manage_dirs_pattern($2, $1_gift_home_t, $1_gift_home_t)
+ manage_files_pattern($2, $1_gift_home_t, $1_gift_home_t)
+ manage_lnk_files_pattern($2, $1_gift_home_t, $1_gift_home_t)
+ relabel_dirs_pattern($2, $1_gift_home_t, $1_gift_home_t)
+ relabel_files_pattern($2, $1_gift_home_t, $1_gift_home_t)
+ relabel_lnk_files_pattern($2, $1_gift_home_t, $1_gift_home_t)
# Allow the user domain to signal/ps.
- ps_process_pattern($2,$1_gift_t)
+ ps_process_pattern($2, $1_gift_t)
allow $2 $1_gift_t:process signal_perms;
# Read /proc/meminfo
@@ -107,7 +107,7 @@ template(`gift_per_role_template',`
sysnet_read_config($1_gift_t)
# giftui looks in .icons, .themes.
- userdom_dontaudit_read_user_home_content_files($1,$1_gift_t)
+ userdom_dontaudit_read_user_home_content_files($1, $1_gift_t)
tunable_policy(`use_nfs_home_dirs',`
fs_manage_nfs_dirs($1_gift_t)
@@ -130,7 +130,7 @@ template(`gift_per_role_template',`
')
optional_policy(`
- xserver_user_x_domain_template($1,$1_gift,$1_gift_t,$1_gift_tmpfs_t)
+ xserver_user_x_domain_template($1, $1_gift, $1_gift_t, $1_gift_tmpfs_t)
')
##############################
@@ -143,10 +143,10 @@ template(`gift_per_role_template',`
allow $1_giftd_t self:tcp_socket create_stream_socket_perms;
allow $1_giftd_t self:udp_socket create_socket_perms;
- manage_dirs_pattern($1_giftd_t,$1_gift_home_t,$1_gift_home_t)
- manage_files_pattern($1_giftd_t,$1_gift_home_t,$1_gift_home_t)
- manage_lnk_files_pattern($1_giftd_t,$1_gift_home_t,$1_gift_home_t)
- userdom_user_home_dir_filetrans($1,$1_giftd_t,$1_gift_home_t,dir)
+ manage_dirs_pattern($1_giftd_t, $1_gift_home_t, $1_gift_home_t)
+ manage_files_pattern($1_giftd_t, $1_gift_home_t, $1_gift_home_t)
+ manage_lnk_files_pattern($1_giftd_t, $1_gift_home_t, $1_gift_home_t)
+ userdom_user_home_dir_filetrans($1, $1_giftd_t, $1_gift_home_t, dir)
domtrans_pattern($2, giftd_exec_t, $1_giftd_t)
diff --git a/policy/modules/apps/gift.te b/policy/modules/apps/gift.te
index 516684a..c0aec31 100644
--- a/policy/modules/apps/gift.te
+++ b/policy/modules/apps/gift.te
@@ -1,5 +1,5 @@
-policy_module(gift,1.4.0)
+policy_module(gift, 1.4.0)
########################################
#
diff --git a/policy/modules/apps/gnome.if b/policy/modules/apps/gnome.if
index f3aebbc..27ca9ad 100644
--- a/policy/modules/apps/gnome.if
+++ b/policy/modules/apps/gnome.if
@@ -64,13 +64,13 @@ template(`gnome_per_role_template',`
allow $1_gconfd_t self:process getsched;
allow $1_gconfd_t self:fifo_file rw_fifo_file_perms;
- manage_dirs_pattern($1_gconfd_t,$1_gconf_home_t,$1_gconf_home_t)
- manage_files_pattern($1_gconfd_t,$1_gconf_home_t,$1_gconf_home_t)
+ manage_dirs_pattern($1_gconfd_t, $1_gconf_home_t, $1_gconf_home_t)
+ manage_files_pattern($1_gconfd_t, $1_gconf_home_t, $1_gconf_home_t)
userdom_user_home_dir_filetrans($1, $1_gconfd_t, $1_gconf_home_t, dir)
- manage_dirs_pattern($1_gconfd_t,$1_gconf_tmp_t,$1_gconf_tmp_t)
- manage_files_pattern($1_gconfd_t,$1_gconf_tmp_t,$1_gconf_tmp_t)
- userdom_user_tmp_filetrans($1,$1_gconfd_t,$1_gconf_tmp_t,{ dir file })
+ manage_dirs_pattern($1_gconfd_t, $1_gconf_tmp_t, $1_gconf_tmp_t)
+ manage_files_pattern($1_gconfd_t, $1_gconf_tmp_t, $1_gconf_tmp_t)
+ userdom_user_tmp_filetrans($1, $1_gconfd_t, $1_gconf_tmp_t, { dir file })
domain_auto_trans($2, gconfd_exec_t, $1_gconfd_t)
allow $1_gconfd_t $2:fd use;
@@ -78,9 +78,9 @@ template(`gnome_per_role_template',`
allow $1_gconfd_t $2:unix_stream_socket connectto;
allow $1_gconfd_t gconf_etc_t:dir list_dir_perms;
- read_files_pattern($1_gconfd_t,gconf_etc_t,gconf_etc_t)
+ read_files_pattern($1_gconfd_t, gconf_etc_t, gconf_etc_t)
- ps_process_pattern($2,$1_gconfd_t)
+ ps_process_pattern($2, $1_gconfd_t)
dev_read_urand($1_gconfd_t)
@@ -94,10 +94,10 @@ template(`gnome_per_role_template',`
logging_send_syslog_msg($1_gconfd_t)
userdom_manage_user_tmp_sockets($1, $1_gconfd_t)
- userdom_manage_user_tmp_dirs($1,$1_gconfd_t)
- userdom_tmp_filetrans_user_tmp($1,$1_gconfd_t,dir)
+ userdom_manage_user_tmp_dirs($1, $1_gconfd_t)
+ userdom_tmp_filetrans_user_tmp($1, $1_gconfd_t,dir)
- gnome_stream_connect_gconf_template($1,$2)
+ gnome_stream_connect_gconf_template($1, $2)
optional_policy(`
nscd_dontaudit_search_pid($1_gconfd_t)
@@ -127,11 +127,10 @@ template(`gnome_per_role_template',`
#
template(`gnome_stream_connect_gconf_template',`
gen_require(`
- type $1_gconfd_t;
- type $1_gconf_tmp_t;
+ type $1_gconfd_t, $1_gconf_tmp_t;
')
- read_files_pattern($2,$1_gconf_tmp_t,$1_gconf_tmp_t)
+ read_files_pattern($2, $1_gconf_tmp_t, $1_gconf_tmp_t)
allow $2 $1_gconfd_t:unix_stream_socket connectto;
')
@@ -165,7 +164,7 @@ template(`gnome_domtrans_user_gconf',`
type $1_gconfd_t, gconfd_exec_t;
')
- domtrans_pattern($2,gconfd_exec_t,$1_gconfd_t)
+ domtrans_pattern($2, gconfd_exec_t, $1_gconfd_t)
')
########################################
diff --git a/policy/modules/apps/gnome.te b/policy/modules/apps/gnome.te
index 4d29760..1bfe4dd 100644
--- a/policy/modules/apps/gnome.te
+++ b/policy/modules/apps/gnome.te
@@ -1,5 +1,5 @@
-policy_module(gnome,1.3.0)
+policy_module(gnome, 1.3.0)
##############################
#
diff --git a/policy/modules/apps/gpg.if b/policy/modules/apps/gpg.if
index 4a4c21e..028d3e6 100644
--- a/policy/modules/apps/gpg.if
+++ b/policy/modules/apps/gpg.if
@@ -36,8 +36,7 @@
#
template(`gpg_per_role_template',`
gen_require(`
- type gpg_exec_t, gpg_helper_exec_t;
- type gpg_agent_exec_t, pinentry_exec_t;
+ type gpg_exec_t, gpg_helper_exec_t, gpg_agent_exec_t, pinentry_exec_t;
')
########################################
@@ -46,25 +45,25 @@ template(`gpg_per_role_template',`
#
type $1_gpg_t;
- application_domain($1_gpg_t,gpg_exec_t)
+ application_domain($1_gpg_t, gpg_exec_t)
role $3 types $1_gpg_t;
type $1_gpg_agent_t;
- application_domain($1_gpg_agent_t,gpg_agent_exec_t)
+ application_domain($1_gpg_agent_t, gpg_agent_exec_t)
role $3 types $1_gpg_agent_t;
type $1_gpg_agent_tmp_t;
files_tmp_file($1_gpg_agent_tmp_t)
type $1_gpg_secret_t;
- userdom_user_home_content($1,$1_gpg_secret_t)
+ userdom_user_home_content($1, $1_gpg_secret_t)
type $1_gpg_helper_t;
- application_domain($1_gpg_helper_t,gpg_helper_exec_t)
+ application_domain($1_gpg_helper_t, gpg_helper_exec_t)
role $3 types $1_gpg_helper_t;
type $1_gpg_pinentry_t;
- application_domain($1_gpg_pinentry_t,pinentry_exec_t)
+ application_domain($1_gpg_pinentry_t, pinentry_exec_t)
role $3 types $1_gpg_pinentry_t;
########################################
@@ -81,18 +80,18 @@ template(`gpg_per_role_template',`
allow $1_gpg_t self:tcp_socket create_stream_socket_perms;
# transition from the gpg domain to the helper domain
- domtrans_pattern($1_gpg_t,gpg_helper_exec_t,$1_gpg_helper_t)
+ domtrans_pattern($1_gpg_t, gpg_helper_exec_t, $1_gpg_helper_t)
- manage_files_pattern($1_gpg_t,$1_gpg_secret_t,$1_gpg_secret_t)
- manage_lnk_files_pattern($1_gpg_t,$1_gpg_secret_t,$1_gpg_secret_t)
+ manage_files_pattern($1_gpg_t, $1_gpg_secret_t, $1_gpg_secret_t)
+ manage_lnk_files_pattern($1_gpg_t, $1_gpg_secret_t, $1_gpg_secret_t)
allow $1_gpg_t $1_gpg_secret_t:dir create_dir_perms;
userdom_user_home_dir_filetrans($1, $1_gpg_t, $1_gpg_secret_t, dir)
# transition from the userdomain to the derived domain
- domtrans_pattern($2,gpg_exec_t,$1_gpg_t)
+ domtrans_pattern($2, gpg_exec_t, $1_gpg_t)
# allow ps to show gpg
- ps_process_pattern($2,$1_gpg_t)
+ ps_process_pattern($2, $1_gpg_t)
corenet_all_recvfrom_unlabeled($1_gpg_t)
corenet_all_recvfrom_netlabel($1_gpg_t)
@@ -125,7 +124,7 @@ template(`gpg_per_role_template',`
sysnet_read_config($1_gpg_t)
- userdom_use_user_terminals($1,$1_gpg_t)
+ userdom_use_user_terminals($1, $1_gpg_t)
optional_policy(`
nis_use_ypbind($1_gpg_t)
@@ -208,29 +207,29 @@ template(`gpg_per_role_template',`
allow $1_gpg_agent_t self:fifo_file rw_fifo_file_perms;
# Allow the gpg-agent to manage its tmp files (socket)
- manage_dirs_pattern($1_gpg_agent_t,$1_gpg_agent_tmp_t,$1_gpg_agent_tmp_t)
- manage_files_pattern($1_gpg_agent_t,$1_gpg_agent_tmp_t,$1_gpg_agent_tmp_t)
- manage_sock_files_pattern($1_gpg_agent_t,$1_gpg_agent_tmp_t,$1_gpg_agent_tmp_t)
+ manage_dirs_pattern($1_gpg_agent_t, $1_gpg_agent_tmp_t, $1_gpg_agent_tmp_t)
+ manage_files_pattern($1_gpg_agent_t, $1_gpg_agent_tmp_t, $1_gpg_agent_tmp_t)
+ manage_sock_files_pattern($1_gpg_agent_t, $1_gpg_agent_tmp_t, $1_gpg_agent_tmp_t)
files_tmp_filetrans($1_gpg_agent_t, $1_gpg_agent_tmp_t, { file sock_file dir })
# read and write ~/.gnupg (gpg-agent stores secret keys in ~/.gnupg/private-keys-v1.d )
- manage_dirs_pattern($1_gpg_agent_t,$1_gpg_secret_t,$1_gpg_secret_t)
- manage_files_pattern($1_gpg_agent_t,$1_gpg_secret_t,$1_gpg_secret_t)
- manage_lnk_files_pattern($1_gpg_agent_t,$1_gpg_secret_t,$1_gpg_secret_t)
+ manage_dirs_pattern($1_gpg_agent_t, $1_gpg_secret_t, $1_gpg_secret_t)
+ manage_files_pattern($1_gpg_agent_t, $1_gpg_secret_t, $1_gpg_secret_t)
+ manage_lnk_files_pattern($1_gpg_agent_t, $1_gpg_secret_t, $1_gpg_secret_t)
# allow gpg to connect to the gpg agent
- stream_connect_pattern($1_gpg_t,$1_gpg_agent_tmp_t,$1_gpg_agent_tmp_t,$1_gpg_agent_t)
+ stream_connect_pattern($1_gpg_t, $1_gpg_agent_tmp_t, $1_gpg_agent_tmp_t, $1_gpg_agent_t)
# allow ps to show gpg-agent
- ps_process_pattern($2,$1_gpg_agent_t)
+ ps_process_pattern($2, $1_gpg_agent_t)
# Allow the user shell to signal the gpg-agent program.
allow $2 $1_gpg_agent_t:process { signal sigkill signull };
# Allow the user to manage gpg-agent tmp files (socket)
- manage_dirs_pattern($2,$1_gpg_agent_tmp_t,$1_gpg_agent_tmp_t)
- manage_files_pattern($2,$1_gpg_agent_tmp_t,$1_gpg_agent_tmp_t)
- manage_sock_files_pattern($2,$1_gpg_agent_tmp_t,$1_gpg_agent_tmp_t)
+ manage_dirs_pattern($2, $1_gpg_agent_tmp_t, $1_gpg_agent_tmp_t)
+ manage_files_pattern($2, $1_gpg_agent_tmp_t, $1_gpg_agent_tmp_t)
+ manage_sock_files_pattern($2, $1_gpg_agent_tmp_t, $1_gpg_agent_tmp_t)
# Transition from the user domain to the derived domain.
domtrans_pattern($2, gpg_agent_exec_t, $1_gpg_agent_t)
@@ -245,17 +244,17 @@ template(`gpg_per_role_template',`
miscfiles_read_localization($1_gpg_agent_t)
# Write to the user domain tty.
- userdom_use_user_terminals($1,$1_gpg_agent_t)
+ userdom_use_user_terminals($1, $1_gpg_agent_t)
# read and write ~/.gnupg (gpg-agent stores secret keys in ~/.gnupg/private-keys-v1.d )
- userdom_search_user_home_dirs($1,$1_gpg_agent_t)
+ userdom_search_user_home_dirs($1, $1_gpg_agent_t)
tunable_policy(`gpg_agent_env_file',`
# write ~/.gpg-agent-info or a similar to the users home dir
# or subdir (gpg-agent --write-env-file option)
#
- userdom_user_home_dir_filetrans_user_home_content($1,$1_gpg_agent_t,file)
- userdom_manage_user_home_content_dirs($1,$1_gpg_agent_t)
- userdom_manage_user_home_content_files($1,$1_gpg_agent_t)
+ userdom_user_home_dir_filetrans_user_home_content($1, $1_gpg_agent_t, file)
+ userdom_manage_user_home_content_dirs($1, $1_gpg_agent_t)
+ userdom_manage_user_home_content_files($1, $1_gpg_agent_t)
')
tunable_policy(`use_nfs_home_dirs',`
@@ -280,7 +279,7 @@ template(`gpg_per_role_template',`
# we need to allow gpg-agent to call pinentry so it can get the passphrase
# from the user.
- domtrans_pattern($1_gpg_agent_t,pinentry_exec_t,$1_gpg_pinentry_t)
+ domtrans_pattern($1_gpg_agent_t, pinentry_exec_t, $1_gpg_pinentry_t)
# read /proc/meminfo
kernel_read_system_state($1_gpg_pinentry_t)
@@ -296,7 +295,7 @@ template(`gpg_per_role_template',`
miscfiles_read_localization($1_gpg_pinentry_t)
# for .Xauthority
- userdom_read_user_home_content_files($1,$1_gpg_pinentry_t)
+ userdom_read_user_home_content_files($1, $1_gpg_pinentry_t)
tunable_policy(`use_nfs_home_dirs',`
fs_read_nfs_files($1_gpg_pinentry_t)
diff --git a/policy/modules/apps/irc.if b/policy/modules/apps/irc.if
index 3d0e9fc..c778244 100644
--- a/policy/modules/apps/irc.if
+++ b/policy/modules/apps/irc.if
@@ -43,18 +43,18 @@ template(`irc_per_role_template',`
#
type $1_irc_t;
- application_domain($1_irc_t,irc_exec_t)
+ application_domain($1_irc_t, irc_exec_t)
role $3 types $1_irc_t;
type $1_irc_exec_t;
- userdom_user_home_content($1,$1_irc_exec_t)
- application_domain($1_irc_t,$1_irc_exec_t)
+ userdom_user_home_content($1, $1_irc_exec_t)
+ application_domain($1_irc_t, $1_irc_exec_t)
type $1_irc_home_t;
- userdom_user_home_content($1,$1_irc_home_t)
+ userdom_user_home_content($1, $1_irc_home_t)
type $1_irc_tmp_t;
- userdom_user_home_content($1,$1_irc_tmp_t)
+ userdom_user_home_content($1, $1_irc_tmp_t)
########################################
#
@@ -65,26 +65,26 @@ template(`irc_per_role_template',`
allow $1_irc_t self:tcp_socket create_socket_perms;
allow $1_irc_t self:udp_socket create_socket_perms;
- manage_dirs_pattern($1_irc_t,$1_irc_home_t,$1_irc_home_t)
- manage_files_pattern($1_irc_t,$1_irc_home_t,$1_irc_home_t)
- manage_lnk_files_pattern($1_irc_t,$1_irc_home_t,$1_irc_home_t)
- userdom_user_home_dir_filetrans($1,$1_irc_t,$1_irc_home_t,{ dir file lnk_file })
+ manage_dirs_pattern($1_irc_t, $1_irc_home_t, $1_irc_home_t)
+ manage_files_pattern($1_irc_t, $1_irc_home_t, $1_irc_home_t)
+ manage_lnk_files_pattern($1_irc_t, $1_irc_home_t, $1_irc_home_t)
+ userdom_user_home_dir_filetrans($1, $1_irc_t, $1_irc_home_t,{ dir file lnk_file })
# access files under /tmp
- manage_dirs_pattern($1_irc_t,$1_irc_tmp_t,$1_irc_tmp_t)
- manage_files_pattern($1_irc_t,$1_irc_tmp_t,$1_irc_tmp_t)
- manage_lnk_files_pattern($1_irc_t,$1_irc_tmp_t,$1_irc_tmp_t)
- manage_fifo_files_pattern($1_irc_t,$1_irc_tmp_t,$1_irc_tmp_t)
- manage_sock_files_pattern($1_irc_t,$1_irc_tmp_t,$1_irc_tmp_t)
- files_tmp_filetrans($1_irc_t,$1_irc_tmp_t,{ file dir lnk_file sock_file fifo_file })
+ manage_dirs_pattern($1_irc_t, $1_irc_tmp_t, $1_irc_tmp_t)
+ manage_files_pattern($1_irc_t, $1_irc_tmp_t, $1_irc_tmp_t)
+ manage_lnk_files_pattern($1_irc_t, $1_irc_tmp_t, $1_irc_tmp_t)
+ manage_fifo_files_pattern($1_irc_t, $1_irc_tmp_t, $1_irc_tmp_t)
+ manage_sock_files_pattern($1_irc_t, $1_irc_tmp_t, $1_irc_tmp_t)
+ files_tmp_filetrans($1_irc_t, $1_irc_tmp_t, { file dir lnk_file sock_file fifo_file })
# Transition from the user domain to the derived domain.
- domtrans_pattern($2,irc_exec_t,$1_irc_t)
+ domtrans_pattern($2, irc_exec_t, $1_irc_t)
allow $2 $1_irc_exec_t:file { relabelfrom relabelto manage_file_perms };
# allow ps to show irc
- ps_process_pattern($2,$1_irc_t)
+ ps_process_pattern($2, $1_irc_t)
allow $2 $1_irc_t:process signal;
kernel_read_proc_symlinks($1_irc_t)
@@ -130,7 +130,7 @@ template(`irc_per_role_template',`
sysnet_read_config($1_irc_t)
# Write to the user domain tty.
- userdom_use_user_terminals($1,$1_irc_t)
+ userdom_use_user_terminals($1, $1_irc_t)
tunable_policy(`use_nfs_home_dirs',`
fs_manage_nfs_dirs($1_irc_t)
diff --git a/policy/modules/apps/irc.te b/policy/modules/apps/irc.te
index e229a35..31208b6 100644
--- a/policy/modules/apps/irc.te
+++ b/policy/modules/apps/irc.te
@@ -1,5 +1,5 @@
-policy_module(irc,1.4.0)
+policy_module(irc, 1.4.0)
########################################
#
diff --git a/policy/modules/apps/java.if b/policy/modules/apps/java.if
index 47c801b..553db89 100644
--- a/policy/modules/apps/java.if
+++ b/policy/modules/apps/java.if
@@ -43,7 +43,7 @@ template(`java_per_role_template',`
#
type $1_javaplugin_t;
- application_domain($1_javaplugin_t,java_exec_t)
+ application_domain($1_javaplugin_t, java_exec_t)
role $3 types $1_javaplugin_t;
type $1_javaplugin_tmp_t;
@@ -64,20 +64,20 @@ template(`java_per_role_template',`
allow $1_javaplugin_t $2:unix_stream_socket connectto;
allow $1_javaplugin_t $2:unix_stream_socket { read write };
- userdom_write_user_tmp_sockets($1,$1_javaplugin_t)
+ userdom_write_user_tmp_sockets($1, $1_javaplugin_t)
- manage_dirs_pattern($1_javaplugin_t,$1_javaplugin_tmp_t,$1_javaplugin_tmp_t)
- manage_files_pattern($1_javaplugin_t,$1_javaplugin_tmp_t,$1_javaplugin_tmp_t)
- files_tmp_filetrans($1_javaplugin_t,$1_javaplugin_tmp_t,{ file dir })
+ manage_dirs_pattern($1_javaplugin_t, $1_javaplugin_tmp_t, $1_javaplugin_tmp_t)
+ manage_files_pattern($1_javaplugin_t, $1_javaplugin_tmp_t, $1_javaplugin_tmp_t)
+ files_tmp_filetrans($1_javaplugin_t, $1_javaplugin_tmp_t, { file dir })
- manage_files_pattern($1_javaplugin_t,$1_javaplugin_tmpfs_t,$1_javaplugin_tmpfs_t)
- manage_lnk_files_pattern($1_javaplugin_t,$1_javaplugin_tmpfs_t,$1_javaplugin_tmpfs_t)
- manage_fifo_files_pattern($1_javaplugin_t,$1_javaplugin_tmpfs_t,$1_javaplugin_tmpfs_t)
- manage_sock_files_pattern($1_javaplugin_t,$1_javaplugin_tmpfs_t,$1_javaplugin_tmpfs_t)
- fs_tmpfs_filetrans($1_javaplugin_t,$1_javaplugin_tmpfs_t,{ file lnk_file sock_file fifo_file })
+ manage_files_pattern($1_javaplugin_t, $1_javaplugin_tmpfs_t, $1_javaplugin_tmpfs_t)
+ manage_lnk_files_pattern($1_javaplugin_t, $1_javaplugin_tmpfs_t, $1_javaplugin_tmpfs_t)
+ manage_fifo_files_pattern($1_javaplugin_t, $1_javaplugin_tmpfs_t, $1_javaplugin_tmpfs_t)
+ manage_sock_files_pattern($1_javaplugin_t, $1_javaplugin_tmpfs_t, $1_javaplugin_tmpfs_t)
+ fs_tmpfs_filetrans($1_javaplugin_t, $1_javaplugin_tmpfs_t, { file lnk_file sock_file fifo_file })
- rw_files_pattern($1_javaplugin_t,$1_home_t,$1_home_t)
- read_files_pattern($1_javaplugin_t,$1_home_t,$1_home_t)
+ rw_files_pattern($1_javaplugin_t, $1_home_t, $1_home_t)
+ read_files_pattern($1_javaplugin_t, $1_home_t, $1_home_t)
can_exec($1_javaplugin_t, java_exec_t)
@@ -134,15 +134,15 @@ template(`java_per_role_template',`
sysnet_read_config($1_javaplugin_t)
- userdom_dontaudit_use_user_terminals($1,$1_javaplugin_t)
- userdom_dontaudit_setattr_user_home_content_files($1,$1_javaplugin_t)
- userdom_dontaudit_exec_user_home_content_files($1,$1_javaplugin_t)
- userdom_manage_user_home_content_dirs($1,$1_javaplugin_t)
- userdom_manage_user_home_content_files($1,$1_javaplugin_t)
- userdom_manage_user_home_content_symlinks($1,$1_javaplugin_t)
- userdom_manage_user_home_content_pipes($1,$1_javaplugin_t)
- userdom_manage_user_home_content_sockets($1,$1_javaplugin_t)
- userdom_user_home_dir_filetrans_user_home_content($1,$1_javaplugin_t,{ file lnk_file sock_file fifo_file })
+ userdom_dontaudit_use_user_terminals($1, $1_javaplugin_t)
+ userdom_dontaudit_setattr_user_home_content_files($1, $1_javaplugin_t)
+ userdom_dontaudit_exec_user_home_content_files($1, $1_javaplugin_t)
+ userdom_manage_user_home_content_dirs($1, $1_javaplugin_t)
+ userdom_manage_user_home_content_files($1, $1_javaplugin_t)
+ userdom_manage_user_home_content_symlinks($1, $1_javaplugin_t)
+ userdom_manage_user_home_content_pipes($1, $1_javaplugin_t)
+ userdom_manage_user_home_content_sockets($1, $1_javaplugin_t)
+ userdom_user_home_dir_filetrans_user_home_content($1, $1_javaplugin_t, { file lnk_file sock_file fifo_file })
tunable_policy(`allow_java_execstack',`
allow $1_javaplugin_t self:process execstack;
@@ -164,7 +164,7 @@ template(`java_per_role_template',`
')
optional_policy(`
- xserver_user_x_domain_template($1,$1_javaplugin,$1_javaplugin_t,$1_javaplugin_tmpfs_t)
+ xserver_user_x_domain_template($1, $1_javaplugin, $1_javaplugin_t, $1_javaplugin_tmpfs_t)
')
')
@@ -198,7 +198,7 @@ template(`java_domtrans_user_javaplugin',`
type $1_javaplugin_t, java_exec_t;
')
- domtrans_pattern($2,java_exec_t,$1_javaplugin_t)
+ domtrans_pattern($2, java_exec_t, $1_javaplugin_t)
')
########################################
diff --git a/policy/modules/apps/java.te b/policy/modules/apps/java.te
index 5a0c86f..16d43eb 100644
--- a/policy/modules/apps/java.te
+++ b/policy/modules/apps/java.te
@@ -1,5 +1,5 @@
-policy_module(java,1.8.0)
+policy_module(java, 1.8.0)
########################################
#
@@ -11,11 +11,11 @@ policy_module(java,1.8.0)
## Allow java executable stack
##
##
-gen_tunable(allow_java_execstack,false)
+gen_tunable(allow_java_execstack, false)
type java_t;
type java_exec_t;
-init_system_domain(java_t,java_exec_t)
+init_system_domain(java_t, java_exec_t)
########################################
#
diff --git a/policy/modules/apps/loadkeys.if b/policy/modules/apps/loadkeys.if
index 758d1c1..1c5f09b 100644
--- a/policy/modules/apps/loadkeys.if
+++ b/policy/modules/apps/loadkeys.if
@@ -65,5 +65,5 @@ interface(`loadkeys_exec',`
type loadkeys_exec_t;
')
- can_exec($1,loadkeys_exec_t)
+ can_exec($1, loadkeys_exec_t)
')
diff --git a/policy/modules/apps/loadkeys.te b/policy/modules/apps/loadkeys.te
index e96c8e0..e5423c1 100644
--- a/policy/modules/apps/loadkeys.te
+++ b/policy/modules/apps/loadkeys.te
@@ -1,5 +1,5 @@
-policy_module(loadkeys,1.4.0)
+policy_module(loadkeys, 1.4.0)
########################################
#
@@ -11,7 +11,7 @@ policy_module(loadkeys,1.4.0)
# all user domain ttys
type loadkeys_t;
type loadkeys_exec_t;
-init_system_domain(loadkeys_t,loadkeys_exec_t)
+init_system_domain(loadkeys_t, loadkeys_exec_t)
########################################
#
diff --git a/policy/modules/apps/lockdev.if b/policy/modules/apps/lockdev.if
index d9d61c0..fb7c4a7 100644
--- a/policy/modules/apps/lockdev.if
+++ b/policy/modules/apps/lockdev.if
@@ -44,7 +44,7 @@ template(`lockdev_per_role_template',`
#
type $1_lockdev_t;
- application_domain($1_lockdev_t,lockdev_exec_t)
+ application_domain($1_lockdev_t, lockdev_exec_t)
role $3 types $1_lockdev_t;
type $1_lockdev_lock_t;
@@ -63,7 +63,7 @@ template(`lockdev_per_role_template',`
domtrans_pattern($2, lockdev_exec_t, $1_lockdev_t)
allow $1_lockdev_t $1_lockdev_lock_t:file manage_file_perms;
- files_lock_filetrans($1_lockdev_t,$1_lockdev_lock_t,file)
+ files_lock_filetrans($1_lockdev_t, $1_lockdev_lock_t, file)
files_read_all_locks($1_lockdev_t)
diff --git a/policy/modules/apps/lockdev.te b/policy/modules/apps/lockdev.te
index 4d2512b..bb96b0c 100644
--- a/policy/modules/apps/lockdev.te
+++ b/policy/modules/apps/lockdev.te
@@ -1,5 +1,5 @@
-policy_module(lockdev,1.2.0)
+policy_module(lockdev, 1.2.0)
########################################
#
diff --git a/policy/modules/apps/mono.te b/policy/modules/apps/mono.te
index b04ecdf..831090a 100644
--- a/policy/modules/apps/mono.te
+++ b/policy/modules/apps/mono.te
@@ -8,7 +8,7 @@ policy_module(mono, 1.5.0)
type mono_t;
type mono_exec_t;
-init_system_domain(mono_t,mono_exec_t)
+init_system_domain(mono_t, mono_exec_t)
########################################
#
diff --git a/policy/modules/apps/mozilla.if b/policy/modules/apps/mozilla.if
index fe1ff3a..92f7e89 100644
--- a/policy/modules/apps/mozilla.if
+++ b/policy/modules/apps/mozilla.if
@@ -42,12 +42,12 @@ template(`mozilla_per_role_template',`
# Declarations
#
type $1_mozilla_t;
- application_domain($1_mozilla_t,mozilla_exec_t)
+ application_domain($1_mozilla_t, mozilla_exec_t)
role $3 types $1_mozilla_t;
type $1_mozilla_home_t alias $1_mozilla_rw_t;
files_poly_member($1_mozilla_home_t)
- userdom_user_home_content($1,$1_mozilla_home_t)
+ userdom_user_home_content($1, $1_mozilla_home_t)
type $1_mozilla_tmpfs_t;
files_tmpfs_file($1_mozilla_tmpfs_t)
@@ -72,10 +72,10 @@ template(`mozilla_per_role_template',`
can_exec($1_mozilla_t, mozilla_exec_t)
# X access, Home files
- manage_dirs_pattern($1_mozilla_t,$1_mozilla_home_t,$1_mozilla_home_t)
- manage_files_pattern($1_mozilla_t,$1_mozilla_home_t,$1_mozilla_home_t)
- manage_lnk_files_pattern($1_mozilla_t,$1_mozilla_home_t,$1_mozilla_home_t)
- userdom_search_user_home_dirs($1,$1_mozilla_t)
+ manage_dirs_pattern($1_mozilla_t, $1_mozilla_home_t, $1_mozilla_home_t)
+ manage_files_pattern($1_mozilla_t, $1_mozilla_home_t, $1_mozilla_home_t)
+ manage_lnk_files_pattern($1_mozilla_t, $1_mozilla_home_t, $1_mozilla_home_t)
+ userdom_search_user_home_dirs($1, $1_mozilla_t)
# Mozpluggerrc
allow $1_mozilla_t mozilla_conf_t:file read_file_perms;
@@ -89,18 +89,18 @@ template(`mozilla_per_role_template',`
allow $2 $1_mozilla_t:unix_stream_socket connectto;
# X access, Home files
- manage_dirs_pattern($2,$1_mozilla_home_t,$1_mozilla_home_t)
- manage_files_pattern($2,$1_mozilla_home_t,$1_mozilla_home_t)
- manage_lnk_files_pattern($2,$1_mozilla_home_t,$1_mozilla_home_t)
- relabel_dirs_pattern($2,$1_mozilla_home_t,$1_mozilla_home_t)
- relabel_files_pattern($2,$1_mozilla_home_t,$1_mozilla_home_t)
- relabel_lnk_files_pattern($2,$1_mozilla_home_t,$1_mozilla_home_t)
-
- manage_files_pattern($1_mozilla_t,$1_mozilla_tmpfs_t,$1_mozilla_tmpfs_t)
- manage_lnk_files_pattern($1_mozilla_t,$1_mozilla_tmpfs_t,$1_mozilla_tmpfs_t)
- manage_fifo_files_pattern($1_mozilla_t,$1_mozilla_tmpfs_t,$1_mozilla_tmpfs_t)
- manage_sock_files_pattern($1_mozilla_t,$1_mozilla_tmpfs_t,$1_mozilla_tmpfs_t)
- fs_tmpfs_filetrans($1_mozilla_t,$1_mozilla_tmpfs_t,{ file lnk_file sock_file fifo_file })
+ manage_dirs_pattern($2, $1_mozilla_home_t, $1_mozilla_home_t)
+ manage_files_pattern($2, $1_mozilla_home_t, $1_mozilla_home_t)
+ manage_lnk_files_pattern($2, $1_mozilla_home_t, $1_mozilla_home_t)
+ relabel_dirs_pattern($2, $1_mozilla_home_t, $1_mozilla_home_t)
+ relabel_files_pattern($2, $1_mozilla_home_t, $1_mozilla_home_t)
+ relabel_lnk_files_pattern($2, $1_mozilla_home_t, $1_mozilla_home_t)
+
+ manage_files_pattern($1_mozilla_t, $1_mozilla_tmpfs_t, $1_mozilla_tmpfs_t)
+ manage_lnk_files_pattern($1_mozilla_t, $1_mozilla_tmpfs_t, $1_mozilla_tmpfs_t)
+ manage_fifo_files_pattern($1_mozilla_t, $1_mozilla_tmpfs_t, $1_mozilla_tmpfs_t)
+ manage_sock_files_pattern($1_mozilla_t, $1_mozilla_tmpfs_t, $1_mozilla_tmpfs_t)
+ fs_tmpfs_filetrans($1_mozilla_t, $1_mozilla_tmpfs_t, { file lnk_file sock_file fifo_file })
allow $1_mozilla_t $2:process signull;
@@ -109,7 +109,7 @@ template(`mozilla_per_role_template',`
allow $2 $1_mozilla_t:process { noatsecure siginh rlimitinh };
# Allow the user domain to signal/ps.
- ps_process_pattern($2,$1_mozilla_t)
+ ps_process_pattern($2, $1_mozilla_t)
allow $2 $1_mozilla_t:process signal_perms;
kernel_read_kernel_sysctls($1_mozilla_t)
@@ -184,14 +184,14 @@ template(`mozilla_per_role_template',`
sysnet_dns_name_resolve($1_mozilla_t)
sysnet_read_config($1_mozilla_t)
- userdom_manage_user_home_content_dirs($1,$1_mozilla_t)
- userdom_manage_user_home_content_files($1,$1_mozilla_t)
- userdom_manage_user_home_content_symlinks($1,$1_mozilla_t)
- userdom_manage_user_tmp_dirs($1,$1_mozilla_t)
- userdom_manage_user_tmp_files($1,$1_mozilla_t)
- userdom_manage_user_tmp_sockets($1,$1_mozilla_t)
+ userdom_manage_user_home_content_dirs($1, $1_mozilla_t)
+ userdom_manage_user_home_content_files($1, $1_mozilla_t)
+ userdom_manage_user_home_content_symlinks($1, $1_mozilla_t)
+ userdom_manage_user_tmp_dirs($1, $1_mozilla_t)
+ userdom_manage_user_tmp_files($1, $1_mozilla_t)
+ userdom_manage_user_tmp_sockets($1, $1_mozilla_t)
- xserver_user_x_domain_template($1,$1_mozilla,$1_mozilla_t,$1_mozilla_tmpfs_t)
+ xserver_user_x_domain_template($1, $1_mozilla, $1_mozilla_t, $1_mozilla_tmpfs_t)
xserver_dontaudit_read_xdm_tmp_files($1_mozilla_t)
xserver_dontaudit_getattr_xdm_tmp_sockets($1_mozilla_t)
@@ -238,12 +238,12 @@ template(`mozilla_per_role_template',`
')
tunable_policy(`mozilla_read_content',`
- userdom_list_user_tmp($1,$1_mozilla_t)
- userdom_read_user_tmp_files($1,$1_mozilla_t)
- userdom_read_user_tmp_symlinks($1,$1_mozilla_t)
- userdom_search_user_home_dirs($1,$1_mozilla_t)
- userdom_read_user_home_content_files($1,$1_mozilla_t)
- userdom_read_user_home_content_symlinks($1,$1_mozilla_t)
+ userdom_list_user_tmp($1, $1_mozilla_t)
+ userdom_read_user_tmp_files($1, $1_mozilla_t)
+ userdom_read_user_tmp_symlinks($1, $1_mozilla_t)
+ userdom_search_user_home_dirs($1, $1_mozilla_t)
+ userdom_read_user_home_content_files($1, $1_mozilla_t)
+ userdom_read_user_home_content_symlinks($1, $1_mozilla_t)
ifdef(`enable_mls',`',`
fs_search_removable($1_mozilla_t)
@@ -255,10 +255,10 @@ template(`mozilla_per_role_template',`
files_dontaudit_list_home($1_mozilla_t)
fs_dontaudit_list_removable($1_mozilla_t)
fs_dontaudit_read_removable_files($1_mozilla_t)
- userdom_dontaudit_list_user_tmp($1,$1_mozilla_t)
- userdom_dontaudit_read_user_tmp_files($1,$1_mozilla_t)
- userdom_dontaudit_list_user_home_dirs($1,$1_mozilla_t)
- userdom_dontaudit_read_user_home_content_files($1,$1_mozilla_t)
+ userdom_dontaudit_list_user_tmp($1, $1_mozilla_t)
+ userdom_dontaudit_read_user_tmp_files($1, $1_mozilla_t)
+ userdom_dontaudit_list_user_home_dirs($1, $1_mozilla_t)
+ userdom_dontaudit_read_user_home_content_files($1, $1_mozilla_t)
')
tunable_policy(`mozilla_read_content && read_default_t',`
@@ -273,22 +273,22 @@ template(`mozilla_per_role_template',`
tunable_policy(`mozilla_read_content && read_untrusted_content',`
files_list_tmp($1_mozilla_t)
files_list_home($1_mozilla_t)
- userdom_search_user_home_dirs($1,$1_mozilla_t)
+ userdom_search_user_home_dirs($1, $1_mozilla_t)
- userdom_list_user_untrusted_content($1,$1_mozilla_t)
- userdom_read_user_untrusted_content_files($1,$1_mozilla_t)
- userdom_read_user_untrusted_content_symlinks($1,$1_mozilla_t)
- userdom_list_user_tmp_untrusted_content($1,$1_mozilla_t)
- userdom_read_user_tmp_untrusted_content_files($1,$1_mozilla_t)
- userdom_read_user_tmp_untrusted_content_symlinks($1,$1_mozilla_t)
+ userdom_list_user_untrusted_content($1, $1_mozilla_t)
+ userdom_read_user_untrusted_content_files($1, $1_mozilla_t)
+ userdom_read_user_untrusted_content_symlinks($1, $1_mozilla_t)
+ userdom_list_user_tmp_untrusted_content($1, $1_mozilla_t)
+ userdom_read_user_tmp_untrusted_content_files($1, $1_mozilla_t)
+ userdom_read_user_tmp_untrusted_content_symlinks($1, $1_mozilla_t)
',`
files_dontaudit_list_tmp($1_mozilla_t)
files_dontaudit_list_home($1_mozilla_t)
- userdom_dontaudit_list_user_home_dirs($1,$1_mozilla_t)
- userdom_dontaudit_list_user_untrusted_content($1,$1_mozilla_t)
- userdom_dontaudit_read_user_untrusted_content_files($1,$1_mozilla_t)
- userdom_dontaudit_list_user_tmp_untrusted_content($1,$1_mozilla_t)
- userdom_dontaudit_read_user_tmp_untrusted_content_files($1,$1_mozilla_t)
+ userdom_dontaudit_list_user_home_dirs($1, $1_mozilla_t)
+ userdom_dontaudit_list_user_untrusted_content($1, $1_mozilla_t)
+ userdom_dontaudit_read_user_untrusted_content_files($1, $1_mozilla_t)
+ userdom_dontaudit_list_user_tmp_untrusted_content($1, $1_mozilla_t)
+ userdom_dontaudit_read_user_tmp_untrusted_content_files($1, $1_mozilla_t)
')
# Save web pages
@@ -321,26 +321,26 @@ template(`mozilla_per_role_template',`
tunable_policy(`write_untrusted_content',`
files_search_home($1_mozilla_t)
userdom_manage_user_untrusted_content_tmp_files($1, $1_mozilla_t)
- files_tmp_filetrans($1_mozilla_t,$1_untrusted_content_tmp_t,file)
- files_tmp_filetrans($1_mozilla_t,$1_untrusted_content_tmp_t,dir)
+ files_tmp_filetrans($1_mozilla_t, $1_untrusted_content_tmp_t, file)
+ files_tmp_filetrans($1_mozilla_t, $1_untrusted_content_tmp_t, dir)
- userdom_manage_user_untrusted_content_files($1,$1_mozilla_t)
- userdom_user_home_dir_filetrans($1,$1_mozilla_t,$1_untrusted_content_tmp_t, { file dir })
- userdom_user_home_content_filetrans($1,$1_mozilla_t,$1_untrusted_content_tmp_t, { file dir })
+ userdom_manage_user_untrusted_content_files($1, $1_mozilla_t)
+ userdom_user_home_dir_filetrans($1, $1_mozilla_t, $1_untrusted_content_tmp_t, { file dir })
+ userdom_user_home_content_filetrans($1, $1_mozilla_t, $1_untrusted_content_tmp_t, { file dir })
',`
files_dontaudit_list_home($1_mozilla_t)
files_dontaudit_list_tmp($1_mozilla_t)
- userdom_dontaudit_list_user_home_dirs($1,$1_mozilla_t)
- userdom_dontaudit_manage_user_tmp_dirs($1,$1_mozilla_t)
- userdom_dontaudit_manage_user_tmp_files($1,$1_mozilla_t)
- userdom_dontaudit_manage_user_home_content_dirs($1,$1_mozilla_t)
+ userdom_dontaudit_list_user_home_dirs($1, $1_mozilla_t)
+ userdom_dontaudit_manage_user_tmp_dirs($1, $1_mozilla_t)
+ userdom_dontaudit_manage_user_tmp_files($1, $1_mozilla_t)
+ userdom_dontaudit_manage_user_home_content_dirs($1, $1_mozilla_t)
')
optional_policy(`
- apache_read_user_scripts($1,$1_mozilla_t)
- apache_read_user_content($1,$1_mozilla_t)
+ apache_read_user_scripts($1, $1_mozilla_t)
+ apache_read_user_content($1, $1_mozilla_t)
')
optional_policy(`
@@ -353,12 +353,12 @@ template(`mozilla_per_role_template',`
')
optional_policy(`
- dbus_system_bus_client_template($1_mozilla,$1_mozilla_t)
- dbus_user_bus_client_template($1,$1_mozilla,$1_mozilla_t)
+ dbus_system_bus_client_template($1_mozilla, $1_mozilla_t)
+ dbus_user_bus_client_template($1, $1_mozilla, $1_mozilla_t)
')
optional_policy(`
- gnome_stream_connect_gconf_template($1,$1_mozilla_t)
+ gnome_stream_connect_gconf_template($1, $1_mozilla_t)
')
optional_policy(`
@@ -366,7 +366,7 @@ template(`mozilla_per_role_template',`
')
optional_policy(`
- lpd_domtrans_user_lpr($1,$1_mozilla_t)
+ lpd_domtrans_user_lpr($1, $1_mozilla_t)
')
optional_policy(`
@@ -501,7 +501,7 @@ template(`mozilla_domtrans_user_mozilla',`
type $1_mozilla_t, mozilla_exec_t;
')
- domtrans_pattern($2, mozilla_exec_t,$1_mozilla_t)
+ domtrans_pattern($2, mozilla_exec_t, $1_mozilla_t)
')
########################################
diff --git a/policy/modules/apps/mozilla.te b/policy/modules/apps/mozilla.te
index eff3015..5d653b8 100644
--- a/policy/modules/apps/mozilla.te
+++ b/policy/modules/apps/mozilla.te
@@ -1,5 +1,5 @@
-policy_module(mozilla,1.6.0)
+policy_module(mozilla, 1.6.0)
########################################
#
@@ -11,7 +11,7 @@ policy_module(mozilla,1.6.0)
## Control mozilla content access
##
##
-gen_tunable(mozilla_read_content,false)
+gen_tunable(mozilla_read_content, false)
type mozilla_conf_t;
files_config_file(mozilla_conf_t)
diff --git a/policy/modules/apps/mplayer.if b/policy/modules/apps/mplayer.if
index 9390298..d31f223 100644
--- a/policy/modules/apps/mplayer.if
+++ b/policy/modules/apps/mplayer.if
@@ -43,11 +43,11 @@ template(`mplayer_per_role_template',`
#
type $1_mencoder_t;
- application_domain($1_mencoder_t,mencoder_exec_t)
+ application_domain($1_mencoder_t, mencoder_exec_t)
role $3 types $1_mencoder_t;
type $1_mplayer_t;
- application_domain($1_mplayer_t,mplayer_exec_t)
+ application_domain($1_mplayer_t, mplayer_exec_t)
role $3 types $1_mplayer_t;
type $1_mplayer_home_t alias $1_mplayer_rw_t;
@@ -62,14 +62,14 @@ template(`mplayer_per_role_template',`
# mencoder local policy
#
- manage_dirs_pattern($1_mencoder_t,$1_mplayer_home_t,$1_mplayer_home_t)
- manage_files_pattern($1_mencoder_t,$1_mplayer_home_t,$1_mplayer_home_t)
- manage_lnk_files_pattern($1_mencoder_t,$1_mplayer_home_t,$1_mplayer_home_t)
+ manage_dirs_pattern($1_mencoder_t, $1_mplayer_home_t, $1_mplayer_home_t)
+ manage_files_pattern($1_mencoder_t, $1_mplayer_home_t, $1_mplayer_home_t)
+ manage_lnk_files_pattern($1_mencoder_t, $1_mplayer_home_t, $1_mplayer_home_t)
# Read global config
allow $1_mencoder_t mplayer_etc_t:dir list_dir_perms;
- read_files_pattern($1_mencoder_t,mplayer_etc_t,mplayer_etc_t)
- read_lnk_files_pattern($1_mencoder_t,mplayer_etc_t,mplayer_etc_t)
+ read_files_pattern($1_mencoder_t, mplayer_etc_t, mplayer_etc_t)
+ read_lnk_files_pattern($1_mencoder_t, mplayer_etc_t, mplayer_etc_t)
# domain transition
domtrans_pattern($2, mencoder_exec_t, $1_mencoder_t)
@@ -183,20 +183,20 @@ template(`mplayer_per_role_template',`
files_list_tmp($1_mencoder_t)
files_list_home($1_mencoder_t)
- userdom_list_user_untrusted_content($1,$1_mencoder_t)
- userdom_read_user_untrusted_content_files($1,$1_mencoder_t)
- userdom_read_user_untrusted_content_symlinks($1,$1_mencoder_t)
- userdom_list_user_tmp_untrusted_content($1,$1_mencoder_t)
- userdom_read_user_tmp_untrusted_content_files($1,$1_mencoder_t)
- userdom_read_user_tmp_untrusted_content_symlinks($1,$1_mencoder_t)
+ userdom_list_user_untrusted_content($1, $1_mencoder_t)
+ userdom_read_user_untrusted_content_files($1, $1_mencoder_t)
+ userdom_read_user_untrusted_content_symlinks($1, $1_mencoder_t)
+ userdom_list_user_tmp_untrusted_content($1, $1_mencoder_t)
+ userdom_read_user_tmp_untrusted_content_files($1, $1_mencoder_t)
+ userdom_read_user_tmp_untrusted_content_symlinks($1, $1_mencoder_t)
',`
files_dontaudit_list_tmp($1_mencoder_t)
files_dontaudit_list_home($1_mencoder_t)
- userdom_dontaudit_list_user_home_dirs($1,$1_mencoder_t)
- userdom_dontaudit_list_user_untrusted_content($1,$1_mencoder_t)
- userdom_dontaudit_read_user_untrusted_content_files($1,$1_mencoder_t)
- userdom_dontaudit_list_user_tmp_untrusted_content($1,$1_mencoder_t)
- userdom_dontaudit_read_user_tmp_untrusted_content_files($1,$1_mencoder_t)
+ userdom_dontaudit_list_user_home_dirs($1, $1_mencoder_t)
+ userdom_dontaudit_list_user_untrusted_content($1, $1_mencoder_t)
+ userdom_dontaudit_read_user_untrusted_content_files($1, $1_mencoder_t)
+ userdom_dontaudit_list_user_tmp_untrusted_content($1, $1_mencoder_t)
+ userdom_dontaudit_read_user_tmp_untrusted_content_files($1, $1_mencoder_t)
')
tunable_policy(`write_untrusted_content',`
@@ -232,18 +232,18 @@ template(`mplayer_per_role_template',`
tunable_policy(`write_untrusted_content',`
files_search_home($1_mencoder_t)
- files_tmp_filetrans($1_mencoder_t,$1_untrusted_content_tmp_t,file)
- files_tmp_filetrans($1_mencoder_t,$1_untrusted_content_tmp_t,dir)
+ files_tmp_filetrans($1_mencoder_t, $1_untrusted_content_tmp_t, file)
+ files_tmp_filetrans($1_mencoder_t, $1_untrusted_content_tmp_t ,dir)
- userdom_manage_user_untrusted_content_dirs($1,$1_mencoder_t)
- userdom_manage_user_untrusted_content_files($1,$1_mencoder_t)
+ userdom_manage_user_untrusted_content_dirs($1, $1_mencoder_t)
+ userdom_manage_user_untrusted_content_files($1, $1_mencoder_t)
',`
files_dontaudit_list_home($1_mencoder_t)
files_dontaudit_list_tmp($1_mencoder_t)
- userdom_dontaudit_list_user_home_dirs($1,$1_mencoder_t)
- userdom_dontaudit_manage_user_tmp_files($1,$1_mencoder_t)
- userdom_dontaudit_manage_user_home_content_dirs($1,$1_mencoder_t)
+ userdom_dontaudit_list_user_home_dirs($1, $1_mencoder_t)
+ userdom_dontaudit_manage_user_tmp_files($1, $1_mencoder_t)
+ userdom_dontaudit_manage_user_home_content_dirs($1, $1_mencoder_t)
')
########################################
@@ -255,29 +255,29 @@ template(`mplayer_per_role_template',`
allow $1_mplayer_t self:fifo_file rw_fifo_file_perms;
allow $1_mplayer_t self:sem create_sem_perms;
- manage_dirs_pattern($1_mplayer_t,$1_mplayer_home_t,$1_mplayer_home_t)
- manage_files_pattern($1_mplayer_t,$1_mplayer_home_t,$1_mplayer_home_t)
- manage_lnk_files_pattern($1_mplayer_t,$1_mplayer_home_t,$1_mplayer_home_t)
- userdom_search_user_home_dirs($1,$1_mplayer_t)
+ manage_dirs_pattern($1_mplayer_t, $1_mplayer_home_t, $1_mplayer_home_t)
+ manage_files_pattern($1_mplayer_t, $1_mplayer_home_t, $1_mplayer_home_t)
+ manage_lnk_files_pattern($1_mplayer_t, $1_mplayer_home_t, $1_mplayer_home_t)
+ userdom_search_user_home_dirs($1, $1_mplayer_t)
- manage_files_pattern($1_mplayer_t,$1_mplayer_tmpfs_t,$1_mplayer_tmpfs_t)
- manage_lnk_files_pattern($1_mplayer_t,$1_mplayer_tmpfs_t,$1_mplayer_tmpfs_t)
- manage_fifo_files_pattern($1_mplayer_t,$1_mplayer_tmpfs_t,$1_mplayer_tmpfs_t)
- manage_sock_files_pattern($1_mplayer_t,$1_mplayer_tmpfs_t,$1_mplayer_tmpfs_t)
- fs_tmpfs_filetrans($1_mplayer_t,$1_mplayer_tmpfs_t,{ dir file lnk_file sock_file fifo_file })
+ manage_files_pattern($1_mplayer_t, $1_mplayer_tmpfs_t, $1_mplayer_tmpfs_t)
+ manage_lnk_files_pattern($1_mplayer_t, $1_mplayer_tmpfs_t, $1_mplayer_tmpfs_t)
+ manage_fifo_files_pattern($1_mplayer_t, $1_mplayer_tmpfs_t, $1_mplayer_tmpfs_t)
+ manage_sock_files_pattern($1_mplayer_t, $1_mplayer_tmpfs_t, $1_mplayer_tmpfs_t)
+ fs_tmpfs_filetrans($1_mplayer_t, $1_mplayer_tmpfs_t, { dir file lnk_file sock_file fifo_file })
# Read global config
allow $1_mplayer_t mplayer_etc_t:dir list_dir_perms;
- read_files_pattern($1_mplayer_t,mplayer_etc_t,mplayer_etc_t)
- read_lnk_files_pattern($1_mplayer_t,mplayer_etc_t,mplayer_etc_t)
+ read_files_pattern($1_mplayer_t, mplayer_etc_t, mplayer_etc_t)
+ read_lnk_files_pattern($1_mplayer_t, mplayer_etc_t, mplayer_etc_t)
# Home access
- manage_dirs_pattern($2,$1_mplayer_home_t,$1_mplayer_home_t)
- manage_files_pattern($2,$1_mplayer_home_t,$1_mplayer_home_t)
- manage_lnk_files_pattern($2,$1_mplayer_home_t,$1_mplayer_home_t)
- relabel_dirs_pattern($2,$1_mplayer_home_t,$1_mplayer_home_t)
- relabel_files_pattern($2,$1_mplayer_home_t,$1_mplayer_home_t)
- relabel_lnk_files_pattern($2,$1_mplayer_home_t,$1_mplayer_home_t)
+ manage_dirs_pattern($2, $1_mplayer_home_t, $1_mplayer_home_t)
+ manage_files_pattern($2, $1_mplayer_home_t, $1_mplayer_home_t)
+ manage_lnk_files_pattern($2, $1_mplayer_home_t, $1_mplayer_home_t)
+ relabel_dirs_pattern($2, $1_mplayer_home_t, $1_mplayer_home_t)
+ relabel_files_pattern($2, $1_mplayer_home_t, $1_mplayer_home_t)
+ relabel_lnk_files_pattern($2, $1_mplayer_home_t, $1_mplayer_home_t)
# domain transition
domtrans_pattern($2, mplayer_exec_t, $1_mplayer_t)
@@ -333,15 +333,15 @@ template(`mplayer_per_role_template',`
miscfiles_read_localization($1_mplayer_t)
miscfiles_read_fonts($1_mplayer_t)
- userdom_use_user_terminals($1,$1_mplayer_t)
+ userdom_use_user_terminals($1, $1_mplayer_t)
# Read media files
- userdom_list_user_tmp($1,$1_mplayer_t)
- userdom_read_user_tmp_files($1,$1_mplayer_t)
- userdom_read_user_tmp_symlinks($1,$1_mplayer_t)
- userdom_read_user_home_content_files($1,$1_mplayer_t)
- userdom_read_user_home_content_symlinks($1,$1_mplayer_t)
+ userdom_list_user_tmp($1, $1_mplayer_t)
+ userdom_read_user_tmp_files($1, $1_mplayer_t)
+ userdom_read_user_tmp_symlinks($1, $1_mplayer_t)
+ userdom_read_user_home_content_files($1, $1_mplayer_t)
+ userdom_read_user_home_content_symlinks($1, $1_mplayer_t)
- xserver_user_x_domain_template($1,$1_mplayer,$1_mplayer_t,$1_mplayer_tmpfs_t)
+ xserver_user_x_domain_template($1, $1_mplayer, $1_mplayer_t, $1_mplayer_tmpfs_t)
# Read songs
ifdef(`enable_mls',`',`
@@ -417,20 +417,20 @@ template(`mplayer_per_role_template',`
files_list_tmp($1_mplayer_t)
files_list_home($1_mplayer_t)
- userdom_list_user_untrusted_content($1,$1_mplayer_t)
- userdom_read_user_untrusted_content_files($1,$1_mplayer_t)
- userdom_read_user_untrusted_content_symlinks($1,$1_mplayer_t)
- userdom_list_user_tmp_untrusted_content($1,$1_mplayer_t)
- userdom_read_user_tmp_untrusted_content_files($1,$1_mplayer_t)
- userdom_read_user_tmp_untrusted_content_symlinks($1,$1_mplayer_t)
+ userdom_list_user_untrusted_content($1, $1_mplayer_t)
+ userdom_read_user_untrusted_content_files($1, $1_mplayer_t)
+ userdom_read_user_untrusted_content_symlinks($1, $1_mplayer_t)
+ userdom_list_user_tmp_untrusted_content($1, $1_mplayer_t)
+ userdom_read_user_tmp_untrusted_content_files($1, $1_mplayer_t)
+ userdom_read_user_tmp_untrusted_content_symlinks($1, $1_mplayer_t)
',`
files_dontaudit_list_tmp($1_mplayer_t)
files_dontaudit_list_home($1_mplayer_t)
- userdom_dontaudit_list_user_home_dirs($1,$1_mplayer_t)
- userdom_dontaudit_list_user_untrusted_content($1,$1_mplayer_t)
- userdom_dontaudit_read_user_untrusted_content_files($1,$1_mplayer_t)
- userdom_dontaudit_list_user_tmp_untrusted_content($1,$1_mplayer_t)
- userdom_dontaudit_read_user_tmp_untrusted_content_files($1,$1_mplayer_t)
+ userdom_dontaudit_list_user_home_dirs($1, $1_mplayer_t)
+ userdom_dontaudit_list_user_untrusted_content($1, $1_mplayer_t)
+ userdom_dontaudit_read_user_untrusted_content_files($1, $1_mplayer_t)
+ userdom_dontaudit_list_user_tmp_untrusted_content($1, $1_mplayer_t)
+ userdom_dontaudit_read_user_tmp_untrusted_content_files($1, $1_mplayer_t)
')
optional_policy(`
@@ -472,7 +472,7 @@ template(`mplayer_domtrans_user_mplayer',`
type $1_mplayer_t, mplayer_exec_t;
')
- domtrans_pattern($2, mplayer_exec_t,$1_mplayer_t)
+ domtrans_pattern($2, mplayer_exec_t, $1_mplayer_t)
')
########################################
@@ -505,5 +505,5 @@ template(`mplayer_read_user_home_files',`
type $1_mplayer_home_t;
')
- read_files_pattern($2,$1_mplayer_home_t,$1_mplayer_home_t)
+ read_files_pattern($2, $1_mplayer_home_t, $1_mplayer_home_t)
')
diff --git a/policy/modules/apps/mplayer.te b/policy/modules/apps/mplayer.te
index 078d0e5..94fa547 100644
--- a/policy/modules/apps/mplayer.te
+++ b/policy/modules/apps/mplayer.te
@@ -1,5 +1,5 @@
-policy_module(mplayer,1.5.0)
+policy_module(mplayer, 1.5.0)
########################################
#
@@ -11,7 +11,7 @@ policy_module(mplayer,1.5.0)
## Allow mplayer executable stack
##
##
-gen_tunable(allow_mplayer_execstack,false)
+gen_tunable(allow_mplayer_execstack, false)
type mencoder_exec_t;
application_executable_file(mencoder_exec_t)
diff --git a/policy/modules/apps/rssh.if b/policy/modules/apps/rssh.if
index 3f46fe8..019c504 100644
--- a/policy/modules/apps/rssh.if
+++ b/policy/modules/apps/rssh.if
@@ -36,7 +36,7 @@ template(`rssh_per_role_template',`
#
type $1_rssh_t alias rssh_$1_t, rssh_domain_type;
- application_domain($1_rssh_t,rssh_exec_t)
+ application_domain($1_rssh_t, rssh_exec_t)
domain_user_exemption_target($1_t)
domain_interactive_fd($1_rssh_t)
role system_r types $1_rssh_t;
@@ -48,7 +48,7 @@ template(`rssh_per_role_template',`
userdom_user_home_content($1,$1_rssh_ro_t)
type $1_rssh_rw_t alias rssh_$1_rw_t;
- userdom_user_home_content($1,$1_rssh_rw_t)
+ userdom_user_home_content($1, $1_rssh_rw_t)
##############################
#
@@ -68,13 +68,13 @@ template(`rssh_per_role_template',`
allow $1_rssh_t self:msg { send receive };
allow $1_rssh_t $1_rssh_devpts_t:chr_file { rw_file_perms setattr };
- term_create_pty($1_rssh_t,$1_rssh_devpts_t)
+ term_create_pty($1_rssh_t, $1_rssh_devpts_t)
allow $1_rssh_t $1_rssh_ro_t:dir list_dir_perms;
- read_files_pattern($1_rssh_t,$1_rssh_ro_t,$1_rssh_ro_t)
+ read_files_pattern($1_rssh_t, $1_rssh_ro_t, $1_rssh_ro_t)
- manage_dirs_pattern($1_rssh_t,$1_rssh_rw_t,$1_rssh_rw_t)
- manage_files_pattern($1_rssh_t,$1_rssh_rw_t,$1_rssh_rw_t)
+ manage_dirs_pattern($1_rssh_t, $1_rssh_rw_t, $1_rssh_rw_t)
+ manage_files_pattern($1_rssh_t, $1_rssh_rw_t, $1_rssh_rw_t)
kernel_read_system_state($1_rssh_t)
kernel_read_kernel_sysctls($1_rssh_t)
@@ -120,7 +120,7 @@ interface(`rssh_spec_domtrans_all_users',`
type rssh_exec_t;
')
- spec_domtrans_pattern($1,rssh_exec_t,rssh_domain_type)
+ spec_domtrans_pattern($1, rssh_exec_t, rssh_domain_type)
')
########################################
@@ -139,6 +139,6 @@ interface(`rssh_read_all_users_ro_content',`
')
allow $1 rssh_ro_content_type:dir list_dir_perms;
- read_files_pattern($1,rssh_ro_content_type,rssh_ro_content_type)
- read_lnk_files_pattern($1,rssh_ro_content_type,rssh_ro_content_type)
+ read_files_pattern($1, rssh_ro_content_type, rssh_ro_content_type)
+ read_lnk_files_pattern($1, rssh_ro_content_type, rssh_ro_content_type)
')
diff --git a/policy/modules/apps/rssh.te b/policy/modules/apps/rssh.te
index e35078a..92ba29f 100644
--- a/policy/modules/apps/rssh.te
+++ b/policy/modules/apps/rssh.te
@@ -1,5 +1,5 @@
-policy_module(rssh,1.1.0)
+policy_module(rssh, 1.1.0)
########################################
#
diff --git a/policy/modules/apps/screen.if b/policy/modules/apps/screen.if
index 0d05795..ca876d5 100644
--- a/policy/modules/apps/screen.if
+++ b/policy/modules/apps/screen.if
@@ -43,7 +43,7 @@ template(`screen_per_role_template',`
#
type $1_screen_t;
- application_domain($1_screen_t,screen_exec_t)
+ application_domain($1_screen_t, screen_exec_t)
domain_interactive_fd($1_screen_t)
role $3 types $1_screen_t;
@@ -70,20 +70,20 @@ template(`screen_per_role_template',`
allow $1_screen_t self:unix_stream_socket create_socket_perms;
allow $1_screen_t self:unix_dgram_socket create_socket_perms;
- manage_dirs_pattern($1_screen_t,$1_screen_tmp_t,$1_screen_tmp_t)
- manage_files_pattern($1_screen_t,$1_screen_tmp_t,$1_screen_tmp_t)
- manage_fifo_files_pattern($1_screen_t,$1_screen_tmp_t,$1_screen_tmp_t)
+ manage_dirs_pattern($1_screen_t, $1_screen_tmp_t, $1_screen_tmp_t)
+ manage_files_pattern($1_screen_t, $1_screen_tmp_t, $1_screen_tmp_t)
+ manage_fifo_files_pattern($1_screen_t, $1_screen_tmp_t, $1_screen_tmp_t)
files_tmp_filetrans($1_screen_t, $1_screen_tmp_t, { file dir })
# Create fifo
- manage_fifo_files_pattern($1_screen_t,screen_dir_t,$1_screen_var_run_t)
- manage_dirs_pattern($1_screen_t,screen_dir_t,screen_dir_t)
- filetrans_pattern($1_screen_t,screen_dir_t,$1_screen_var_run_t,fifo_file)
- files_pid_filetrans($1_screen_t,screen_dir_t,dir)
+ manage_fifo_files_pattern($1_screen_t, screen_dir_t, $1_screen_var_run_t)
+ manage_dirs_pattern($1_screen_t, screen_dir_t, screen_dir_t)
+ filetrans_pattern($1_screen_t, screen_dir_t, $1_screen_var_run_t, fifo_file)
+ files_pid_filetrans($1_screen_t, screen_dir_t, dir)
allow $1_screen_t $1_screen_ro_home_t:dir list_dir_perms;
- read_files_pattern($1_screen_t,$1_screen_ro_home_t,$1_screen_ro_home_t)
- read_lnk_files_pattern($1_screen_t,$1_screen_ro_home_t,$1_screen_ro_home_t)
+ read_files_pattern($1_screen_t, $1_screen_ro_home_t, $1_screen_ro_home_t)
+ read_lnk_files_pattern($1_screen_t, $1_screen_ro_home_t, $1_screen_ro_home_t)
allow $1_screen_t $2:process signal;
@@ -91,12 +91,12 @@ template(`screen_per_role_template',`
allow $2 $1_screen_t:process signal;
allow $1_screen_t $2:process signal;
- manage_dirs_pattern($2,$1_screen_ro_home_t,$1_screen_ro_home_t)
- manage_files_pattern($2,$1_screen_ro_home_t,$1_screen_ro_home_t)
- manage_lnk_files_pattern($2,$1_screen_ro_home_t,$1_screen_ro_home_t)
- relabel_dirs_pattern($2,$1_screen_ro_home_t,$1_screen_ro_home_t)
- relabel_files_pattern($2,$1_screen_ro_home_t,$1_screen_ro_home_t)
- relabel_lnk_files_pattern($2,$1_screen_ro_home_t,$1_screen_ro_home_t)
+ manage_dirs_pattern($2, $1_screen_ro_home_t, $1_screen_ro_home_t)
+ manage_files_pattern($2, $1_screen_ro_home_t, $1_screen_ro_home_t)
+ manage_lnk_files_pattern($2, $1_screen_ro_home_t, $1_screen_ro_home_t)
+ relabel_dirs_pattern($2, $1_screen_ro_home_t, $1_screen_ro_home_t)
+ relabel_files_pattern($2, $1_screen_ro_home_t, $1_screen_ro_home_t)
+ relabel_lnk_files_pattern($2, $1_screen_ro_home_t, $1_screen_ro_home_t)
kernel_read_system_state($1_screen_t)
kernel_read_kernel_sysctls($1_screen_t)
@@ -153,10 +153,10 @@ template(`screen_per_role_template',`
sysnet_read_config($1_screen_t)
- userdom_use_user_terminals($1,$1_screen_t)
- userdom_create_user_pty($1,$1_screen_t)
- userdom_user_home_domtrans($1,$1_screen_t,$2)
- userdom_setattr_user_ptys($1,$1_screen_t)
+ userdom_use_user_terminals($1, $1_screen_t)
+ userdom_create_user_pty($1, $1_screen_t)
+ userdom_user_home_domtrans($1, $1_screen_t, $2)
+ userdom_setattr_user_ptys($1, $1_screen_t)
tunable_policy(`read_default_t',`
files_list_default($1_screen_t)
@@ -167,13 +167,13 @@ template(`screen_per_role_template',`
')
tunable_policy(`use_samba_home_dirs',`
- fs_cifs_domtrans($1_screen_t,$2)
+ fs_cifs_domtrans($1_screen_t, $2)
fs_read_cifs_symlinks($1_screen_t)
fs_list_cifs($1_screen_t)
')
tunable_policy(`use_nfs_home_dirs',`
- fs_nfs_domtrans($1_screen_t,$2)
+ fs_nfs_domtrans($1_screen_t, $2)
fs_list_nfs($1_screen_t)
fs_read_nfs_symlinks($1_screen_t)
')
diff --git a/policy/modules/apps/screen.te b/policy/modules/apps/screen.te
index 475ba8a..5ad00a1 100644
--- a/policy/modules/apps/screen.te
+++ b/policy/modules/apps/screen.te
@@ -1,5 +1,5 @@
-policy_module(screen,1.4.0)
+policy_module(screen, 1.4.0)
########################################
#
diff --git a/policy/modules/apps/slocate.if b/policy/modules/apps/slocate.if
index 0346700..d8aec96 100644
--- a/policy/modules/apps/slocate.if
+++ b/policy/modules/apps/slocate.if
@@ -16,8 +16,8 @@ interface(`slocate_create_append_log',`
')
logging_search_logs($1)
- create_files_pattern($1,locate_log_t,locate_log_t)
- append_files_pattern($1,locate_log_t,locate_log_t)
+ create_files_pattern($1, locate_log_t, locate_log_t)
+ append_files_pattern($1, locate_log_t, locate_log_t)
')
########################################
diff --git a/policy/modules/apps/slocate.te b/policy/modules/apps/slocate.te
index f91f1fc..f25fb97 100644
--- a/policy/modules/apps/slocate.te
+++ b/policy/modules/apps/slocate.te
@@ -1,5 +1,5 @@
-policy_module(slocate,1.7.0)
+policy_module(slocate, 1.7.0)
#################################
#
@@ -8,7 +8,7 @@ policy_module(slocate,1.7.0)
type locate_t;
type locate_exec_t;
-init_system_domain(locate_t,locate_exec_t)
+init_system_domain(locate_t, locate_exec_t)
type locate_log_t;
logging_log_file(locate_log_t)
@@ -26,8 +26,8 @@ allow locate_t self:process { execmem execheap execstack };
allow locate_t self:fifo_file rw_fifo_file_perms;
allow locate_t self:unix_stream_socket create_socket_perms;
-manage_dirs_pattern(locate_t,locate_var_lib_t,locate_var_lib_t)
-manage_files_pattern(locate_t,locate_var_lib_t,locate_var_lib_t)
+manage_dirs_pattern(locate_t, locate_var_lib_t, locate_var_lib_t)
+manage_files_pattern(locate_t, locate_var_lib_t, locate_var_lib_t)
kernel_read_system_state(locate_t)
kernel_dontaudit_search_sysctl(locate_t)
diff --git a/policy/modules/apps/thunderbird.if b/policy/modules/apps/thunderbird.if
index 0d95bfd..ec65807 100644
--- a/policy/modules/apps/thunderbird.if
+++ b/policy/modules/apps/thunderbird.if
@@ -40,7 +40,7 @@ template(`thunderbird_per_role_template',`
#
type $1_thunderbird_t;
- application_domain($1_thunderbird_t,thunderbird_exec_t)
+ application_domain($1_thunderbird_t, thunderbird_exec_t)
role $3 types $1_thunderbird_t;
type $1_thunderbird_home_t alias $1_thunderbird_rw_t;
@@ -64,16 +64,16 @@ template(`thunderbird_per_role_template',`
allow $1_thunderbird_t self:shm { read write create destroy unix_read unix_write };
# Access ~/.thunderbird
- manage_dirs_pattern($1_thunderbird_t,$1_thunderbird_home_t,$1_thunderbird_home_t)
- manage_files_pattern($1_thunderbird_t,$1_thunderbird_home_t,$1_thunderbird_home_t)
- manage_lnk_files_pattern($1_thunderbird_t,$1_thunderbird_home_t,$1_thunderbird_home_t)
- userdom_search_user_home_dirs($1,$1_thunderbird_t)
+ manage_dirs_pattern($1_thunderbird_t, $1_thunderbird_home_t, $1_thunderbird_home_t)
+ manage_files_pattern($1_thunderbird_t, $1_thunderbird_home_t, $1_thunderbird_home_t)
+ manage_lnk_files_pattern($1_thunderbird_t, $1_thunderbird_home_t, $1_thunderbird_home_t)
+ userdom_search_user_home_dirs($1, $1_thunderbird_t)
- manage_files_pattern($1_thunderbird_t,$1_thunderbird_tmpfs_t,$1_thunderbird_tmpfs_t)
- manage_lnk_files_pattern($1_thunderbird_t,$1_thunderbird_tmpfs_t,$1_thunderbird_tmpfs_t)
- manage_fifo_files_pattern($1_thunderbird_t,$1_thunderbird_tmpfs_t,$1_thunderbird_tmpfs_t)
- manage_sock_files_pattern($1_thunderbird_t,$1_thunderbird_tmpfs_t,$1_thunderbird_tmpfs_t)
- fs_tmpfs_filetrans($1_thunderbird_t,$1_thunderbird_tmpfs_t,{ dir file lnk_file sock_file fifo_file })
+ manage_files_pattern($1_thunderbird_t, $1_thunderbird_tmpfs_t, $1_thunderbird_tmpfs_t)
+ manage_lnk_files_pattern($1_thunderbird_t, $1_thunderbird_tmpfs_t, $1_thunderbird_tmpfs_t)
+ manage_fifo_files_pattern($1_thunderbird_t, $1_thunderbird_tmpfs_t, $1_thunderbird_tmpfs_t)
+ manage_sock_files_pattern($1_thunderbird_t, $1_thunderbird_tmpfs_t, $1_thunderbird_tmpfs_t)
+ fs_tmpfs_filetrans($1_thunderbird_t, $1_thunderbird_tmpfs_t, { dir file lnk_file sock_file fifo_file })
domain_auto_trans($2, thunderbird_exec_t, $1_thunderbird_t)
allow $2 $1_thunderbird_t:fd use;
@@ -87,13 +87,13 @@ template(`thunderbird_per_role_template',`
ps_process_pattern($2,$1_thunderbird_t)
# Access ~/.thunderbird
- manage_dirs_pattern($2,$1_thunderbird_home_t,$1_thunderbird_home_t)
- manage_files_pattern($2,$1_thunderbird_home_t,$1_thunderbird_home_t)
- manage_lnk_files_pattern($2,$1_thunderbird_home_t,$1_thunderbird_home_t)
+ manage_dirs_pattern($2, $1_thunderbird_home_t, $1_thunderbird_home_t)
+ manage_files_pattern($2, $1_thunderbird_home_t, $1_thunderbird_home_t)
+ manage_lnk_files_pattern($2, $1_thunderbird_home_t, $1_thunderbird_home_t)
- relabel_dirs_pattern($2,$1_thunderbird_home_t,$1_thunderbird_home_t)
- relabel_files_pattern($2,$1_thunderbird_home_t,$1_thunderbird_home_t)
- relabel_lnk_files_pattern($2,$1_thunderbird_home_t,$1_thunderbird_home_t)
+ relabel_dirs_pattern($2, $1_thunderbird_home_t, $1_thunderbird_home_t)
+ relabel_files_pattern($2, $1_thunderbird_home_t, $1_thunderbird_home_t)
+ relabel_lnk_files_pattern($2, $1_thunderbird_home_t, $1_thunderbird_home_t)
# Allow netstat
kernel_read_network_state($1_thunderbird_t)
@@ -153,14 +153,14 @@ template(`thunderbird_per_role_template',`
miscfiles_read_fonts($1_thunderbird_t)
miscfiles_read_localization($1_thunderbird_t)
- userdom_manage_user_tmp_dirs($1,$1_thunderbird_t)
- userdom_read_user_tmp_files($1,$1_thunderbird_t)
- userdom_write_user_tmp_sockets($1,$1_thunderbird_t)
- userdom_manage_user_tmp_sockets($1,$1_thunderbird_t)
+ userdom_manage_user_tmp_dirs($1, $1_thunderbird_t)
+ userdom_read_user_tmp_files($1, $1_thunderbird_t)
+ userdom_write_user_tmp_sockets($1, $1_thunderbird_t)
+ userdom_manage_user_tmp_sockets($1, $1_thunderbird_t)
# .kde/....gtkrc
- userdom_read_user_home_content_files($1,$1_thunderbird_t)
+ userdom_read_user_home_content_files($1, $1_thunderbird_t)
- xserver_user_x_domain_template($1,$1_thunderbird,$1_thunderbird_t,$1_thunderbird_tmpfs_t)
+ xserver_user_x_domain_template($1, $1_thunderbird, $1_thunderbird_t, $1_thunderbird_tmpfs_t)
xserver_read_xdm_tmp_files($1_thunderbird_t)
xserver_dontaudit_getattr_xdm_tmp_sockets($1_thunderbird_t)
@@ -206,11 +206,11 @@ template(`thunderbird_per_role_template',`
')
tunable_policy(`mail_read_content',`
- userdom_list_user_tmp($1,$1_thunderbird_t)
- userdom_read_user_tmp_files($1,$1_thunderbird_t)
- userdom_read_user_tmp_symlinks($1,$1_thunderbird_t)
- userdom_search_user_home_dirs($1,$1_thunderbird_t)
- userdom_read_user_home_content_files($1,$1_thunderbird_t)
+ userdom_list_user_tmp($1, $1_thunderbird_t)
+ userdom_read_user_tmp_files($1, $1_thunderbird_t)
+ userdom_read_user_tmp_symlinks($1, $1_thunderbird_t)
+ userdom_search_user_home_dirs($1, $1_thunderbird_t)
+ userdom_read_user_home_content_files($1, $1_thunderbird_t)
ifndef(`enable_mls',`
fs_search_removable($1_thunderbird_t)
@@ -224,10 +224,10 @@ template(`thunderbird_per_role_template',`
fs_dontaudit_list_removable($1_thunderbird_t)
fs_dontaudit_read_removable_files($1_thunderbird_t)
- userdom_dontaudit_list_user_tmp($1,$1_thunderbird_t)
- userdom_dontaudit_read_user_tmp_files($1,$1_thunderbird_t)
- userdom_dontaudit_list_user_home_dirs($1,$1_thunderbird_t)
- userdom_dontaudit_read_user_home_content_files($1,$1_thunderbird_t)
+ userdom_dontaudit_list_user_tmp($1, $1_thunderbird_t)
+ userdom_dontaudit_read_user_tmp_files($1, $1_thunderbird_t)
+ userdom_dontaudit_list_user_home_dirs($1, $1_thunderbird_t)
+ userdom_dontaudit_read_user_home_content_files($1, $1_thunderbird_t)
')
tunable_policy(`mail_read_content && read_default_t',`
@@ -243,22 +243,22 @@ template(`thunderbird_per_role_template',`
files_list_tmp($1_thunderbird_t)
files_list_home($1_thunderbird_t)
- userdom_search_user_home_dirs($1,$1_thunderbird_t)
- userdom_list_user_untrusted_content($1,$1_thunderbird_t)
- userdom_read_user_untrusted_content_files($1,$1_thunderbird_t)
- userdom_read_user_untrusted_content_symlinks($1,$1_thunderbird_t)
- userdom_list_user_tmp_untrusted_content($1,$1_thunderbird_t)
- userdom_read_user_tmp_untrusted_content_files($1,$1_thunderbird_t)
- userdom_read_user_tmp_untrusted_content_symlinks($1,$1_thunderbird_t)
+ userdom_search_user_home_dirs($1, $1_thunderbird_t)
+ userdom_list_user_untrusted_content($1, $1_thunderbird_t)
+ userdom_read_user_untrusted_content_files($1, $1_thunderbird_t)
+ userdom_read_user_untrusted_content_symlinks($1, $1_thunderbird_t)
+ userdom_list_user_tmp_untrusted_content($1, $1_thunderbird_t)
+ userdom_read_user_tmp_untrusted_content_files($1, $1_thunderbird_t)
+ userdom_read_user_tmp_untrusted_content_symlinks($1, $1_thunderbird_t)
',`
files_dontaudit_list_tmp($1_thunderbird_t)
files_dontaudit_list_home($1_thunderbird_t)
- userdom_dontaudit_list_user_home_dirs($1,$1_thunderbird_t)
- userdom_dontaudit_list_user_untrusted_content($1,$1_thunderbird_t)
- userdom_dontaudit_read_user_untrusted_content_files($1,$1_thunderbird_t)
- userdom_dontaudit_list_user_tmp_untrusted_content($1,$1_thunderbird_t)
- userdom_dontaudit_read_user_tmp_untrusted_content_files($1,$1_thunderbird_t)
+ userdom_dontaudit_list_user_home_dirs($1, $1_thunderbird_t)
+ userdom_dontaudit_list_user_untrusted_content($1, $1_thunderbird_t)
+ userdom_dontaudit_read_user_untrusted_content_files($1, $1_thunderbird_t)
+ userdom_dontaudit_list_user_tmp_untrusted_content($1, $1_thunderbird_t)
+ userdom_dontaudit_read_user_tmp_untrusted_content_files($1, $1_thunderbird_t)
')
# Manage nfs homedirs
@@ -292,25 +292,25 @@ template(`thunderbird_per_role_template',`
# Manage /tmp and /home
tunable_policy(`write_untrusted_content',`
files_search_home($1_thunderbird_t)
- files_tmp_filetrans($1_thunderbird_t,$1_untrusted_content_tmp_t,file)
- files_tmp_filetrans($1_thunderbird_t,$1_untrusted_content_tmp_t,dir)
- userdom_manage_user_untrusted_content_files($1,$1_thunderbird_t)
+ files_tmp_filetrans($1_thunderbird_t, $1_untrusted_content_tmp_t,file)
+ files_tmp_filetrans($1_thunderbird_t, $1_untrusted_content_tmp_t,dir)
+ userdom_manage_user_untrusted_content_files($1, $1_thunderbird_t)
userdom_manage_user_untrusted_content_tmp_files($1, $1_thunderbird_t)
- userdom_user_home_dir_filetrans($1,$1_thunderbird_t,$1_untrusted_content_tmp_t, { file dir })
- userdom_user_home_content_filetrans($1,$1_thunderbird_t,$1_untrusted_content_tmp_t, { file dir })
+ userdom_user_home_dir_filetrans($1, $1_thunderbird_t, $1_untrusted_content_tmp_t, { file dir })
+ userdom_user_home_content_filetrans($1, $1_thunderbird_t, $1_untrusted_content_tmp_t, { file dir })
',`
files_dontaudit_list_home($1_thunderbird_t)
files_dontaudit_list_tmp($1_thunderbird_t)
- userdom_dontaudit_list_user_home_dirs($1,$1_thunderbird_t)
- userdom_dontaudit_manage_user_tmp_dirs($1,$1_thunderbird_t)
- userdom_dontaudit_manage_user_tmp_files($1,$1_thunderbird_t)
- userdom_dontaudit_manage_user_home_content_dirs($1,$1_thunderbird_t)
+ userdom_dontaudit_list_user_home_dirs($1, $1_thunderbird_t)
+ userdom_dontaudit_manage_user_tmp_dirs($1, $1_thunderbird_t)
+ userdom_dontaudit_manage_user_tmp_files($1, $1_thunderbird_t)
+ userdom_dontaudit_manage_user_home_content_dirs($1, $1_thunderbird_t)
')
optional_policy(`
- dbus_system_bus_client_template($1_thunderbird,$1_thunderbird_t)
- dbus_user_bus_client_template($1,$1_thunderbird,$1_thunderbird_t)
+ dbus_system_bus_client_template($1_thunderbird, $1_thunderbird_t)
+ dbus_user_bus_client_template($1, $1_thunderbird, $1_thunderbird_t)
')
optional_policy(`
@@ -319,17 +319,17 @@ template(`thunderbird_per_role_template',`
')
optional_policy(`
- gnome_stream_connect_gconf_template($1,$1_thunderbird_t)
+ gnome_stream_connect_gconf_template($1, $1_thunderbird_t)
gnome_domtrans_user_gconf($1, $1_thunderbird_t)
gnome_manage_user_gnome_config($1, $1_thunderbird_t)
')
optional_policy(`
- gpg_domtrans_user_gpg($1,$1_thunderbird_t)
+ gpg_domtrans_user_gpg($1, $1_thunderbird_t)
')
optional_policy(`
- lpd_domtrans_user_lpr($1,$1_thunderbird_t)
+ lpd_domtrans_user_lpr($1, $1_thunderbird_t)
')
optional_policy(`
@@ -382,5 +382,5 @@ template(`thunderbird_domtrans_user_thunderbird',`
type $1_thunderbird_t, thunderbird_exec_t;
')
- domtrans_pattern($2, thunderbird_exec_t,$1_thunderbird_t)
+ domtrans_pattern($2, thunderbird_exec_t, $1_thunderbird_t)
')
diff --git a/policy/modules/apps/thunderbird.te b/policy/modules/apps/thunderbird.te
index c820e73..15169bc 100644
--- a/policy/modules/apps/thunderbird.te
+++ b/policy/modules/apps/thunderbird.te
@@ -1,5 +1,5 @@
-policy_module(thunderbird,1.6.0)
+policy_module(thunderbird, 1.6.0)
########################################
#
diff --git a/policy/modules/apps/tvtime.if b/policy/modules/apps/tvtime.if
index 48c9004..a5e3ab7 100644
--- a/policy/modules/apps/tvtime.if
+++ b/policy/modules/apps/tvtime.if
@@ -43,11 +43,11 @@ template(`tvtime_per_role_template',`
#
type $1_tvtime_t;
- application_domain($1_tvtime_t,tvtime_exec_t)
+ application_domain($1_tvtime_t, tvtime_exec_t)
role $3 types $1_tvtime_t;
type $1_tvtime_home_t alias $1_tvtime_rw_t;
- userdom_user_home_content($1,$1_tvtime_home_t)
+ userdom_user_home_content($1, $1_tvtime_home_t)
files_poly_member($1_tvtime_home_t)
type $1_tvtime_tmp_t;
@@ -67,31 +67,31 @@ template(`tvtime_per_role_template',`
allow $1_tvtime_t self:unix_stream_socket rw_stream_socket_perms;
# X access, Home files
- manage_dirs_pattern($1_tvtime_t,$1_tvtime_home_t,$1_tvtime_home_t)
- manage_files_pattern($1_tvtime_t,$1_tvtime_home_t,$1_tvtime_home_t)
- manage_lnk_files_pattern($1_tvtime_t,$1_tvtime_home_t,$1_tvtime_home_t)
- userdom_user_home_dir_filetrans($1,$1_tvtime_t,$1_tvtime_home_t,dir)
+ manage_dirs_pattern($1_tvtime_t, $1_tvtime_home_t, $1_tvtime_home_t)
+ manage_files_pattern($1_tvtime_t, $1_tvtime_home_t, $1_tvtime_home_t)
+ manage_lnk_files_pattern($1_tvtime_t, $1_tvtime_home_t, $1_tvtime_home_t)
+ userdom_user_home_dir_filetrans($1, $1_tvtime_t, $1_tvtime_home_t, dir)
- manage_dirs_pattern($1_tvtime_t,$1_tvtime_tmp_t,$1_tvtime_tmp_t)
- manage_files_pattern($1_tvtime_t,$1_tvtime_tmp_t,$1_tvtime_tmp_t)
- files_tmp_filetrans($1_tvtime_t, $1_tvtime_tmp_t,{ file dir })
+ manage_dirs_pattern($1_tvtime_t, $1_tvtime_tmp_t, $1_tvtime_tmp_t)
+ manage_files_pattern($1_tvtime_t, $1_tvtime_tmp_t, $1_tvtime_tmp_t)
+ files_tmp_filetrans($1_tvtime_t, $1_tvtime_tmp_t, { file dir })
- manage_files_pattern($1_tvtime_t,$1_tvtime_tmpfs_t,$1_tvtime_tmpfs_t)
- manage_lnk_files_pattern($1_tvtime_t,$1_tvtime_tmpfs_t,$1_tvtime_tmpfs_t)
- manage_fifo_files_pattern($1_tvtime_t,$1_tvtime_tmpfs_t,$1_tvtime_tmpfs_t)
- manage_sock_files_pattern($1_tvtime_t,$1_tvtime_tmpfs_t,$1_tvtime_tmpfs_t)
- fs_tmpfs_filetrans($1_tvtime_t,$1_tvtime_tmpfs_t,{ file lnk_file sock_file fifo_file })
+ manage_files_pattern($1_tvtime_t, $1_tvtime_tmpfs_t, $1_tvtime_tmpfs_t)
+ manage_lnk_files_pattern($1_tvtime_t, $1_tvtime_tmpfs_t, $1_tvtime_tmpfs_t)
+ manage_fifo_files_pattern($1_tvtime_t, $1_tvtime_tmpfs_t, $1_tvtime_tmpfs_t)
+ manage_sock_files_pattern($1_tvtime_t, $1_tvtime_tmpfs_t, $1_tvtime_tmpfs_t)
+ fs_tmpfs_filetrans($1_tvtime_t, $1_tvtime_tmpfs_t, { file lnk_file sock_file fifo_file })
# Type transition
domtrans_pattern($2, tvtime_exec_t, $1_tvtime_t)
# X access, Home files
- manage_dirs_pattern($2,$1_tvtime_home_t,$1_tvtime_home_t)
- manage_files_pattern($2,$1_tvtime_home_t,$1_tvtime_home_t)
- manage_lnk_files_pattern($2,$1_tvtime_home_t,$1_tvtime_home_t)
- relabel_dirs_pattern($2,$1_tvtime_home_t,$1_tvtime_home_t)
- relabel_files_pattern($2,$1_tvtime_home_t,$1_tvtime_home_t)
- relabel_lnk_files_pattern($2,$1_tvtime_home_t,$1_tvtime_home_t)
+ manage_dirs_pattern($2, $1_tvtime_home_t, $1_tvtime_home_t)
+ manage_files_pattern($2, $1_tvtime_home_t, $1_tvtime_home_t)
+ manage_lnk_files_pattern($2, $1_tvtime_home_t, $1_tvtime_home_t)
+ relabel_dirs_pattern($2, $1_tvtime_home_t, $1_tvtime_home_t)
+ relabel_files_pattern($2, $1_tvtime_home_t, $1_tvtime_home_t)
+ relabel_lnk_files_pattern($2, $1_tvtime_home_t, $1_tvtime_home_t)
# Allow the user domain to signal/ps.
ps_process_pattern($2,$1_tvtime_t)
@@ -118,8 +118,8 @@ template(`tvtime_per_role_template',`
miscfiles_read_localization($1_tvtime_t)
miscfiles_read_fonts($1_tvtime_t)
- userdom_use_user_terminals($1,$1_tvtime_t)
- userdom_read_user_home_content_files($1,$1_tvtime_t)
+ userdom_use_user_terminals($1, $1_tvtime_t)
+ userdom_read_user_home_content_files($1, $1_tvtime_t)
# X access, Home files
tunable_policy(`use_nfs_home_dirs',`
@@ -134,6 +134,6 @@ template(`tvtime_per_role_template',`
')
optional_policy(`
- xserver_user_x_domain_template($1,$1_tvtime,$1_tvtime_t,$1_tvtime_tmpfs_t)
+ xserver_user_x_domain_template($1, $1_tvtime, $1_tvtime_t, $1_tvtime_tmpfs_t)
')
')
diff --git a/policy/modules/apps/tvtime.te b/policy/modules/apps/tvtime.te
index 0b55030..8c64f2d 100644
--- a/policy/modules/apps/tvtime.te
+++ b/policy/modules/apps/tvtime.te
@@ -1,5 +1,5 @@
-policy_module(tvtime,1.4.0)
+policy_module(tvtime, 1.4.0)
########################################
#
diff --git a/policy/modules/apps/uml.if b/policy/modules/apps/uml.if
index 0336e7b..3ced452 100644
--- a/policy/modules/apps/uml.if
+++ b/policy/modules/apps/uml.if
@@ -44,7 +44,7 @@ template(`uml_per_role_template',`
type $1_uml_t;
type $1_uml_exec_t;
- application_domain($1_uml_t,$1_uml_exec_t)
+ application_domain($1_uml_t, $1_uml_exec_t)
role $3 types $1_uml_t;
type $1_uml_ro_t;
@@ -82,58 +82,58 @@ template(`uml_per_role_template',`
allow $1_uml_t $1_uml_devpts_t:chr_file { rw_file_perms setattr };
term_create_pty($1_uml_t,$1_uml_devpts_t)
- manage_dirs_pattern($1_uml_t,$1_uml_tmp_t,$1_uml_tmp_t)
- manage_files_pattern($1_uml_t,$1_uml_tmp_t,$1_uml_tmp_t)
+ manage_dirs_pattern($1_uml_t, $1_uml_tmp_t, $1_uml_tmp_t)
+ manage_files_pattern($1_uml_t, $1_uml_tmp_t, $1_uml_tmp_t)
files_tmp_filetrans($1_uml_t, $1_uml_tmp_t, { file dir })
can_exec($1_uml_t, $1_uml_tmp_t)
- manage_files_pattern($1_uml_t,$1_uml_tmpfs_t,$1_uml_tmpfs_t)
- manage_lnk_files_pattern($1_uml_t,$1_uml_tmpfs_t,$1_uml_tmpfs_t)
- manage_fifo_files_pattern($1_uml_t,$1_uml_tmpfs_t,$1_uml_tmpfs_t)
- manage_sock_files_pattern($1_uml_t,$1_uml_tmpfs_t,$1_uml_tmpfs_t)
- fs_tmpfs_filetrans($1_uml_t,$1_uml_tmpfs_t,{ file lnk_file sock_file fifo_file })
+ manage_files_pattern($1_uml_t, $1_uml_tmpfs_t, $1_uml_tmpfs_t)
+ manage_lnk_files_pattern($1_uml_t, $1_uml_tmpfs_t, $1_uml_tmpfs_t)
+ manage_fifo_files_pattern($1_uml_t, $1_uml_tmpfs_t, $1_uml_tmpfs_t)
+ manage_sock_files_pattern($1_uml_t, $1_uml_tmpfs_t, $1_uml_tmpfs_t)
+ fs_tmpfs_filetrans($1_uml_t, $1_uml_tmpfs_t, { file lnk_file sock_file fifo_file })
can_exec($1_uml_t, $1_uml_tmpfs_t)
# access config files
allow $1_uml_t { $1_uml_ro_t uml_ro_t }:dir list_dir_perms;
- read_files_pattern($1_uml_t,{ $1_uml_ro_t uml_ro_t },{ $1_uml_ro_t uml_ro_t })
- read_lnk_files_pattern($1_uml_t,{ $1_uml_ro_t uml_ro_t },{ $1_uml_ro_t uml_ro_t })
+ read_files_pattern($1_uml_t, { $1_uml_ro_t uml_ro_t }, { $1_uml_ro_t uml_ro_t })
+ read_lnk_files_pattern($1_uml_t, { $1_uml_ro_t uml_ro_t }, { $1_uml_ro_t uml_ro_t })
- manage_dirs_pattern($1_uml_t,$1_uml_rw_t,$1_uml_rw_t)
- manage_files_pattern($1_uml_t,$1_uml_rw_t,$1_uml_rw_t)
- manage_lnk_files_pattern($1_uml_t,$1_uml_rw_t,$1_uml_rw_t)
- manage_fifo_files_pattern($1_uml_t,$1_uml_rw_t,$1_uml_rw_t)
- manage_sock_files_pattern($1_uml_t,$1_uml_rw_t,$1_uml_rw_t)
- userdom_user_home_dir_filetrans($1,$1_uml_t,$1_uml_rw_t,{ file lnk_file sock_file fifo_file })
+ manage_dirs_pattern($1_uml_t, $1_uml_rw_t, $1_uml_rw_t)
+ manage_files_pattern($1_uml_t, $1_uml_rw_t, $1_uml_rw_t)
+ manage_lnk_files_pattern($1_uml_t, $1_uml_rw_t, $1_uml_rw_t)
+ manage_fifo_files_pattern($1_uml_t, $1_uml_rw_t, $1_uml_rw_t)
+ manage_sock_files_pattern($1_uml_t, $1_uml_rw_t, $1_uml_rw_t)
+ userdom_user_home_dir_filetrans($1, $1_uml_t, $1_uml_rw_t, { file lnk_file sock_file fifo_file })
allow $2 uml_ro_t:dir list_dir_perms;
- read_files_pattern($2,uml_ro_t,uml_ro_t)
- read_lnk_files_pattern($2,uml_ro_t,uml_ro_t)
-
- manage_dirs_pattern($2,{ $1_uml_ro_t $1_uml_rw_t },{ $1_uml_ro_t $1_uml_rw_t })
- manage_files_pattern($2,{ $1_uml_ro_t $1_uml_rw_t },{ $1_uml_ro_t $1_uml_rw_t })
- manage_lnk_files_pattern($2,{ $1_uml_ro_t $1_uml_rw_t },{ $1_uml_ro_t $1_uml_rw_t })
- manage_fifo_files_pattern($2,{ $1_uml_ro_t $1_uml_rw_t },{ $1_uml_ro_t $1_uml_rw_t })
- manage_sock_files_pattern($2,{ $1_uml_ro_t $1_uml_rw_t },{ $1_uml_ro_t $1_uml_rw_t })
- relabel_dirs_pattern($2,{ $1_uml_ro_t $1_uml_rw_t },{ $1_uml_ro_t $1_uml_rw_t })
- relabel_files_pattern($2,{ $1_uml_ro_t $1_uml_rw_t },{ $1_uml_ro_t $1_uml_rw_t })
- relabel_lnk_files_pattern($2,{ $1_uml_ro_t $1_uml_rw_t },{ $1_uml_ro_t $1_uml_rw_t })
- relabel_fifo_files_pattern($2,{ $1_uml_ro_t $1_uml_rw_t },{ $1_uml_ro_t $1_uml_rw_t })
- relabel_sock_files_pattern($2,{ $1_uml_ro_t $1_uml_rw_t },{ $1_uml_ro_t $1_uml_rw_t })
-
- manage_dirs_pattern($2,{ $1_uml_ro_t $1_uml_rw_t $1_uml_exec_t },{ $1_uml_ro_t $1_uml_rw_t $1_uml_exec_t })
- manage_files_pattern($2,{ $1_uml_ro_t $1_uml_rw_t $1_uml_exec_t },{ $1_uml_ro_t $1_uml_rw_t $1_uml_exec_t })
- relabel_dirs_pattern($2,{ $1_uml_ro_t $1_uml_rw_t $1_uml_exec_t },{ $1_uml_ro_t $1_uml_rw_t $1_uml_exec_t })
- relabel_files_pattern($2,{ $1_uml_ro_t $1_uml_rw_t $1_uml_exec_t },{ $1_uml_ro_t $1_uml_rw_t $1_uml_exec_t })
+ read_files_pattern($2,uml_ro_t, uml_ro_t)
+ read_lnk_files_pattern($2,uml_ro_t, uml_ro_t)
+
+ manage_dirs_pattern($2, { $1_uml_ro_t $1_uml_rw_t }, { $1_uml_ro_t $1_uml_rw_t })
+ manage_files_pattern($2, { $1_uml_ro_t $1_uml_rw_t }, { $1_uml_ro_t $1_uml_rw_t })
+ manage_lnk_files_pattern($2, { $1_uml_ro_t $1_uml_rw_t }, { $1_uml_ro_t $1_uml_rw_t })
+ manage_fifo_files_pattern($2, { $1_uml_ro_t $1_uml_rw_t }, { $1_uml_ro_t $1_uml_rw_t })
+ manage_sock_files_pattern($2, { $1_uml_ro_t $1_uml_rw_t }, { $1_uml_ro_t $1_uml_rw_t })
+ relabel_dirs_pattern($2, { $1_uml_ro_t $1_uml_rw_t }, { $1_uml_ro_t $1_uml_rw_t })
+ relabel_files_pattern($2, { $1_uml_ro_t $1_uml_rw_t }, { $1_uml_ro_t $1_uml_rw_t })
+ relabel_lnk_files_pattern($2, { $1_uml_ro_t $1_uml_rw_t }, { $1_uml_ro_t $1_uml_rw_t })
+ relabel_fifo_files_pattern($2, { $1_uml_ro_t $1_uml_rw_t }, { $1_uml_ro_t $1_uml_rw_t })
+ relabel_sock_files_pattern($2, { $1_uml_ro_t $1_uml_rw_t }, { $1_uml_ro_t $1_uml_rw_t })
+
+ manage_dirs_pattern($2, { $1_uml_ro_t $1_uml_rw_t $1_uml_exec_t }, { $1_uml_ro_t $1_uml_rw_t $1_uml_exec_t })
+ manage_files_pattern($2, { $1_uml_ro_t $1_uml_rw_t $1_uml_exec_t }, { $1_uml_ro_t $1_uml_rw_t $1_uml_exec_t })
+ relabel_dirs_pattern($2, { $1_uml_ro_t $1_uml_rw_t $1_uml_exec_t }, { $1_uml_ro_t $1_uml_rw_t $1_uml_exec_t })
+ relabel_files_pattern($2, { $1_uml_ro_t $1_uml_rw_t $1_uml_exec_t }, { $1_uml_ro_t $1_uml_rw_t $1_uml_exec_t })
# allow ps, ptrace, signal
ps_process_pattern($2,$1_uml_t)
allow $2 $1_uml_t:process { ptrace signal_perms };
- manage_dirs_pattern($2,$1_uml_tmp_t,$1_uml_tmp_t)
- manage_files_pattern($2,$1_uml_tmp_t,$1_uml_tmp_t)
- manage_lnk_files_pattern($2,$1_uml_tmp_t,$1_uml_tmp_t)
- manage_sock_files_pattern($2,$1_uml_tmp_t,$1_uml_tmp_t)
+ manage_dirs_pattern($2, $1_uml_tmp_t, $1_uml_tmp_t)
+ manage_files_pattern($2, $1_uml_tmp_t, $1_uml_tmp_t)
+ manage_lnk_files_pattern($2, $1_uml_tmp_t, $1_uml_tmp_t)
+ manage_sock_files_pattern($2, $1_uml_tmp_t, $1_uml_tmp_t)
# Transition from the user domain to this domain.
domain_auto_trans($2, { uml_exec_t $1_uml_exec_t }, $1_uml_t)
@@ -186,7 +186,7 @@ template(`uml_per_role_template',`
# Use the network.
sysnet_read_config($1_uml_t)
- userdom_use_user_terminals($1,$1_uml_t)
+ userdom_use_user_terminals($1, $1_uml_t)
optional_policy(`
nis_use_ypbind($1_uml_t)
@@ -226,6 +226,6 @@ interface(`uml_manage_util_files',`
type uml_switch_var_run_t;
')
- manage_files_pattern($1,uml_switch_var_run_t,uml_switch_var_run_t)
- manage_lnk_files_pattern($1,uml_switch_var_run_t,uml_switch_var_run_t)
+ manage_files_pattern($1, uml_switch_var_run_t, uml_switch_var_run_t)
+ manage_lnk_files_pattern($1, uml_switch_var_run_t, uml_switch_var_run_t)
')
diff --git a/policy/modules/apps/uml.te b/policy/modules/apps/uml.te
index 19e7511..0c3d8e1 100644
--- a/policy/modules/apps/uml.te
+++ b/policy/modules/apps/uml.te
@@ -14,7 +14,7 @@ files_type(uml_ro_t)
type uml_switch_t;
type uml_switch_exec_t;
-init_daemon_domain(uml_switch_t,uml_switch_exec_t)
+init_daemon_domain(uml_switch_t, uml_switch_exec_t)
type uml_switch_var_run_t;
files_pid_file(uml_switch_var_run_t)
@@ -29,9 +29,9 @@ allow uml_switch_t self:process signal_perms;
allow uml_switch_t self:unix_dgram_socket create_socket_perms;
allow uml_switch_t self:unix_stream_socket create_stream_socket_perms;
-manage_files_pattern(uml_switch_t,uml_switch_var_run_t,uml_switch_var_run_t)
-manage_sock_files_pattern(uml_switch_t,uml_switch_var_run_t,uml_switch_var_run_t)
-files_pid_filetrans(uml_switch_t,uml_switch_var_run_t,file)
+manage_files_pattern(uml_switch_t, uml_switch_var_run_t, uml_switch_var_run_t)
+manage_sock_files_pattern(uml_switch_t, uml_switch_var_run_t, uml_switch_var_run_t)
+files_pid_filetrans(uml_switch_t, uml_switch_var_run_t, file)
kernel_read_kernel_sysctls(uml_switch_t)
kernel_list_proc(uml_switch_t)
diff --git a/policy/modules/apps/userhelper.if b/policy/modules/apps/userhelper.if
index 4a6c6a8..1444394 100644
--- a/policy/modules/apps/userhelper.if
+++ b/policy/modules/apps/userhelper.if
@@ -43,7 +43,7 @@ template(`userhelper_per_role_template',`
#
type $1_userhelper_t;
- application_domain($1_userhelper_t,userhelper_exec_t)
+ application_domain($1_userhelper_t, userhelper_exec_t)
domain_role_change_exemption($1_userhelper_t)
domain_obj_id_change_exemption($1_userhelper_t)
domain_interactive_fd($1_userhelper_t)
@@ -70,10 +70,10 @@ template(`userhelper_per_role_template',`
allow $1_userhelper_t self:sock_file read_sock_file_perms;
#Transition to the derived domain.
- domtrans_pattern($2,userhelper_exec_t,$1_userhelper_t)
+ domtrans_pattern($2, userhelper_exec_t, $1_userhelper_t)
allow $1_userhelper_t userhelper_conf_t:dir rw_dir_perms;
- rw_files_pattern($1_userhelper_t,userhelper_conf_t,userhelper_conf_t)
+ rw_files_pattern($1_userhelper_t, userhelper_conf_t, userhelper_conf_t)
can_exec($1_userhelper_t, userhelper_exec_t)
@@ -166,7 +166,7 @@ template(`userhelper_per_role_template',`
')
optional_policy(`
- ethereal_domtrans_user_ethereal($1,$1_userhelper_t)
+ ethereal_domtrans_user_ethereal($1, $1_userhelper_t)
')
optional_policy(`
@@ -280,5 +280,5 @@ interface(`userhelper_exec',`
type userhelper_exec_t;
')
- can_exec($1,userhelper_exec_t)
+ can_exec($1, userhelper_exec_t)
')
diff --git a/policy/modules/apps/usernetctl.if b/policy/modules/apps/usernetctl.if
index 4215dcb..166724b 100644
--- a/policy/modules/apps/usernetctl.if
+++ b/policy/modules/apps/usernetctl.if
@@ -15,7 +15,7 @@ interface(`usernetctl_domtrans',`
type usernetctl_t, usernetctl_exec_t;
')
- domtrans_pattern($1,usernetctl_exec_t,usernetctl_t)
+ domtrans_pattern($1, usernetctl_exec_t, usernetctl_t)
')
########################################
@@ -49,18 +49,18 @@ interface(`usernetctl_run',`
role $2 types usernetctl_t;
allow usernetctl_t $3:chr_file rw_term_perms;
- sysnet_run_ifconfig(usernetctl_t,$2,$3)
- sysnet_run_dhcpc(usernetctl_t,$2,$3)
+ sysnet_run_ifconfig(usernetctl_t, $2, $3)
+ sysnet_run_dhcpc(usernetctl_t, $2, $3)
optional_policy(`
- consoletype_run(usernetctl_t,$2,$3)
+ consoletype_run(usernetctl_t, $2, $3)
')
optional_policy(`
- iptables_run(usernetctl_t,$2,$3)
+ iptables_run(usernetctl_t, $2, $3)
')
optional_policy(`
- modutils_run_insmod(usernetctl_t,$2,$3)
+ modutils_run_insmod(usernetctl_t, $2, $3)
')
')
diff --git a/policy/modules/apps/usernetctl.te b/policy/modules/apps/usernetctl.te
index 8964a43..4f9a4f6 100644
--- a/policy/modules/apps/usernetctl.te
+++ b/policy/modules/apps/usernetctl.te
@@ -1,5 +1,5 @@
-policy_module(usernetctl,1.3.0)
+policy_module(usernetctl, 1.3.0)
########################################
#
@@ -8,7 +8,7 @@ policy_module(usernetctl,1.3.0)
type usernetctl_t;
type usernetctl_exec_t;
-application_domain(usernetctl_t,usernetctl_exec_t)
+application_domain(usernetctl_t, usernetctl_exec_t)
domain_interactive_fd(usernetctl_t)
########################################
@@ -29,7 +29,7 @@ allow usernetctl_t self:unix_stream_socket create_stream_socket_perms;
allow usernetctl_t self:unix_dgram_socket sendto;
allow usernetctl_t self:unix_stream_socket connectto;
-can_exec(usernetctl_t,usernetctl_exec_t)
+can_exec(usernetctl_t, usernetctl_exec_t)
kernel_read_system_state(usernetctl_t)
kernel_read_kernel_sysctls(usernetctl_t)
diff --git a/policy/modules/apps/vmware.if b/policy/modules/apps/vmware.if
index 25d812c..b6c923e 100644
--- a/policy/modules/apps/vmware.if
+++ b/policy/modules/apps/vmware.if
@@ -44,14 +44,14 @@ template(`vmware_per_role_template',`
type $1_vmware_t;
domain_type($1_vmware_t)
- domain_entry_file($1_vmware_t,vmware_exec_t)
+ domain_entry_file($1_vmware_t, vmware_exec_t)
role $3 types $1_vmware_t;
type $1_vmware_conf_t;
- userdom_user_home_content($1,$1_vmware_conf_t)
+ userdom_user_home_content($1, $1_vmware_conf_t)
type $1_vmware_file_t;
- userdom_user_home_content($1,$1_vmware_file_t)
+ userdom_user_home_content($1, $1_vmware_file_t)
type $1_vmware_tmp_t;
files_tmp_file($1_vmware_tmp_t)
@@ -88,31 +88,31 @@ template(`vmware_per_role_template',`
allow $1_vmware_t $1_vmware_conf_t:file manage_file_perms;
# VMWare disks
- manage_files_pattern($1_vmware_t,$1_vmware_file_t,$1_vmware_file_t)
- manage_lnk_files_pattern($1_vmware_t,$1_vmware_file_t,$1_vmware_file_t)
+ manage_files_pattern($1_vmware_t, $1_vmware_file_t, $1_vmware_file_t)
+ manage_lnk_files_pattern($1_vmware_t, $1_vmware_file_t, $1_vmware_file_t)
allow $1_vmware_t $1_vmware_tmp_t:file execute;
- manage_dirs_pattern($1_vmware_t,$1_vmware_tmp_t,$1_vmware_tmp_t)
- manage_files_pattern($1_vmware_t,$1_vmware_tmp_t,$1_vmware_tmp_t)
- manage_sock_files_pattern($1_vmware_t,$1_vmware_tmp_t,$1_vmware_tmp_t)
+ manage_dirs_pattern($1_vmware_t, $1_vmware_tmp_t, $1_vmware_tmp_t)
+ manage_files_pattern($1_vmware_t, $1_vmware_tmp_t, $1_vmware_tmp_t)
+ manage_sock_files_pattern($1_vmware_t, $1_vmware_tmp_t, $1_vmware_tmp_t)
files_tmp_filetrans($1_vmware_t, $1_vmware_tmp_t, { file dir })
- manage_files_pattern($1_vmware_t,$1_vmware_tmpfs_t,$1_vmware_tmpfs_t)
- manage_lnk_files_pattern($1_vmware_t,$1_vmware_tmpfs_t,$1_vmware_tmpfs_t)
- manage_fifo_files_pattern($1_vmware_t,$1_vmware_tmpfs_t,$1_vmware_tmpfs_t)
- manage_sock_files_pattern($1_vmware_t,$1_vmware_tmpfs_t,$1_vmware_tmpfs_t)
- fs_tmpfs_filetrans($1_vmware_t,$1_vmware_tmpfs_t,{ dir file lnk_file sock_file fifo_file })
+ manage_files_pattern($1_vmware_t, $1_vmware_tmpfs_t, $1_vmware_tmpfs_t)
+ manage_lnk_files_pattern($1_vmware_t, $1_vmware_tmpfs_t, $1_vmware_tmpfs_t)
+ manage_fifo_files_pattern($1_vmware_t, $1_vmware_tmpfs_t, $1_vmware_tmpfs_t)
+ manage_sock_files_pattern($1_vmware_t, $1_vmware_tmpfs_t, $1_vmware_tmpfs_t)
+ fs_tmpfs_filetrans($1_vmware_t, $1_vmware_tmpfs_t, { dir file lnk_file sock_file fifo_file })
# Read clobal configuration files
allow $1_vmware_t vmware_sys_conf_t:dir list_dir_perms;
- read_files_pattern($1_vmware_t,vmware_sys_conf_t,vmware_sys_conf_t)
- read_lnk_files_pattern($1_vmware_t,vmware_sys_conf_t,vmware_sys_conf_t)
+ read_files_pattern($1_vmware_t, vmware_sys_conf_t, vmware_sys_conf_t)
+ read_lnk_files_pattern($1_vmware_t, vmware_sys_conf_t, vmware_sys_conf_t)
- manage_dirs_pattern($1_vmware_t,$1_vmware_var_run_t,$1_vmware_var_run_t)
- manage_files_pattern($1_vmware_t,$1_vmware_var_run_t,$1_vmware_var_run_t)
- manage_lnk_files_pattern($1_vmware_t,$1_vmware_var_run_t,$1_vmware_var_run_t)
- manage_sock_files_pattern($1_vmware_t,$1_vmware_var_run_t,$1_vmware_var_run_t)
- files_pid_filetrans($1_vmware_t,$1_vmware_var_run_t,{ dir file lnk_file })
+ manage_dirs_pattern($1_vmware_t, $1_vmware_var_run_t, $1_vmware_var_run_t)
+ manage_files_pattern($1_vmware_t, $1_vmware_var_run_t, $1_vmware_var_run_t)
+ manage_lnk_files_pattern($1_vmware_t, $1_vmware_var_run_t, $1_vmware_var_run_t)
+ manage_sock_files_pattern($1_vmware_t, $1_vmware_var_run_t, $1_vmware_var_run_t)
+ files_pid_filetrans($1_vmware_t, $1_vmware_var_run_t, { dir file lnk_file })
domtrans_pattern($2, vmware_exec_t, $1_vmware_t)
@@ -155,16 +155,16 @@ template(`vmware_per_role_template',`
miscfiles_read_localization($1_vmware_t)
- userdom_use_user_terminals($1,$1_vmware_t)
+ userdom_use_user_terminals($1, $1_vmware_t)
userdom_use_unpriv_users_fds($1_vmware_t)
- userdom_list_user_home_dirs($1,$1_vmware_t)
+ userdom_list_user_home_dirs($1, $1_vmware_t)
# cjp: why?
- userdom_read_user_home_content_files($1,$1_vmware_t)
+ userdom_read_user_home_content_files($1, $1_vmware_t)
sysnet_dns_name_resolve($1_vmware_t)
sysnet_read_config($1_vmware_t)
- xserver_user_x_domain_template($1,$1_vmware,$1_vmware_t,$1_vmware_tmpfs_t)
+ xserver_user_x_domain_template($1, $1_vmware, $1_vmware_t, $1_vmware_tmpfs_t)
')
########################################
diff --git a/policy/modules/apps/vmware.te b/policy/modules/apps/vmware.te
index 0bd9ba2..d24b3f7 100644
--- a/policy/modules/apps/vmware.te
+++ b/policy/modules/apps/vmware.te
@@ -13,7 +13,7 @@ corecmd_executable_file(vmware_exec_t)
# VMWare host programs
type vmware_host_t;
type vmware_host_exec_t;
-init_daemon_domain(vmware_host_t,vmware_host_exec_t)
+init_daemon_domain(vmware_host_t, vmware_host_exec_t)
type vmware_log_t;
logging_log_file(vmware_log_t)
@@ -39,11 +39,11 @@ allow vmware_host_t self:rawip_socket create_socket_perms;
allow vmware_host_t self:tcp_socket create_socket_perms;
# cjp: the ro and rw files should be split up
-manage_files_pattern(vmware_host_t,vmware_sys_conf_t,vmware_sys_conf_t)
+manage_files_pattern(vmware_host_t, vmware_sys_conf_t, vmware_sys_conf_t)
-manage_files_pattern(vmware_host_t,vmware_var_run_t,vmware_var_run_t)
-manage_sock_files_pattern(vmware_host_t,vmware_var_run_t,vmware_var_run_t)
-files_pid_filetrans(vmware_host_t,vmware_var_run_t,{ file sock_file })
+manage_files_pattern(vmware_host_t, vmware_var_run_t, vmware_var_run_t)
+manage_sock_files_pattern(vmware_host_t, vmware_var_run_t, vmware_var_run_t)
+files_pid_filetrans(vmware_host_t, vmware_var_run_t, { file sock_file })
manage_files_pattern(vmware_host_t, vmware_log_t, vmware_log_t)
logging_log_filetrans(vmware_host_t, vmware_log_t, { file dir })
diff --git a/policy/modules/apps/webalizer.if b/policy/modules/apps/webalizer.if
index 823dc07..7b0bc5c 100644
--- a/policy/modules/apps/webalizer.if
+++ b/policy/modules/apps/webalizer.if
@@ -15,7 +15,7 @@ interface(`webalizer_domtrans',`
type webalizer_t, webalizer_exec_t;
')
- domtrans_pattern($1,webalizer_exec_t,webalizer_t)
+ domtrans_pattern($1, webalizer_exec_t, webalizer_t)
')
########################################
diff --git a/policy/modules/apps/webalizer.te b/policy/modules/apps/webalizer.te
index dcfa988..12ec66e 100644
--- a/policy/modules/apps/webalizer.te
+++ b/policy/modules/apps/webalizer.te
@@ -1,5 +1,5 @@
-policy_module(webalizer,1.7.0)
+policy_module(webalizer, 1.7.0)
########################################
#
@@ -8,7 +8,7 @@ policy_module(webalizer,1.7.0)
type webalizer_t;
type webalizer_exec_t;
-application_domain(webalizer_t,webalizer_exec_t)
+application_domain(webalizer_t, webalizer_exec_t)
role system_r types webalizer_t;
type webalizer_etc_t;
@@ -50,12 +50,12 @@ allow webalizer_t self:netlink_route_socket r_netlink_socket_perms;
allow webalizer_t webalizer_etc_t:file { getattr read };
-manage_dirs_pattern(webalizer_t,webalizer_tmp_t,webalizer_tmp_t)
-manage_files_pattern(webalizer_t,webalizer_tmp_t,webalizer_tmp_t)
+manage_dirs_pattern(webalizer_t, webalizer_tmp_t, webalizer_tmp_t)
+manage_files_pattern(webalizer_t, webalizer_tmp_t, webalizer_tmp_t)
files_tmp_filetrans(webalizer_t, webalizer_tmp_t, { file dir })
-manage_files_pattern(webalizer_t,webalizer_var_lib_t,webalizer_var_lib_t)
-files_var_lib_filetrans(webalizer_t,webalizer_var_lib_t,file)
+manage_files_pattern(webalizer_t, webalizer_var_lib_t, webalizer_var_lib_t)
+files_var_lib_filetrans(webalizer_t, webalizer_var_lib_t, file)
kernel_read_kernel_sysctls(webalizer_t)
kernel_read_system_state(webalizer_t)
@@ -90,7 +90,7 @@ apache_read_log(webalizer_t)
apache_manage_sys_content(webalizer_t)
optional_policy(`
- cron_system_entry(webalizer_t,webalizer_exec_t)
+ cron_system_entry(webalizer_t, webalizer_exec_t)
')
optional_policy(`
diff --git a/policy/modules/apps/wine.te b/policy/modules/apps/wine.te
index 6324db4..6789cdc 100644
--- a/policy/modules/apps/wine.te
+++ b/policy/modules/apps/wine.te
@@ -1,5 +1,5 @@
-policy_module(wine,1.5.0)
+policy_module(wine, 1.5.0)
########################################
#
@@ -8,7 +8,7 @@ policy_module(wine,1.5.0)
type wine_t;
type wine_exec_t;
-application_domain(wine_t,wine_exec_t)
+application_domain(wine_t, wine_exec_t)
########################################
#
diff --git a/policy/modules/apps/wireshark.if b/policy/modules/apps/wireshark.if
index 449a07a..acc1f35 100644
--- a/policy/modules/apps/wireshark.if
+++ b/policy/modules/apps/wireshark.if
@@ -45,12 +45,12 @@ template(`wireshark_per_role_template',`
# Type for program
type $1_wireshark_t;
- application_domain($1_wireshark_t,wireshark_exec_t)
+ application_domain($1_wireshark_t, wireshark_exec_t)
role $3 types $1_wireshark_t;
type $1_wireshark_home_t;
files_poly_member($1_wireshark_home_t)
- userdom_user_home_content($1,$1_wireshark_home_t)
+ userdom_user_home_content($1, $1_wireshark_home_t)
type $1_wireshark_tmp_t;
files_tmp_file($1_wireshark_tmp_t)
@@ -78,33 +78,33 @@ template(`wireshark_per_role_template',`
corecmd_search_bin($1_wireshark_t)
# /home/.wireshark
- manage_dirs_pattern($1_wireshark_t,$1_wireshark_home_t,$1_wireshark_home_t)
- manage_files_pattern($1_wireshark_t,$1_wireshark_home_t,$1_wireshark_home_t)
- manage_lnk_files_pattern($1_wireshark_t,$1_wireshark_home_t,$1_wireshark_home_t)
- userdom_user_home_dir_filetrans($1,$1_wireshark_t,$1_wireshark_home_t,dir)
+ manage_dirs_pattern($1_wireshark_t, $1_wireshark_home_t, $1_wireshark_home_t)
+ manage_files_pattern($1_wireshark_t, $1_wireshark_home_t, $1_wireshark_home_t)
+ manage_lnk_files_pattern($1_wireshark_t, $1_wireshark_home_t, $1_wireshark_home_t)
+ userdom_user_home_dir_filetrans($1, $1_wireshark_t, $1_wireshark_home_t, dir)
# Store temporary files
- manage_dirs_pattern($1_wireshark_t,$1_wireshark_tmp_t,$1_wireshark_tmp_t)
- manage_files_pattern($1_wireshark_t,$1_wireshark_tmp_t,$1_wireshark_tmp_t)
+ manage_dirs_pattern($1_wireshark_t, $1_wireshark_tmp_t, $1_wireshark_tmp_t)
+ manage_files_pattern($1_wireshark_t, $1_wireshark_tmp_t, $1_wireshark_tmp_t)
files_tmp_filetrans($1_wireshark_t, $1_wireshark_tmp_t, { dir file })
- manage_dirs_pattern($1_wireshark_t,$1_wireshark_tmpfs_t,$1_wireshark_tmpfs_t)
- manage_files_pattern($1_wireshark_t,$1_wireshark_tmpfs_t,$1_wireshark_tmpfs_t)
- manage_lnk_files_pattern($1_wireshark_t,$1_wireshark_tmpfs_t,$1_wireshark_tmpfs_t)
- manage_sock_files_pattern($1_wireshark_t,$1_wireshark_tmpfs_t,$1_wireshark_tmpfs_t)
- manage_fifo_files_pattern($1_wireshark_t,$1_wireshark_tmpfs_t,$1_wireshark_tmpfs_t)
- fs_tmpfs_filetrans($1_wireshark_t,$1_wireshark_tmpfs_t,{ dir file lnk_file sock_file fifo_file })
+ manage_dirs_pattern($1_wireshark_t, $1_wireshark_tmpfs_t, $1_wireshark_tmpfs_t)
+ manage_files_pattern($1_wireshark_t, $1_wireshark_tmpfs_t, $1_wireshark_tmpfs_t)
+ manage_lnk_files_pattern($1_wireshark_t, $1_wireshark_tmpfs_t, $1_wireshark_tmpfs_t)
+ manage_sock_files_pattern($1_wireshark_t, $1_wireshark_tmpfs_t, $1_wireshark_tmpfs_t)
+ manage_fifo_files_pattern($1_wireshark_t, $1_wireshark_tmpfs_t, $1_wireshark_tmpfs_t)
+ fs_tmpfs_filetrans($1_wireshark_t, $1_wireshark_tmpfs_t, { dir file lnk_file sock_file fifo_file })
domain_auto_trans($2, wireshark_exec_t, $1_wireshark_t)
allow $1_wireshark_t $2:fd use;
allow $1_wireshark_t $2:process sigchld;
- manage_dirs_pattern($2,$1_wireshark_home_t,$1_wireshark_home_t)
- manage_files_pattern($2,$1_wireshark_home_t,$1_wireshark_home_t)
- manage_lnk_files_pattern($2,$1_wireshark_home_t,$1_wireshark_home_t)
- relabel_dirs_pattern($2,$1_wireshark_home_t,$1_wireshark_home_t)
- relabel_files_pattern($2,$1_wireshark_home_t,$1_wireshark_home_t)
- relabel_lnk_files_pattern($2,$1_wireshark_home_t,$1_wireshark_home_t)
+ manage_dirs_pattern($2, $1_wireshark_home_t, $1_wireshark_home_t)
+ manage_files_pattern($2, $1_wireshark_home_t, $1_wireshark_home_t)
+ manage_lnk_files_pattern($2, $1_wireshark_home_t, $1_wireshark_home_t)
+ relabel_dirs_pattern($2, $1_wireshark_home_t, $1_wireshark_home_t)
+ relabel_files_pattern($2, $1_wireshark_home_t, $1_wireshark_home_t)
+ relabel_lnk_files_pattern($2, $1_wireshark_home_t, $1_wireshark_home_t)
kernel_read_kernel_sysctls($1_wireshark_t)
kernel_read_system_state($1_wireshark_t)
@@ -134,7 +134,7 @@ template(`wireshark_per_role_template',`
sysnet_read_config($1_wireshark_t)
- userdom_manage_user_home_content_files($1,$1_wireshark_t)
+ userdom_manage_user_home_content_files($1, $1_wireshark_t)
tunable_policy(`use_nfs_home_dirs',`
fs_manage_nfs_dirs($1_wireshark_t)
@@ -154,12 +154,12 @@ template(`wireshark_per_role_template',`
# Manual transition from userhelper
optional_policy(`
- userhelper_use_user_fd($1,$1_wireshark_t)
- userhelper_sigchld_user($1,$1_wireshark_t)
+ userhelper_use_user_fd($1, $1_wireshark_t)
+ userhelper_sigchld_user($1, $1_wireshark_t)
')
optional_policy(`
- xserver_user_client_template($1,$1_wireshark_t,$1_wireshark_tmpfs_t)
+ xserver_user_client_template($1, $1_wireshark_t, $1_wireshark_tmpfs_t)
xserver_create_xdm_tmp_sockets($1_wireshark_t)
')
@@ -205,9 +205,9 @@ template(`wireshark_admin_template',`
allow $1_wireshark_t self:unix_stream_socket create_stream_socket_perms;
allow $1_wireshark_t self:tcp_socket create_socket_perms;
- userdom_use_user_terminals($1,$1_wireshark_t)
+ userdom_use_user_terminals($1, $1_wireshark_t)
# wireshark tries to write to user terminal
- userdom_dontaudit_use_user_terminals($1,$1_wireshark_t)
+ userdom_dontaudit_use_user_terminals($1, $1_wireshark_t)
')
########################################
@@ -240,5 +240,5 @@ template(`wireshark_domtrans_user_wireshark',`
type $1_wireshark_t, wireshark_exec_t;
')
- domtrans_pattern($2,wireshark_exec_t,$1_wireshark_t)
+ domtrans_pattern($2, wireshark_exec_t, $1_wireshark_t)
')
diff --git a/policy/modules/apps/wireshark.te b/policy/modules/apps/wireshark.te
index 61092e3..a0f1de0 100644
--- a/policy/modules/apps/wireshark.te
+++ b/policy/modules/apps/wireshark.te
@@ -1,5 +1,5 @@
-policy_module(wireshark,1.0.0)
+policy_module(wireshark, 1.0.0)
########################################
#
diff --git a/policy/modules/apps/yam.if b/policy/modules/apps/yam.if
index 0b56313..b530e78 100644
--- a/policy/modules/apps/yam.if
+++ b/policy/modules/apps/yam.if
@@ -16,7 +16,7 @@ interface(`yam_domtrans',`
')
corecmd_search_bin($1)
- domtrans_pattern($1,yam_exec_t,yam_t)
+ domtrans_pattern($1, yam_exec_t, yam_t)
')
########################################
@@ -67,6 +67,6 @@ interface(`yam_read_content',`
')
allow $1 yam_content_t:dir list_dir_perms;
- read_files_pattern($1,yam_content_t,yam_content_t)
- read_lnk_files_pattern($1,yam_content_t,yam_content_t)
+ read_files_pattern($1, yam_content_t, yam_content_t)
+ read_lnk_files_pattern($1, yam_content_t, yam_content_t)
')
diff --git a/policy/modules/apps/yam.te b/policy/modules/apps/yam.te
index 71e5d7b..70a5ab8 100644
--- a/policy/modules/apps/yam.te
+++ b/policy/modules/apps/yam.te
@@ -1,5 +1,5 @@
-policy_module(yam,1.2.0)
+policy_module(yam, 1.2.0)
########################################
#
@@ -8,7 +8,7 @@ policy_module(yam,1.2.0)
type yam_t alias yam_crond_t;
type yam_exec_t;
-application_domain(yam_t,yam_exec_t)
+application_domain(yam_t, yam_exec_t)
type yam_content_t;
files_mountpoint(yam_content_t)
@@ -38,15 +38,15 @@ allow yam_t self:msg { send receive };
allow yam_t self:tcp_socket create_socket_perms;
# Update the content being managed by yam.
-manage_dirs_pattern(yam_t,yam_content_t,yam_content_t)
-manage_files_pattern(yam_t,yam_content_t,yam_content_t)
-manage_lnk_files_pattern(yam_t,yam_content_t,yam_content_t)
+manage_dirs_pattern(yam_t, yam_content_t, yam_content_t)
+manage_files_pattern(yam_t, yam_content_t, yam_content_t)
+manage_lnk_files_pattern(yam_t, yam_content_t, yam_content_t)
allow yam_t yam_etc_t:file { getattr read };
files_search_etc(yam_t)
-manage_files_pattern(yam_t,yam_tmp_t,yam_tmp_t)
-manage_dirs_pattern(yam_t,yam_tmp_t,yam_tmp_t)
+manage_files_pattern(yam_t, yam_tmp_t, yam_tmp_t)
+manage_dirs_pattern(yam_t, yam_tmp_t, yam_tmp_t)
files_tmp_filetrans(yam_t, yam_tmp_t, { file dir })
kernel_read_kernel_sysctls(yam_t)
@@ -109,7 +109,7 @@ userdom_search_all_users_home_dirs(yam_t)
apache_search_sys_content(yam_t)
optional_policy(`
- cron_system_entry(yam_t,yam_exec_t)
+ cron_system_entry(yam_t, yam_exec_t)
')
optional_policy(`
diff --git a/policy/modules/kernel/corecommands.if b/policy/modules/kernel/corecommands.if
index b2a5773..777dc49 100644
--- a/policy/modules/kernel/corecommands.if
+++ b/policy/modules/kernel/corecommands.if
@@ -104,7 +104,7 @@ interface(`corecmd_shell_entry_type',`
type shell_exec_t;
')
- domain_entry_file($1,shell_exec_t)
+ domain_entry_file($1, shell_exec_t)
')
########################################
@@ -122,7 +122,7 @@ interface(`corecmd_search_bin',`
type bin_t;
')
- search_dirs_pattern($1,bin_t,bin_t)
+ search_dirs_pattern($1, bin_t, bin_t)
')
########################################
@@ -158,7 +158,7 @@ interface(`corecmd_list_bin',`
type bin_t;
')
- list_dirs_pattern($1,bin_t,bin_t)
+ list_dirs_pattern($1, bin_t, bin_t)
')
########################################
@@ -194,7 +194,7 @@ interface(`corecmd_getattr_bin_files',`
type bin_t;
')
- getattr_files_pattern($1,bin_t,bin_t)
+ getattr_files_pattern($1, bin_t, bin_t)
')
########################################
@@ -231,7 +231,7 @@ interface(`corecmd_read_bin_files',`
type bin_t;
')
- read_files_pattern($1,bin_t,bin_t)
+ read_files_pattern($1, bin_t, bin_t)
')
########################################
@@ -249,7 +249,7 @@ interface(`corecmd_read_bin_symlinks',`
type bin_t;
')
- read_lnk_files_pattern($1,bin_t,bin_t)
+ read_lnk_files_pattern($1, bin_t, bin_t)
')
########################################
@@ -267,7 +267,7 @@ interface(`corecmd_read_bin_pipes',`
type bin_t;
')
- read_fifo_files_pattern($1,bin_t,bin_t)
+ read_fifo_files_pattern($1, bin_t, bin_t)
')
########################################
@@ -285,7 +285,7 @@ interface(`corecmd_read_bin_sockets',`
type bin_t;
')
- read_sock_files_pattern($1,bin_t,bin_t)
+ read_sock_files_pattern($1, bin_t, bin_t)
')
########################################
@@ -304,9 +304,9 @@ interface(`corecmd_exec_bin',`
type bin_t;
')
- read_lnk_files_pattern($1,bin_t,bin_t)
- list_dirs_pattern($1,bin_t,bin_t)
- can_exec($1,bin_t)
+ read_lnk_files_pattern($1, bin_t, bin_t)
+ list_dirs_pattern($1, bin_t, bin_t)
+ can_exec($1, bin_t)
')
########################################
@@ -324,7 +324,7 @@ interface(`corecmd_manage_bin_files',`
type bin_t;
')
- manage_files_pattern($1,bin_t,bin_t)
+ manage_files_pattern($1, bin_t, bin_t)
')
########################################
@@ -342,7 +342,7 @@ interface(`corecmd_relabel_bin_files',`
type bin_t;
')
- relabel_files_pattern($1,bin_t,bin_t)
+ relabel_files_pattern($1, bin_t, bin_t)
')
########################################
@@ -405,8 +405,8 @@ interface(`corecmd_bin_spec_domtrans',`
type bin_t;
')
- read_lnk_files_pattern($1,bin_t,bin_t)
- domain_transition_pattern($1,bin_t,$2)
+ read_lnk_files_pattern($1, bin_t, bin_t)
+ domain_transition_pattern($1, bin_t, $2)
')
########################################
@@ -704,7 +704,7 @@ interface(`corecmd_mmap_sbin_files',`
##
#
interface(`corecmd_sbin_domtrans',`
- corecmd_bin_domtrans($1,$2)
+ corecmd_bin_domtrans($1, $2)
refpolicywarn(`$0() has been deprecated, please use corecmd_bin_domtrans() instead.')
')
@@ -745,7 +745,7 @@ interface(`corecmd_sbin_domtrans',`
##
#
interface(`corecmd_sbin_spec_domtrans',`
- corecmd_bin_spec_domtrans($1,$2)
+ corecmd_bin_spec_domtrans($1, $2)
refpolicywarn(`$0() has been deprecated, please use corecmd_bin_spec_domtrans() instead.')
')
@@ -764,8 +764,8 @@ interface(`corecmd_check_exec_shell',`
type bin_t, shell_exec_t;
')
- list_dirs_pattern($1,bin_t,bin_t)
- read_lnk_files_pattern($1,bin_t,bin_t)
+ list_dirs_pattern($1, bin_t, bin_t)
+ read_lnk_files_pattern($1, bin_t, bin_t)
allow $1 shell_exec_t:file execute;
')
@@ -784,9 +784,9 @@ interface(`corecmd_exec_shell',`
type bin_t, shell_exec_t;
')
- list_dirs_pattern($1,bin_t,bin_t)
- read_lnk_files_pattern($1,bin_t,bin_t)
- can_exec($1,shell_exec_t)
+ list_dirs_pattern($1, bin_t, bin_t)
+ read_lnk_files_pattern($1, bin_t, bin_t)
+ can_exec($1, shell_exec_t)
')
########################################
@@ -838,9 +838,9 @@ interface(`corecmd_shell_spec_domtrans',`
type bin_t, shell_exec_t;
')
- list_dirs_pattern($1,bin_t,bin_t)
- read_lnk_files_pattern($1,bin_t,bin_t)
- domain_transition_pattern($1,shell_exec_t,$2)
+ list_dirs_pattern($1, bin_t, bin_t)
+ read_lnk_files_pattern($1, bin_t, bin_t)
+ domain_transition_pattern($1, shell_exec_t, $2)
')
########################################
@@ -873,7 +873,7 @@ interface(`corecmd_shell_domtrans',`
type shell_exec_t;
')
- corecmd_shell_spec_domtrans($1,$2)
+ corecmd_shell_spec_domtrans($1, $2)
type_transition $1 shell_exec_t:process $2;
')
@@ -892,8 +892,8 @@ interface(`corecmd_exec_chroot',`
type chroot_exec_t;
')
- read_lnk_files_pattern($1,bin_t,bin_t)
- can_exec($1,chroot_exec_t)
+ read_lnk_files_pattern($1, bin_t, bin_t)
+ can_exec($1, chroot_exec_t)
')
########################################
@@ -914,7 +914,7 @@ interface(`corecmd_getattr_all_executables',`
')
allow $1 bin_t:dir list_dir_perms;
- getattr_files_pattern($1,bin_t,exec_type)
+ getattr_files_pattern($1, bin_t, exec_type)
')
########################################
@@ -934,9 +934,9 @@ interface(`corecmd_exec_all_executables',`
type bin_t;
')
- can_exec($1,exec_type)
- list_dirs_pattern($1,bin_t,bin_t)
- read_lnk_files_pattern($1,bin_t,exec_type)
+ can_exec($1, exec_type)
+ list_dirs_pattern($1, bin_t, bin_t)
+ read_lnk_files_pattern($1, bin_t, exec_type)
')
########################################
@@ -974,8 +974,8 @@ interface(`corecmd_manage_all_executables',`
type bin_t;
')
- manage_files_pattern($1,bin_t,exec_type)
- manage_lnk_files_pattern($1,bin_t,bin_t)
+ manage_files_pattern($1, bin_t, exec_type)
+ manage_lnk_files_pattern($1, bin_t, bin_t)
')
########################################
@@ -995,7 +995,7 @@ interface(`corecmd_relabel_all_executables',`
type bin_t;
')
- relabel_files_pattern($1,bin_t,exec_type)
+ relabel_files_pattern($1, bin_t, exec_type)
')
########################################
@@ -1014,5 +1014,5 @@ interface(`corecmd_mmap_all_executables',`
type bin_t;
')
- mmap_files_pattern($1,bin_t,exec_type)
+ mmap_files_pattern($1, bin_t, exec_type)
')
diff --git a/policy/modules/kernel/devices.if b/policy/modules/kernel/devices.if
index 3951c51..a740b04 100644
--- a/policy/modules/kernel/devices.if
+++ b/policy/modules/kernel/devices.if
@@ -63,11 +63,11 @@ interface(`dev_relabel_all_dev_nodes',`
type device_t;
')
- relabelfrom_dirs_pattern($1,device_t,device_node)
- relabelfrom_files_pattern($1,device_t,device_node)
- relabelfrom_lnk_files_pattern($1,device_t,device_node)
- relabelfrom_fifo_files_pattern($1,device_t,device_node)
- relabelfrom_sock_files_pattern($1,device_t,device_node)
+ relabelfrom_dirs_pattern($1, device_t, device_node)
+ relabelfrom_files_pattern($1, device_t, device_node)
+ relabelfrom_lnk_files_pattern($1, device_t, device_node)
+ relabelfrom_fifo_files_pattern($1, device_t, device_node)
+ relabelfrom_sock_files_pattern($1, device_t, device_node)
relabel_blk_files_pattern($1,device_t,{ device_t device_node })
relabel_chr_files_pattern($1,device_t,{ device_t device_node })
')
@@ -88,8 +88,8 @@ interface(`dev_list_all_dev_nodes',`
')
- list_dirs_pattern($1,device_t,device_t)
- read_lnk_files_pattern($1,device_t,device_t)
+ list_dirs_pattern($1, device_t, device_t)
+ read_lnk_files_pattern($1, device_t, device_t)
')
########################################
@@ -107,7 +107,7 @@ interface(`dev_setattr_generic_dirs',`
type device_t;
')
- setattr_dirs_pattern($1,device_t,device_t)
+ setattr_dirs_pattern($1, device_t, device_t)
')
########################################
@@ -162,7 +162,7 @@ interface(`dev_create_generic_dirs',`
')
allow $1 device_t:dir list_dir_perms;
- create_dirs_pattern($1,device_t,device_t)
+ create_dirs_pattern($1, device_t, device_t)
')
########################################
@@ -180,7 +180,7 @@ interface(`dev_delete_generic_dirs',`
type device_t;
')
- delete_dirs_pattern($1,device_t,device_t)
+ delete_dirs_pattern($1, device_t, device_t)
')
########################################
@@ -198,7 +198,7 @@ interface(`dev_relabel_generic_dev_dirs',`
type device_t;
')
- relabel_dirs_pattern($1,device_t,device_t)
+ relabel_dirs_pattern($1, device_t, device_t)
')
########################################
@@ -234,7 +234,7 @@ interface(`dev_rw_generic_files',`
type device_t;
')
- rw_files_pattern($1,device_t,device_t)
+ rw_files_pattern($1, device_t, device_t)
')
########################################
@@ -252,7 +252,7 @@ interface(`dev_delete_generic_files',`
type device_t;
')
- delete_files_pattern($1,device_t,device_t)
+ delete_files_pattern($1, device_t, device_t)
')
########################################
@@ -270,7 +270,7 @@ interface(`dev_manage_generic_files',`
type device_t;
')
- manage_files_pattern($1,device_t,device_t)
+ manage_files_pattern($1, device_t, device_t)
')
########################################
@@ -306,7 +306,7 @@ interface(`dev_getattr_generic_blk_files',`
type device_t;
')
- getattr_blk_files_pattern($1,device_t,device_t)
+ getattr_blk_files_pattern($1, device_t, device_t)
')
########################################
@@ -360,7 +360,7 @@ interface(`dev_create_generic_chr_files',`
type device_t;
')
- create_chr_files_pattern($1,device_t,device_t)
+ create_chr_files_pattern($1, device_t, device_t)
')
########################################
@@ -378,7 +378,7 @@ interface(`dev_getattr_generic_chr_files',`
type device_t;
')
- getattr_chr_files_pattern($1,device_t,device_t)
+ getattr_chr_files_pattern($1, device_t, device_t)
')
########################################
@@ -451,7 +451,7 @@ interface(`dev_create_generic_symlinks',`
type device_t;
')
- create_lnk_files_pattern($1,device_t,device_t)
+ create_lnk_files_pattern($1, device_t, device_t)
')
########################################
@@ -469,7 +469,7 @@ interface(`dev_delete_generic_symlinks',`
type device_t;
')
- delete_lnk_files_pattern($1,device_t,device_t)
+ delete_lnk_files_pattern($1, device_t, device_t)
')
########################################
@@ -487,7 +487,7 @@ interface(`dev_manage_generic_symlinks',`
type device_t;
')
- manage_lnk_files_pattern($1,device_t,device_t)
+ manage_lnk_files_pattern($1, device_t, device_t)
')
########################################
@@ -505,7 +505,7 @@ interface(`dev_relabel_generic_symlinks',`
type device_t;
')
- relabel_lnk_files_pattern($1,device_t,device_t)
+ relabel_lnk_files_pattern($1, device_t, device_t)
')
########################################
@@ -524,14 +524,14 @@ interface(`dev_manage_all_dev_nodes',`
type device_t;
')
- manage_dirs_pattern($1,device_t,device_t)
- manage_sock_files_pattern($1,device_t,device_t)
- manage_lnk_files_pattern($1,device_t,device_t)
- manage_chr_files_pattern($1,device_t,{ device_t device_node })
- manage_blk_files_pattern($1,device_t,{ device_t device_node })
- relabel_dirs_pattern($1,device_t,device_t)
- relabel_chr_files_pattern($1,device_t,{ device_t device_node })
- relabel_blk_files_pattern($1,device_t,{ device_t device_node })
+ manage_dirs_pattern($1, device_t, device_t)
+ manage_sock_files_pattern($1, device_t, device_t)
+ manage_lnk_files_pattern($1, device_t, device_t)
+ manage_chr_files_pattern($1, device_t, { device_t device_node })
+ manage_blk_files_pattern($1, device_t, { device_t device_node })
+ relabel_dirs_pattern($1, device_t, device_t)
+ relabel_chr_files_pattern($1, device_t, { device_t device_node })
+ relabel_blk_files_pattern($1, device_t, { device_t device_node })
# these next rules are to satisfy assertions broken by the above lines.
# the permissions hopefully can be cut back a lot
@@ -577,7 +577,7 @@ interface(`dev_manage_generic_blk_files',`
type device_t;
')
- manage_blk_files_pattern($1,device_t,device_t)
+ manage_blk_files_pattern($1, device_t, device_t)
')
########################################
@@ -595,7 +595,7 @@ interface(`dev_manage_generic_chr_files',`
type device_t;
')
- manage_chr_files_pattern($1,device_t,device_t)
+ manage_chr_files_pattern($1, device_t, device_t)
')
########################################
@@ -625,7 +625,7 @@ interface(`dev_filetrans',`
type device_t;
')
- filetrans_pattern($1,device_t,$2,$3)
+ filetrans_pattern($1, device_t, $2, $3)
fs_associate_tmpfs($2)
files_associate_tmp($2)
@@ -648,7 +648,7 @@ interface(`dev_getattr_all_blk_files',`
type device_t;
')
- getattr_blk_files_pattern($1,device_t,device_node)
+ getattr_blk_files_pattern($1, device_t, device_node)
')
########################################
@@ -685,7 +685,7 @@ interface(`dev_getattr_all_chr_files',`
attribute device_node;
')
- getattr_chr_files_pattern($1,device_t,device_node)
+ getattr_chr_files_pattern($1, device_t, device_node)
')
########################################
@@ -722,7 +722,7 @@ interface(`dev_setattr_all_blk_files',`
attribute device_node;
')
- setattr_blk_files_pattern($1,device_t,device_node)
+ setattr_blk_files_pattern($1, device_t, device_node)
')
########################################
@@ -741,7 +741,7 @@ interface(`dev_setattr_all_chr_files',`
attribute device_node;
')
- setattr_chr_files_pattern($1,device_t,device_node)
+ setattr_chr_files_pattern($1, device_t, device_node)
')
########################################
@@ -795,7 +795,7 @@ interface(`dev_create_all_blk_files',`
attribute device_node;
')
- create_blk_files_pattern($1,device_t,device_node)
+ create_blk_files_pattern($1, device_t, device_node)
')
########################################
@@ -813,7 +813,7 @@ interface(`dev_create_all_chr_files',`
attribute device_node;
')
- create_chr_files_pattern($1,device_t,device_node)
+ create_chr_files_pattern($1, device_t, device_node)
')
########################################
@@ -831,7 +831,7 @@ interface(`dev_delete_all_blk_files',`
attribute device_node;
')
- delete_blk_files_pattern($1,device_t,device_node)
+ delete_blk_files_pattern($1, device_t, device_node)
')
########################################
@@ -849,7 +849,7 @@ interface(`dev_delete_all_chr_files',`
attribute device_node;
')
- delete_chr_files_pattern($1,device_t,device_node)
+ delete_chr_files_pattern($1, device_t, device_node)
')
########################################
@@ -867,7 +867,7 @@ interface(`dev_rename_all_blk_files',`
attribute device_node;
')
- rename_blk_files_pattern($1,device_t,device_node)
+ rename_blk_files_pattern($1, device_t, device_node)
')
########################################
@@ -885,7 +885,7 @@ interface(`dev_rename_all_chr_files',`
attribute device_node;
')
- rename_chr_files_pattern($1,device_t,device_node)
+ rename_chr_files_pattern($1, device_t, device_node)
')
########################################
@@ -903,7 +903,7 @@ interface(`dev_manage_all_blk_files',`
attribute device_node;
')
- manage_blk_files_pattern($1,device_t,device_node)
+ manage_blk_files_pattern($1, device_t, device_node)
# these next rules are to satisfy assertions broken by the above lines.
storage_raw_read_fixed_disk($1)
@@ -927,7 +927,7 @@ interface(`dev_manage_all_chr_files',`
attribute device_node, memory_raw_read, memory_raw_write;
')
- manage_chr_files_pattern($1,device_t,device_node)
+ manage_chr_files_pattern($1, device_t, device_node)
typeattribute $1 memory_raw_read, memory_raw_write;
')
@@ -947,7 +947,7 @@ interface(`dev_getattr_agp_dev',`
type device_t, agp_device_t;
')
- getattr_chr_files_pattern($1,device_t,agp_device_t)
+ getattr_chr_files_pattern($1, device_t, agp_device_t)
')
########################################
@@ -965,7 +965,7 @@ interface(`dev_rw_agp',`
type device_t, agp_device_t;
')
- rw_chr_files_pattern($1,device_t,agp_device_t)
+ rw_chr_files_pattern($1, device_t, agp_device_t)
')
########################################
@@ -983,7 +983,7 @@ interface(`dev_getattr_apm_bios_dev',`
type device_t, apm_bios_t;
')
- getattr_chr_files_pattern($1,device_t,apm_bios_t)
+ getattr_chr_files_pattern($1, device_t, apm_bios_t)
')
########################################
@@ -1020,7 +1020,7 @@ interface(`dev_setattr_apm_bios_dev',`
type device_t, apm_bios_t;
')
- setattr_chr_files_pattern($1,device_t,apm_bios_t)
+ setattr_chr_files_pattern($1, device_t, apm_bios_t)
')
########################################
@@ -1057,7 +1057,7 @@ interface(`dev_rw_apm_bios',`
type device_t, apm_bios_t;
')
- rw_chr_files_pattern($1,device_t,apm_bios_t)
+ rw_chr_files_pattern($1, device_t, apm_bios_t)
')
########################################
@@ -1075,7 +1075,7 @@ interface(`dev_rw_cardmgr',`
type cardmgr_dev_t;
')
- rw_chr_files_pattern($1,device_t,cardmgr_dev_t)
+ rw_chr_files_pattern($1, device_t, cardmgr_dev_t)
')
########################################
@@ -1113,8 +1113,8 @@ interface(`dev_manage_cardmgr_dev',`
type device_t, cardmgr_dev_t;
')
- manage_chr_files_pattern($1,device_t,cardmgr_dev_t)
- manage_blk_files_pattern($1,device_t,cardmgr_dev_t)
+ manage_chr_files_pattern($1, device_t, cardmgr_dev_t)
+ manage_blk_files_pattern($1, device_t, cardmgr_dev_t)
')
########################################
@@ -1134,9 +1134,9 @@ interface(`dev_create_cardmgr_dev',`
type device_t, cardmgr_dev_t;
')
- create_chr_files_pattern($1,device_t,cardmgr_dev_t)
- create_blk_files_pattern($1,device_t,cardmgr_dev_t)
- filetrans_pattern($1,device_t,cardmgr_dev_t,{ chr_file blk_file })
+ create_chr_files_pattern($1, device_t, cardmgr_dev_t)
+ create_blk_files_pattern($1, device_t, cardmgr_dev_t)
+ filetrans_pattern($1,device_t, cardmgr_dev_t, { chr_file blk_file })
')
########################################
@@ -1155,7 +1155,7 @@ interface(`dev_getattr_cpu_dev',`
type device_t, cpu_device_t;
')
- getattr_chr_files_pattern($1,device_t,cpu_device_t)
+ getattr_chr_files_pattern($1, device_t, cpu_device_t)
')
########################################
@@ -1173,7 +1173,7 @@ interface(`dev_read_cpuid',`
type device_t, cpu_device_t;
')
- read_chr_files_pattern($1,device_t,cpu_device_t)
+ read_chr_files_pattern($1, device_t, cpu_device_t)
')
########################################
@@ -1192,7 +1192,7 @@ interface(`dev_rw_cpu_microcode',`
type device_t, cpu_device_t;
')
- rw_chr_files_pattern($1,device_t,cpu_device_t)
+ rw_chr_files_pattern($1, device_t, cpu_device_t)
')
########################################
@@ -1210,7 +1210,7 @@ interface(`dev_rw_crypto',`
type device_t, crypt_device_t;
')
- rw_chr_files_pattern($1,device_t,crypt_device_t)
+ rw_chr_files_pattern($1, device_t, crypt_device_t)
')
########################################
@@ -1228,7 +1228,7 @@ interface(`dev_getattr_dri_dev',`
type device_t, dri_device_t;
')
- getattr_chr_files_pattern($1,device_t,dri_device_t)
+ getattr_chr_files_pattern($1, device_t, dri_device_t)
')
########################################
@@ -1246,7 +1246,7 @@ interface(`dev_setattr_dri_dev',`
type device_t, dri_device_t;
')
- setattr_chr_files_pattern($1,device_t,dri_device_t)
+ setattr_chr_files_pattern($1, device_t, dri_device_t)
')
########################################
@@ -1264,7 +1264,7 @@ interface(`dev_rw_dri',`
type device_t, dri_device_t;
')
- rw_chr_files_pattern($1,device_t,dri_device_t)
+ rw_chr_files_pattern($1, device_t, dri_device_t)
')
########################################
@@ -1300,8 +1300,8 @@ interface(`dev_manage_dri_dev',`
type device_t, dri_device_t;
')
- manage_chr_files_pattern($1,device_t,dri_device_t)
- filetrans_pattern($1,device_t,dri_device_t,chr_file)
+ manage_chr_files_pattern($1, device_t, dri_device_t)
+ filetrans_pattern($1, device_t, dri_device_t, chr_file)
')
########################################
@@ -1357,7 +1357,7 @@ interface(`dev_read_input',`
type device_t, event_device_t;
')
- read_chr_files_pattern($1,device_t,event_device_t)
+ read_chr_files_pattern($1, device_t, event_device_t)
')
########################################
@@ -1375,7 +1375,7 @@ interface(`dev_rw_input_dev',`
type device_t, event_device_t;
')
- rw_chr_files_pattern($1,device_t,event_device_t)
+ rw_chr_files_pattern($1, device_t, event_device_t)
')
########################################
@@ -1393,7 +1393,7 @@ interface(`dev_getattr_framebuffer_dev',`
type device_t, framebuf_device_t;
')
- getattr_chr_files_pattern($1,device_t,framebuf_device_t)
+ getattr_chr_files_pattern($1, device_t, framebuf_device_t)
')
########################################
@@ -1411,7 +1411,7 @@ interface(`dev_setattr_framebuffer_dev',`
type device_t, framebuf_device_t;
')
- setattr_chr_files_pattern($1,device_t,framebuf_device_t)
+ setattr_chr_files_pattern($1, device_t, framebuf_device_t)
')
########################################
@@ -1448,7 +1448,7 @@ interface(`dev_read_framebuffer',`
type framebuf_device_t;
')
- read_chr_files_pattern($1,device_t,framebuf_device_t)
+ read_chr_files_pattern($1, device_t, framebuf_device_t)
')
########################################
@@ -1484,7 +1484,7 @@ interface(`dev_write_framebuffer',`
type device_t, framebuf_device_t;
')
- write_chr_files_pattern($1,device_t,framebuf_device_t)
+ write_chr_files_pattern($1, device_t, framebuf_device_t)
')
########################################
@@ -1502,7 +1502,7 @@ interface(`dev_rw_framebuffer',`
type device_t, framebuf_device_t;
')
- rw_chr_files_pattern($1,device_t,framebuf_device_t)
+ rw_chr_files_pattern($1, device_t, framebuf_device_t)
')
########################################
@@ -1520,7 +1520,7 @@ interface(`dev_read_lvm_control',`
type device_t, lvm_control_t;
')
- read_chr_files_pattern($1,device_t,lvm_control_t)
+ read_chr_files_pattern($1, device_t, lvm_control_t)
')
########################################
@@ -1538,7 +1538,7 @@ interface(`dev_rw_lvm_control',`
type device_t, lvm_control_t;
')
- rw_chr_files_pattern($1,device_t,lvm_control_t)
+ rw_chr_files_pattern($1, device_t, lvm_control_t)
')
########################################
@@ -1556,7 +1556,7 @@ interface(`dev_delete_lvm_control_dev',`
type device_t, lvm_control_t;
')
- delete_chr_files_pattern($1,device_t,lvm_control_t)
+ delete_chr_files_pattern($1, device_t, lvm_control_t)
')
########################################
@@ -1593,7 +1593,7 @@ interface(`dev_read_raw_memory',`
attribute memory_raw_read;
')
- read_chr_files_pattern($1,device_t,memory_device_t)
+ read_chr_files_pattern($1, device_t, memory_device_t)
allow $1 self:capability sys_rawio;
typeattribute $1 memory_raw_read;
@@ -1615,7 +1615,7 @@ interface(`dev_write_raw_memory',`
attribute memory_raw_write;
')
- write_chr_files_pattern($1,device_t,memory_device_t)
+ write_chr_files_pattern($1, device_t, memory_device_t)
allow $1 self:capability sys_rawio;
typeattribute $1 memory_raw_write;
@@ -1674,7 +1674,7 @@ interface(`dev_getattr_misc_dev',`
type device_t, misc_device_t;
')
- getattr_chr_files_pattern($1,device_t,misc_device_t)
+ getattr_chr_files_pattern($1, device_t, misc_device_t)
')
########################################
@@ -1711,7 +1711,7 @@ interface(`dev_setattr_misc_dev',`
type device_t, misc_device_t;
')
- setattr_chr_files_pattern($1,device_t,misc_device_t)
+ setattr_chr_files_pattern($1, device_t, misc_device_t)
')
########################################
@@ -1748,7 +1748,7 @@ interface(`dev_read_misc',`
type device_t, misc_device_t;
')
- read_chr_files_pattern($1,device_t,misc_device_t)
+ read_chr_files_pattern($1, device_t, misc_device_t)
')
########################################
@@ -1766,7 +1766,7 @@ interface(`dev_write_misc',`
type device_t, misc_device_t;
')
- write_chr_files_pattern($1,device_t,misc_device_t)
+ write_chr_files_pattern($1, device_t, misc_device_t)
')
########################################
@@ -1802,7 +1802,7 @@ interface(`dev_getattr_mouse_dev',`
type device_t, mouse_device_t;
')
- getattr_chr_files_pattern($1,device_t,mouse_device_t)
+ getattr_chr_files_pattern($1, device_t, mouse_device_t)
')
########################################
@@ -1820,7 +1820,7 @@ interface(`dev_setattr_mouse_dev',`
type device_t, mouse_device_t;
')
- setattr_chr_files_pattern($1,device_t,mouse_device_t)
+ setattr_chr_files_pattern($1, device_t, mouse_device_t)
')
########################################
@@ -1838,7 +1838,7 @@ interface(`dev_read_mouse',`
type device_t, mouse_device_t;
')
- read_chr_files_pattern($1,device_t,mouse_device_t)
+ read_chr_files_pattern($1, device_t, mouse_device_t)
')
########################################
@@ -1856,7 +1856,7 @@ interface(`dev_rw_mouse',`
type device_t, mouse_device_t;
')
- rw_chr_files_pattern($1,device_t,mouse_device_t)
+ rw_chr_files_pattern($1, device_t, mouse_device_t)
')
########################################
@@ -1875,8 +1875,8 @@ interface(`dev_getattr_mtrr_dev',`
type device_t, mtrr_device_t;
')
- getattr_files_pattern($1,device_t,mtrr_device_t)
- getattr_chr_files_pattern($1,device_t,mtrr_device_t)
+ getattr_files_pattern($1, device_t, mtrr_device_t)
+ getattr_chr_files_pattern($1, device_t, mtrr_device_t)
')
########################################
@@ -1952,8 +1952,8 @@ interface(`dev_rw_mtrr',`
type device_t, mtrr_device_t;
')
- rw_files_pattern($1,device_t,mtrr_device_t)
- rw_chr_files_pattern($1,device_t,mtrr_device_t)
+ rw_files_pattern($1, device_t, mtrr_device_t)
+ rw_chr_files_pattern($1, device_t, mtrr_device_t)
')
########################################
@@ -1971,7 +1971,7 @@ interface(`dev_rw_null',`
type device_t, null_device_t;
')
- rw_chr_files_pattern($1,device_t,null_device_t)
+ rw_chr_files_pattern($1, device_t, null_device_t)
')
########################################
@@ -1989,7 +1989,7 @@ interface(`dev_create_null_dev',`
type device_t, null_device_t;
')
- create_chr_files_pattern($1,device_t,null_device_t)
+ create_chr_files_pattern($1, device_t, null_device_t)
')
########################################
@@ -2026,7 +2026,7 @@ interface(`dev_rw_nvram',`
type nvram_device_t;
')
- rw_chr_files_pattern($1,device_t,nvram_device_t)
+ rw_chr_files_pattern($1, device_t, nvram_device_t)
')
########################################
@@ -2044,7 +2044,7 @@ interface(`dev_getattr_printer_dev',`
type device_t, printer_device_t;
')
- getattr_chr_files_pattern($1,device_t,printer_device_t)
+ getattr_chr_files_pattern($1, device_t, printer_device_t)
')
########################################
@@ -2062,7 +2062,7 @@ interface(`dev_setattr_printer_dev',`
type device_t, printer_device_t;
')
- setattr_chr_files_pattern($1,device_t,printer_device_t)
+ setattr_chr_files_pattern($1, device_t, printer_device_t)
')
########################################
@@ -2081,7 +2081,7 @@ interface(`dev_append_printer',`
type device_t, printer_device_t;
')
- append_chr_files_pattern($1,device_t,printer_device_t)
+ append_chr_files_pattern($1, device_t, printer_device_t)
')
########################################
@@ -2099,7 +2099,7 @@ interface(`dev_rw_printer',`
type device_t, printer_device_t;
')
- rw_chr_files_pattern($1,device_t,printer_device_t)
+ rw_chr_files_pattern($1, device_t, printer_device_t)
')
########################################
@@ -2118,7 +2118,7 @@ interface(`dev_read_rand',`
type device_t, random_device_t;
')
- read_chr_files_pattern($1,device_t,random_device_t)
+ read_chr_files_pattern($1, device_t, random_device_t)
')
########################################
@@ -2157,7 +2157,7 @@ interface(`dev_write_rand',`
type device_t, random_device_t;
')
- write_chr_files_pattern($1,device_t,random_device_t)
+ write_chr_files_pattern($1, device_t, random_device_t)
')
########################################
@@ -2175,7 +2175,7 @@ interface(`dev_read_realtime_clock',`
type device_t, clock_device_t;
')
- read_chr_files_pattern($1,device_t,clock_device_t)
+ read_chr_files_pattern($1, device_t, clock_device_t)
')
########################################
@@ -2193,7 +2193,7 @@ interface(`dev_write_realtime_clock',`
type device_t, clock_device_t;
')
- write_chr_files_pattern($1,device_t,clock_device_t)
+ write_chr_files_pattern($1, device_t, clock_device_t)
allow $1 clock_device_t:chr_file setattr;
')
@@ -2228,7 +2228,7 @@ interface(`dev_getattr_scanner_dev',`
type device_t, scanner_device_t;
')
- getattr_chr_files_pattern($1,device_t,scanner_device_t)
+ getattr_chr_files_pattern($1, device_t, scanner_device_t)
')
########################################
@@ -2265,7 +2265,7 @@ interface(`dev_setattr_scanner_dev',`
type device_t, scanner_device_t;
')
- setattr_chr_files_pattern($1,device_t,scanner_device_t)
+ setattr_chr_files_pattern($1, device_t, scanner_device_t)
')
########################################
@@ -2302,7 +2302,7 @@ interface(`dev_rw_scanner',`
type device_t, scanner_device_t;
')
- rw_chr_files_pattern($1,device_t,scanner_device_t)
+ rw_chr_files_pattern($1, device_t, scanner_device_t)
')
########################################
@@ -2320,7 +2320,7 @@ interface(`dev_getattr_sound_dev',`
type device_t, sound_device_t;
')
- getattr_chr_files_pattern($1,device_t,sound_device_t)
+ getattr_chr_files_pattern($1, device_t, sound_device_t)
')
########################################
@@ -2338,7 +2338,7 @@ interface(`dev_setattr_sound_dev',`
type device_t, sound_device_t;
')
- setattr_chr_files_pattern($1,device_t,sound_device_t)
+ setattr_chr_files_pattern($1, device_t, sound_device_t)
')
########################################
@@ -2356,7 +2356,7 @@ interface(`dev_read_sound',`
type device_t, sound_device_t;
')
- read_chr_files_pattern($1,device_t,sound_device_t)
+ read_chr_files_pattern($1, device_t, sound_device_t)
')
########################################
@@ -2374,7 +2374,7 @@ interface(`dev_write_sound',`
type device_t, sound_device_t;
')
- write_chr_files_pattern($1,device_t,sound_device_t)
+ write_chr_files_pattern($1, device_t, sound_device_t)
')
########################################
@@ -2392,7 +2392,7 @@ interface(`dev_read_sound_mixer',`
type device_t, sound_device_t;
')
- read_chr_files_pattern($1,device_t,sound_device_t)
+ read_chr_files_pattern($1, device_t, sound_device_t)
')
########################################
@@ -2410,7 +2410,7 @@ interface(`dev_write_sound_mixer',`
type device_t, sound_device_t;
')
- write_chr_files_pattern($1,device_t,sound_device_t)
+ write_chr_files_pattern($1, device_t, sound_device_t)
')
########################################
@@ -2428,7 +2428,7 @@ interface(`dev_getattr_power_mgmt_dev',`
type device_t, power_device_t;
')
- getattr_chr_files_pattern($1,device_t,power_device_t)
+ getattr_chr_files_pattern($1, device_t, power_device_t)
')
########################################
@@ -2446,7 +2446,7 @@ interface(`dev_setattr_power_mgmt_dev',`
type device_t, power_device_t;
')
- setattr_chr_files_pattern($1,device_t,power_device_t)
+ setattr_chr_files_pattern($1, device_t, power_device_t)
')
########################################
@@ -2464,7 +2464,7 @@ interface(`dev_rw_power_management',`
type device_t, power_device_t;
')
- rw_chr_files_pattern($1,device_t,power_device_t)
+ rw_chr_files_pattern($1, device_t, power_device_t)
')
########################################
@@ -2520,7 +2520,7 @@ interface(`dev_rw_smartcard',`
type device_t, smartcard_device_t;
')
- rw_chr_files_pattern($1,device_t,smartcard_device_t)
+ rw_chr_files_pattern($1, device_t, smartcard_device_t)
')
########################################
@@ -2538,7 +2538,7 @@ interface(`dev_manage_smartcard',`
type device_t, smartcard_device_t;
')
- manage_chr_files_pattern($1,device_t,smartcard_device_t)
+ manage_chr_files_pattern($1, device_t, smartcard_device_t)
')
########################################
@@ -2574,7 +2574,7 @@ interface(`dev_search_sysfs',`
type sysfs_t;
')
- search_dirs_pattern($1,sysfs_t,sysfs_t)
+ search_dirs_pattern($1, sysfs_t, sysfs_t)
')
########################################
@@ -2610,7 +2610,7 @@ interface(`dev_list_sysfs',`
type sysfs_t;
')
- list_dirs_pattern($1,sysfs_t,sysfs_t)
+ list_dirs_pattern($1, sysfs_t, sysfs_t)
')
########################################
@@ -2647,10 +2647,10 @@ interface(`dev_read_sysfs',`
type sysfs_t;
')
- read_files_pattern($1,sysfs_t,sysfs_t)
- read_lnk_files_pattern($1,sysfs_t,sysfs_t)
+ read_files_pattern($1, sysfs_t, sysfs_t)
+ read_lnk_files_pattern($1, sysfs_t, sysfs_t)
- list_dirs_pattern($1,sysfs_t,sysfs_t)
+ list_dirs_pattern($1, sysfs_t, sysfs_t)
')
########################################
@@ -2669,10 +2669,10 @@ interface(`dev_rw_sysfs',`
')
- rw_files_pattern($1,sysfs_t,sysfs_t)
- read_lnk_files_pattern($1,sysfs_t,sysfs_t)
+ rw_files_pattern($1, sysfs_t, sysfs_t)
+ read_lnk_files_pattern($1, sysfs_t, sysfs_t)
- list_dirs_pattern($1,sysfs_t,sysfs_t)
+ list_dirs_pattern($1, sysfs_t, sysfs_t)
')
########################################
@@ -2690,7 +2690,7 @@ interface(`dev_read_urand',`
type device_t, urandom_device_t;
')
- read_chr_files_pattern($1,device_t,urandom_device_t)
+ read_chr_files_pattern($1, device_t, urandom_device_t)
')
########################################
@@ -2728,7 +2728,7 @@ interface(`dev_write_urand',`
type device_t, urandom_device_t;
')
- write_chr_files_pattern($1,device_t,urandom_device_t)
+ write_chr_files_pattern($1, device_t, urandom_device_t)
')
########################################
@@ -2746,7 +2746,7 @@ interface(`dev_getattr_generic_usb_dev',`
type usb_device_t;
')
- getattr_chr_files_pattern($1,device_t,usb_device_t)
+ getattr_chr_files_pattern($1, device_t, usb_device_t)
')
########################################
@@ -2764,7 +2764,7 @@ interface(`dev_setattr_generic_usb_dev',`
type usb_device_t;
')
- setattr_chr_files_pattern($1,device_t,usb_device_t)
+ setattr_chr_files_pattern($1, device_t, usb_device_t)
')
########################################
@@ -2782,7 +2782,7 @@ interface(`dev_rw_generic_usb_dev',`
type usb_device_t;
')
- rw_chr_files_pattern($1,device_t,usb_device_t)
+ rw_chr_files_pattern($1, device_t, usb_device_t)
')
########################################
@@ -2873,7 +2873,7 @@ interface(`dev_search_usbfs',`
type usbfs_t;
')
- search_dirs_pattern($1,usbfs_t,usbfs_t)
+ search_dirs_pattern($1, usbfs_t, usbfs_t)
')
########################################
@@ -2891,10 +2891,10 @@ interface(`dev_list_usbfs',`
type usbfs_t;
')
- read_lnk_files_pattern($1,usbfs_t,usbfs_t)
- getattr_files_pattern($1,usbfs_t,usbfs_t)
+ read_lnk_files_pattern($1, usbfs_t, usbfs_t)
+ getattr_files_pattern($1, usbfs_t, usbfs_t)
- list_dirs_pattern($1,usbfs_t,usbfs_t)
+ list_dirs_pattern($1, usbfs_t, usbfs_t)
')
########################################
@@ -2912,8 +2912,8 @@ interface(`dev_setattr_usbfs_files',`
type usbfs_t;
')
- setattr_files_pattern($1,usbfs_t,usbfs_t)
- list_dirs_pattern($1,usbfs_t,usbfs_t)
+ setattr_files_pattern($1, usbfs_t, usbfs_t)
+ list_dirs_pattern($1, usbfs_t, usbfs_t)
')
########################################
@@ -2932,9 +2932,9 @@ interface(`dev_read_usbfs',`
type usbfs_t;
')
- read_files_pattern($1,usbfs_t,usbfs_t)
- read_lnk_files_pattern($1,usbfs_t,usbfs_t)
- list_dirs_pattern($1,usbfs_t,usbfs_t)
+ read_files_pattern($1, usbfs_t, usbfs_t)
+ read_lnk_files_pattern($1, usbfs_t, usbfs_t)
+ list_dirs_pattern($1, usbfs_t, usbfs_t)
')
########################################
@@ -2952,9 +2952,9 @@ interface(`dev_rw_usbfs',`
type usbfs_t;
')
- list_dirs_pattern($1,usbfs_t,usbfs_t)
- rw_files_pattern($1,usbfs_t,usbfs_t)
- read_lnk_files_pattern($1,usbfs_t,usbfs_t)
+ list_dirs_pattern($1, usbfs_t, usbfs_t)
+ rw_files_pattern($1, usbfs_t, usbfs_t)
+ read_lnk_files_pattern($1, usbfs_t, usbfs_t)
')
########################################
@@ -2972,7 +2972,7 @@ interface(`dev_getattr_video_dev',`
type device_t, v4l_device_t;
')
- getattr_chr_files_pattern($1,device_t,v4l_device_t)
+ getattr_chr_files_pattern($1, device_t, v4l_device_t)
')
########################################
@@ -3009,7 +3009,7 @@ interface(`dev_setattr_video_dev',`
type device_t, v4l_device_t;
')
- setattr_chr_files_pattern($1,device_t,v4l_device_t)
+ setattr_chr_files_pattern($1, device_t, v4l_device_t)
')
########################################
@@ -3046,7 +3046,7 @@ interface(`dev_read_video_dev',`
type device_t, v4l_device_t;
')
- read_chr_files_pattern($1,device_t,v4l_device_t)
+ read_chr_files_pattern($1, device_t, v4l_device_t)
')
########################################
@@ -3064,7 +3064,7 @@ interface(`dev_write_video_dev',`
type device_t, v4l_device_t;
')
- write_chr_files_pattern($1,device_t,v4l_device_t)
+ write_chr_files_pattern($1, device_t, v4l_device_t)
')
########################################
@@ -3082,7 +3082,7 @@ interface(`dev_rw_vmware',`
type device_t, vmware_device_t;
')
- rw_chr_files_pattern($1,device_t,vmware_device_t)
+ rw_chr_files_pattern($1, device_t, vmware_device_t)
')
########################################
@@ -3119,7 +3119,7 @@ interface(`dev_write_watchdog',`
type device_t, watchdog_device_t;
')
- write_chr_files_pattern($1,device_t,watchdog_device_t)
+ write_chr_files_pattern($1, device_t, watchdog_device_t)
')
########################################
@@ -3137,7 +3137,7 @@ interface(`dev_rw_xen',`
type device_t, xen_device_t;
')
- rw_chr_files_pattern($1,device_t,xen_device_t)
+ rw_chr_files_pattern($1, device_t, xen_device_t)
')
########################################
@@ -3155,7 +3155,7 @@ interface(`dev_manage_xen',`
type device_t, xen_device_t;
')
- manage_chr_files_pattern($1,device_t,xen_device_t)
+ manage_chr_files_pattern($1, device_t, xen_device_t)
')
########################################
@@ -3174,7 +3174,7 @@ interface(`dev_filetrans_xen',`
type device_t, xen_device_t;
')
- filetrans_pattern($1,device_t,xen_device_t,chr_file)
+ filetrans_pattern($1, device_t, xen_device_t, chr_file)
')
########################################
@@ -3192,7 +3192,7 @@ interface(`dev_getattr_xserver_misc_dev',`
type device_t, xserver_misc_device_t;
')
- getattr_chr_files_pattern($1,device_t,xserver_misc_device_t)
+ getattr_chr_files_pattern($1, device_t, xserver_misc_device_t)
')
########################################
@@ -3210,7 +3210,7 @@ interface(`dev_setattr_xserver_misc_dev',`
type device_t, xserver_misc_device_t;
')
- setattr_chr_files_pattern($1,device_t,xserver_misc_device_t)
+ setattr_chr_files_pattern($1, device_t, xserver_misc_device_t)
')
########################################
@@ -3228,7 +3228,7 @@ interface(`dev_rw_xserver_misc',`
type device_t, xserver_misc_device_t;
')
- rw_chr_files_pattern($1,device_t,xserver_misc_device_t)
+ rw_chr_files_pattern($1, device_t, xserver_misc_device_t)
')
########################################
@@ -3246,7 +3246,7 @@ interface(`dev_rw_zero',`
type device_t, zero_device_t;
')
- rw_chr_files_pattern($1,device_t,zero_device_t)
+ rw_chr_files_pattern($1, device_t, zero_device_t)
')
########################################
@@ -3302,7 +3302,7 @@ interface(`dev_create_zero_dev',`
type device_t, zero_device_t;
')
- create_chr_files_pattern($1,device_t,zero_device_t)
+ create_chr_files_pattern($1, device_t, zero_device_t)
')
########################################
diff --git a/policy/modules/kernel/devices.te b/policy/modules/kernel/devices.te
index 317f1d0..0de9187 100644
--- a/policy/modules/kernel/devices.te
+++ b/policy/modules/kernel/devices.te
@@ -1,5 +1,5 @@
-policy_module(devices,1.7.0)
+policy_module(devices, 1.7.0)
########################################
#
diff --git a/policy/modules/kernel/domain.if b/policy/modules/kernel/domain.if
index 46ca635..526df99 100644
--- a/policy/modules/kernel/domain.if
+++ b/policy/modules/kernel/domain.if
@@ -565,8 +565,8 @@ interface(`domain_read_all_domains_state',`
kernel_search_proc($1)
allow $1 domain:dir list_dir_perms;
- read_files_pattern($1,domain,domain)
- read_lnk_files_pattern($1,domain,domain)
+ read_files_pattern($1, domain, domain)
+ read_lnk_files_pattern($1, domain, domain)
')
########################################
@@ -624,8 +624,8 @@ interface(`domain_read_confined_domains_state',`
kernel_search_proc($1)
allow $1 { domain -unconfined_domain_type }:dir list_dir_perms;
- read_files_pattern($1,{ domain -unconfined_domain_type },{ domain -unconfined_domain_type })
- read_lnk_files_pattern($1,{ domain -unconfined_domain_type },{ domain -unconfined_domain_type })
+ read_files_pattern($1, { domain -unconfined_domain_type }, { domain -unconfined_domain_type })
+ read_lnk_files_pattern($1, { domain -unconfined_domain_type }, { domain -unconfined_domain_type })
dontaudit $1 unconfined_domain_type:dir search_dir_perms;
dontaudit $1 unconfined_domain_type:file { getattr read };
@@ -1130,7 +1130,7 @@ interface(`domain_exec_all_entry_files',`
attribute entry_type;
')
- can_exec($1,entry_type)
+ can_exec($1, entry_type)
')
########################################
@@ -1231,7 +1231,7 @@ interface(`domain_entry_file_spec_domtrans',`
attribute entry_type;
')
- domain_transition_pattern($1,entry_type,$2)
+ domain_transition_pattern($1, entry_type, $2)
')
########################################
@@ -1274,7 +1274,7 @@ interface(`domain_all_recvfrom_all_domains',`
attribute domain;
')
- corenet_all_recvfrom_labeled($1,domain)
+ corenet_all_recvfrom_labeled($1, domain)
')
########################################
diff --git a/policy/modules/kernel/domain.te b/policy/modules/kernel/domain.te
index 5362a27..be71a93 100644
--- a/policy/modules/kernel/domain.te
+++ b/policy/modules/kernel/domain.te
@@ -1,5 +1,5 @@
-policy_module(domain,1.5.0)
+policy_module(domain, 1.5.0)
########################################
#
diff --git a/policy/modules/kernel/files.if b/policy/modules/kernel/files.if
index 9978ceb..4ba7e8a 100644
--- a/policy/modules/kernel/files.if
+++ b/policy/modules/kernel/files.if
@@ -282,7 +282,7 @@ interface(`files_getattr_all_dirs',`
attribute file_type;
')
- getattr_dirs_pattern($1,file_type,file_type)
+ getattr_dirs_pattern($1, file_type, file_type)
')
########################################
@@ -319,7 +319,7 @@ interface(`files_list_non_security',`
attribute file_type, security_file_type;
')
- list_dirs_pattern($1,{ file_type -security_file_type },{ file_type -security_file_type })
+ list_dirs_pattern($1, { file_type -security_file_type }, { file_type -security_file_type })
')
########################################
@@ -394,8 +394,8 @@ interface(`files_getattr_all_files',`
attribute file_type;
')
- getattr_files_pattern($1,file_type,file_type)
- getattr_lnk_files_pattern($1,file_type,file_type)
+ getattr_files_pattern($1, file_type, file_type)
+ getattr_lnk_files_pattern($1, file_type, file_type)
')
########################################
@@ -452,7 +452,7 @@ interface(`files_read_all_files',`
')
allow $1 file_type:dir list_dir_perms;
- read_files_pattern($1,file_type,file_type)
+ read_files_pattern($1, file_type, file_type)
optional_policy(`
auth_read_shadow($1)
@@ -501,8 +501,8 @@ interface(`files_read_non_security_files',`
attribute file_type, security_file_type;
')
- read_files_pattern($1,{ file_type -security_file_type },{ file_type -security_file_type })
- read_lnk_files_pattern($1,{ file_type -security_file_type },{ file_type -security_file_type })
+ read_files_pattern($1, { file_type -security_file_type }, { file_type -security_file_type })
+ read_lnk_files_pattern($1, { file_type -security_file_type }, { file_type -security_file_type })
')
########################################
@@ -552,7 +552,7 @@ interface(`files_read_all_files_except',`
attribute file_type;
')
- read_files_pattern($1,{ file_type $2 },{ file_type $2 })
+ read_files_pattern($1, { file_type $2 }, { file_type $2 })
')
########################################
@@ -577,7 +577,7 @@ interface(`files_read_all_symlinks_except',`
attribute file_type;
')
- read_lnk_files_pattern($1,{ file_type $2 },{ file_type $2 })
+ read_lnk_files_pattern($1, { file_type $2 }, { file_type $2 })
')
########################################
@@ -595,7 +595,7 @@ interface(`files_getattr_all_symlinks',`
attribute file_type;
')
- getattr_lnk_files_pattern($1,file_type,file_type)
+ getattr_lnk_files_pattern($1, file_type, file_type)
')
########################################
@@ -709,7 +709,7 @@ interface(`files_read_all_symlinks',`
')
allow $1 file_type:dir list_dir_perms;
- read_lnk_files_pattern($1,file_type,file_type)
+ read_lnk_files_pattern($1, file_type, file_type)
')
########################################
@@ -728,7 +728,7 @@ interface(`files_getattr_all_pipes',`
')
allow $1 file_type:dir list_dir_perms;
- getattr_fifo_files_pattern($1,file_type,file_type)
+ getattr_fifo_files_pattern($1, file_type, file_type)
')
########################################
@@ -785,7 +785,7 @@ interface(`files_getattr_all_sockets',`
')
allow $1 file_type:dir list_dir_perms;
- getattr_sock_files_pattern($1,file_type,file_type)
+ getattr_sock_files_pattern($1, file_type, file_type)
')
########################################
@@ -841,7 +841,7 @@ interface(`files_read_all_blk_files',`
attribute file_type;
')
- read_blk_files_pattern($1,file_type,file_type)
+ read_blk_files_pattern($1, file_type, file_type)
')
########################################
@@ -859,7 +859,7 @@ interface(`files_read_all_chr_files',`
attribute file_type;
')
- read_chr_files_pattern($1,file_type,file_type)
+ read_chr_files_pattern($1, file_type, file_type)
')
########################################
@@ -886,13 +886,13 @@ interface(`files_relabel_all_files',`
')
allow $1 { file_type $2 }:dir list_dir_perms;
- relabel_dirs_pattern($1,{ file_type $2 },{ file_type $2 })
- relabel_files_pattern($1,{ file_type $2 },{ file_type $2 })
- relabel_lnk_files_pattern($1,{ file_type $2 },{ file_type $2 })
- relabel_fifo_files_pattern($1,{ file_type $2 },{ file_type $2 })
- relabel_sock_files_pattern($1,{ file_type $2 },{ file_type $2 })
- relabelfrom_blk_files_pattern($1,{ file_type $2 },{ file_type $2 })
- relabelfrom_chr_files_pattern($1,{ file_type $2 },{ file_type $2 })
+ relabel_dirs_pattern($1, { file_type $2 }, { file_type $2 })
+ relabel_files_pattern($1, { file_type $2 }, { file_type $2 })
+ relabel_lnk_files_pattern($1, { file_type $2 }, { file_type $2 })
+ relabel_fifo_files_pattern($1, { file_type $2 }, { file_type $2 })
+ relabel_sock_files_pattern($1, { file_type $2 }, { file_type $2 })
+ relabelfrom_blk_files_pattern($1, { file_type $2 }, { file_type $2 })
+ relabelfrom_chr_files_pattern($1, { file_type $2 }, { file_type $2 })
# satisfy the assertions:
seutil_relabelto_bin_policy($1)
@@ -921,11 +921,11 @@ interface(`files_manage_all_files',`
attribute file_type;
')
- manage_dirs_pattern($1,{ file_type $2 },{ file_type $2 })
- manage_files_pattern($1,{ file_type $2 },{ file_type $2 })
- manage_lnk_files_pattern($1,{ file_type $2 },{ file_type $2 })
- manage_fifo_files_pattern($1,{ file_type $2 },{ file_type $2 })
- manage_sock_files_pattern($1,{ file_type $2 },{ file_type $2 })
+ manage_dirs_pattern($1, { file_type $2 }, { file_type $2 })
+ manage_files_pattern($1, { file_type $2 }, { file_type $2 })
+ manage_lnk_files_pattern($1, { file_type $2 }, { file_type $2 })
+ manage_fifo_files_pattern($1, { file_type $2 }, { file_type $2 })
+ manage_sock_files_pattern($1, { file_type $2 }, { file_type $2 })
# satisfy the assertions:
seutil_create_bin_policy($1)
@@ -1186,7 +1186,7 @@ interface(`files_root_filetrans',`
type root_t;
')
- filetrans_pattern($1,root_t,$2,$3)
+ filetrans_pattern($1, root_t, $2, $3)
')
########################################
@@ -1399,7 +1399,7 @@ interface(`files_boot_filetrans',`
type boot_t;
')
- filetrans_pattern($1,boot_t,$2,$3)
+ filetrans_pattern($1, boot_t, $2, $3)
')
########################################
@@ -1419,7 +1419,7 @@ interface(`files_manage_boot_files',`
type boot_t;
')
- manage_files_pattern($1,boot_t,boot_t)
+ manage_files_pattern($1, boot_t, boot_t)
')
########################################
@@ -1437,7 +1437,7 @@ interface(`files_relabelfrom_boot_files',`
type boot_t;
')
- relabelfrom_files_pattern($1,boot_t,boot_t)
+ relabelfrom_files_pattern($1, boot_t, boot_t)
')
########################################
@@ -1457,7 +1457,7 @@ interface(`files_rw_boot_symlinks',`
')
allow $1 boot_t:dir list_dir_perms;
- rw_lnk_files_pattern($1,boot_t,boot_t)
+ rw_lnk_files_pattern($1, boot_t, boot_t)
')
########################################
@@ -1476,7 +1476,7 @@ interface(`files_manage_boot_symlinks',`
type boot_t;
')
- manage_lnk_files_pattern($1,boot_t,boot_t)
+ manage_lnk_files_pattern($1, boot_t, boot_t)
')
########################################
@@ -1495,8 +1495,8 @@ interface(`files_read_kernel_img',`
')
allow $1 boot_t:dir list_dir_perms;
- read_files_pattern($1,boot_t,boot_t)
- read_lnk_files_pattern($1,boot_t,boot_t)
+ read_files_pattern($1, boot_t, boot_t)
+ read_lnk_files_pattern($1, boot_t, boot_t)
')
########################################
@@ -1516,7 +1516,7 @@ interface(`files_create_kernel_img',`
')
allow $1 boot_t:file { getattr read write create };
- manage_lnk_files_pattern($1,boot_t,boot_t)
+ manage_lnk_files_pattern($1, boot_t, boot_t)
')
########################################
@@ -1535,7 +1535,7 @@ interface(`files_delete_kernel',`
type boot_t;
')
- delete_files_pattern($1,boot_t,boot_t)
+ delete_files_pattern($1, boot_t, boot_t)
')
########################################
@@ -1846,8 +1846,8 @@ interface(`files_read_etc_files',`
')
allow $1 etc_t:dir list_dir_perms;
- read_files_pattern($1,etc_t,etc_t)
- read_lnk_files_pattern($1,etc_t,etc_t)
+ read_files_pattern($1, etc_t, etc_t)
+ read_lnk_files_pattern($1, etc_t, etc_t)
')
########################################
@@ -1885,8 +1885,8 @@ interface(`files_rw_etc_files',`
')
allow $1 etc_t:dir list_dir_perms;
- rw_files_pattern($1,etc_t,etc_t)
- read_lnk_files_pattern($1,etc_t,etc_t)
+ rw_files_pattern($1, etc_t, etc_t)
+ read_lnk_files_pattern($1, etc_t, etc_t)
')
########################################
@@ -1906,8 +1906,8 @@ interface(`files_manage_etc_files',`
type etc_t;
')
- manage_files_pattern($1,etc_t,etc_t)
- read_lnk_files_pattern($1,etc_t,etc_t)
+ manage_files_pattern($1, etc_t, etc_t)
+ read_lnk_files_pattern($1, etc_t, etc_t)
')
########################################
@@ -1925,7 +1925,7 @@ interface(`files_delete_etc_files',`
type etc_t;
')
- delete_files_pattern($1,etc_t,etc_t)
+ delete_files_pattern($1, etc_t, etc_t)
')
########################################
@@ -1944,8 +1944,8 @@ interface(`files_exec_etc_files',`
')
allow $1 etc_t:dir list_dir_perms;
- read_lnk_files_pattern($1,etc_t,etc_t)
- exec_files_pattern($1,etc_t,etc_t)
+ read_lnk_files_pattern($1, etc_t, etc_t)
+ exec_files_pattern($1, etc_t, etc_t)
')
#######################################
@@ -1964,7 +1964,7 @@ interface(`files_relabel_etc_files',`
')
allow $1 etc_t:dir list_dir_perms;
- relabel_files_pattern($1,etc_t,etc_t)
+ relabel_files_pattern($1, etc_t, etc_t)
')
########################################
@@ -1982,7 +1982,7 @@ interface(`files_read_etc_symlinks',`
type etc_t;
')
- read_lnk_files_pattern($1,etc_t,etc_t)
+ read_lnk_files_pattern($1, etc_t, etc_t)
')
########################################
@@ -2000,7 +2000,7 @@ interface(`files_manage_etc_symlinks',`
type etc_t;
')
- manage_lnk_files_pattern($1,etc_t,etc_t)
+ manage_lnk_files_pattern($1, etc_t, etc_t)
')
########################################
@@ -2029,7 +2029,7 @@ interface(`files_etc_filetrans',`
type etc_t;
')
- filetrans_pattern($1,etc_t,$2,$3)
+ filetrans_pattern($1, etc_t, $2, $3)
')
########################################
@@ -2076,8 +2076,8 @@ interface(`files_read_etc_runtime_files',`
')
allow $1 etc_t:dir list_dir_perms;
- read_files_pattern($1,etc_t,etc_runtime_t)
- read_lnk_files_pattern($1,etc_t,etc_runtime_t)
+ read_files_pattern($1, etc_t, etc_runtime_t)
+ read_lnk_files_pattern($1, etc_t, etc_runtime_t)
')
########################################
@@ -2118,7 +2118,7 @@ interface(`files_rw_etc_runtime_files',`
')
allow $1 etc_t:dir list_dir_perms;
- rw_files_pattern($1,etc_t,etc_runtime_t)
+ rw_files_pattern($1, etc_t, etc_runtime_t)
')
########################################
@@ -2139,7 +2139,7 @@ interface(`files_manage_etc_runtime_files',`
type etc_t, etc_runtime_t;
')
- manage_files_pattern($1,{ etc_t etc_runtime_t },etc_runtime_t)
+ manage_files_pattern($1, { etc_t etc_runtime_t }, etc_runtime_t)
')
########################################
@@ -2163,7 +2163,7 @@ interface(`files_etc_filetrans_etc_runtime',`
type etc_t, etc_runtime_t;
')
- filetrans_pattern($1,etc_t,etc_runtime_t,$2)
+ filetrans_pattern($1, etc_t, etc_runtime_t, $2)
')
########################################
@@ -2532,7 +2532,7 @@ interface(`files_home_filetrans',`
type home_root_t;
')
- filetrans_pattern($1,home_root_t,$2,$3)
+ filetrans_pattern($1, home_root_t, $2, $3)
')
########################################
@@ -2589,11 +2589,11 @@ interface(`files_manage_lost_found',`
type lost_found_t;
')
- manage_dirs_pattern($1,lost_found_t,lost_found_t)
- manage_files_pattern($1,lost_found_t,lost_found_t)
- manage_lnk_files_pattern($1,lost_found_t,lost_found_t)
- manage_fifo_files_pattern($1,lost_found_t,lost_found_t)
- manage_sock_files_pattern($1,lost_found_t,lost_found_t)
+ manage_dirs_pattern($1, lost_found_t, lost_found_t)
+ manage_files_pattern($1, lost_found_t, lost_found_t)
+ manage_lnk_files_pattern($1, lost_found_t, lost_found_t)
+ manage_fifo_files_pattern($1, lost_found_t, lost_found_t)
+ manage_sock_files_pattern($1, lost_found_t, lost_found_t)
')
########################################
@@ -2702,7 +2702,7 @@ interface(`files_manage_mnt_files',`
type mnt_t;
')
- manage_files_pattern($1,mnt_t,mnt_t)
+ manage_files_pattern($1, mnt_t, mnt_t)
')
########################################
@@ -2720,7 +2720,7 @@ interface(`files_manage_mnt_symlinks',`
type mnt_t;
')
- manage_lnk_files_pattern($1,mnt_t,mnt_t)
+ manage_lnk_files_pattern($1, mnt_t, mnt_t)
')
########################################
@@ -2774,7 +2774,7 @@ interface(`files_getattr_kernel_modules',`
type modules_object_t;
')
- getattr_files_pattern($1,modules_object_t,modules_object_t)
+ getattr_files_pattern($1, modules_object_t, modules_object_t)
')
########################################
@@ -2793,8 +2793,8 @@ interface(`files_read_kernel_modules',`
')
allow $1 modules_object_t:dir list_dir_perms;
- read_files_pattern($1,modules_object_t,modules_object_t)
- read_lnk_files_pattern($1,modules_object_t,modules_object_t)
+ read_files_pattern($1, modules_object_t, modules_object_t)
+ read_lnk_files_pattern($1, modules_object_t, modules_object_t)
')
########################################
@@ -2813,7 +2813,7 @@ interface(`files_write_kernel_modules',`
')
allow $1 modules_object_t:dir list_dir_perms;
- write_files_pattern($1,modules_object_t,modules_object_t)
+ write_files_pattern($1, modules_object_t, modules_object_t)
')
########################################
@@ -2831,7 +2831,7 @@ interface(`files_delete_kernel_modules',`
type modules_object_t;
')
- delete_files_pattern($1,modules_object_t,modules_object_t)
+ delete_files_pattern($1, modules_object_t, modules_object_t)
')
########################################
@@ -2851,7 +2851,7 @@ interface(`files_manage_kernel_modules',`
type modules_object_t;
')
- manage_files_pattern($1,modules_object_t,modules_object_t)
+ manage_files_pattern($1, modules_object_t, modules_object_t)
')
########################################
@@ -2869,7 +2869,7 @@ interface(`files_relabel_kernel_modules',`
type modules_object_t;
')
- relabel_files_pattern($1,modules_object_t,modules_object_t)
+ relabel_files_pattern($1, modules_object_t, modules_object_t)
allow $1 modules_object_t:dir list_dir_perms;
')
@@ -2899,7 +2899,7 @@ interface(`files_kernel_modules_filetrans',`
type modules_object_t;
')
- filetrans_pattern($1,modules_object_t,$2,$3)
+ filetrans_pattern($1, modules_object_t, $2, $3)
')
########################################
@@ -3139,7 +3139,7 @@ interface(`files_read_generic_tmp_files',`
type tmp_t;
')
- read_files_pattern($1,tmp_t,tmp_t)
+ read_files_pattern($1, tmp_t, tmp_t)
')
########################################
@@ -3157,7 +3157,7 @@ interface(`files_manage_generic_tmp_dirs',`
type tmp_t;
')
- manage_dirs_pattern($1,tmp_t,tmp_t)
+ manage_dirs_pattern($1, tmp_t, tmp_t)
')
########################################
@@ -3175,7 +3175,7 @@ interface(`files_manage_generic_tmp_files',`
type tmp_t;
')
- manage_files_pattern($1,tmp_t,tmp_t)
+ manage_files_pattern($1, tmp_t, tmp_t)
')
########################################
@@ -3193,7 +3193,7 @@ interface(`files_read_generic_tmp_symlinks',`
type tmp_t;
')
- read_lnk_files_pattern($1,tmp_t,tmp_t)
+ read_lnk_files_pattern($1, tmp_t, tmp_t)
')
########################################
@@ -3211,7 +3211,7 @@ interface(`files_rw_generic_tmp_sockets',`
type tmp_t;
')
- rw_sock_files_pattern($1,tmp_t,tmp_t)
+ rw_sock_files_pattern($1, tmp_t, tmp_t)
')
########################################
@@ -3304,7 +3304,7 @@ interface(`files_read_all_tmp_files',`
attribute tmpfile;
')
- read_files_pattern($1,tmpfile,tmpfile)
+ read_files_pattern($1, tmpfile, tmpfile)
')
########################################
@@ -3333,7 +3333,7 @@ interface(`files_tmp_filetrans',`
type tmp_t;
')
- filetrans_pattern($1,tmp_t,$2,$3)
+ filetrans_pattern($1, tmp_t, $2, $3)
')
########################################
@@ -3352,11 +3352,11 @@ interface(`files_purge_tmp',`
')
allow $1 tmpfile:dir list_dir_perms;
- delete_dirs_pattern($1,tmpfile,tmpfile)
- delete_files_pattern($1,tmpfile,tmpfile)
- delete_lnk_files_pattern($1,tmpfile,tmpfile)
- delete_fifo_files_pattern($1,tmpfile,tmpfile)
- delete_sock_files_pattern($1,tmpfile,tmpfile)
+ delete_dirs_pattern($1, tmpfile, tmpfile)
+ delete_files_pattern($1, tmpfile, tmpfile)
+ delete_lnk_files_pattern($1, tmpfile, tmpfile)
+ delete_fifo_files_pattern($1, tmpfile, tmpfile)
+ delete_sock_files_pattern($1, tmpfile, tmpfile)
')
########################################
@@ -3447,7 +3447,7 @@ interface(`files_getattr_usr_files',`
type usr_t;
')
- getattr_files_pattern($1,usr_t,usr_t)
+ getattr_files_pattern($1, usr_t, usr_t)
')
########################################
@@ -3466,8 +3466,8 @@ interface(`files_read_usr_files',`
')
allow $1 usr_t:dir list_dir_perms;
- read_files_pattern($1,usr_t,usr_t)
- read_lnk_files_pattern($1,usr_t,usr_t)
+ read_files_pattern($1, usr_t, usr_t)
+ read_lnk_files_pattern($1, usr_t, usr_t)
')
########################################
@@ -3486,8 +3486,8 @@ interface(`files_exec_usr_files',`
')
allow $1 usr_t:dir list_dir_perms;
- exec_files_pattern($1,usr_t,usr_t)
- read_lnk_files_pattern($1,usr_t,usr_t)
+ exec_files_pattern($1, usr_t, usr_t)
+ read_lnk_files_pattern($1, usr_t, usr_t)
')
########################################
@@ -3523,7 +3523,7 @@ interface(`files_relabelto_usr_files',`
type usr_t;
')
- relabelto_files_pattern($1,usr_t,usr_t)
+ relabelto_files_pattern($1, usr_t, usr_t)
')
########################################
@@ -3541,7 +3541,7 @@ interface(`files_relabelfrom_usr_files',`
type usr_t;
')
- relabelfrom_files_pattern($1,usr_t,usr_t)
+ relabelfrom_files_pattern($1, usr_t, usr_t)
')
########################################
@@ -3559,7 +3559,7 @@ interface(`files_read_usr_symlinks',`
type usr_t;
')
- read_lnk_files_pattern($1,usr_t,usr_t)
+ read_lnk_files_pattern($1, usr_t, usr_t)
')
########################################
@@ -3587,7 +3587,7 @@ interface(`files_usr_filetrans',`
type usr_t;
')
- filetrans_pattern($1,usr_t,$2,$3)
+ filetrans_pattern($1, usr_t, $2, $3)
')
########################################
@@ -3623,10 +3623,10 @@ interface(`files_getattr_usr_src_files',`
type usr_t, src_t;
')
- getattr_files_pattern($1,src_t,src_t)
+ getattr_files_pattern($1, src_t, src_t)
# /usr/src/linux symlink:
- read_lnk_files_pattern($1,usr_t,src_t)
+ read_lnk_files_pattern($1, usr_t, src_t)
')
########################################
@@ -3645,8 +3645,8 @@ interface(`files_read_usr_src_files',`
')
allow $1 usr_t:dir search_dir_perms;
- read_files_pattern($1,{ usr_t src_t },src_t)
- read_lnk_files_pattern($1,{ usr_t src_t },src_t)
+ read_files_pattern($1, { usr_t src_t }, src_t)
+ read_lnk_files_pattern($1, { usr_t src_t }, src_t)
allow $1 src_t:dir list_dir_perms;
')
@@ -3665,9 +3665,9 @@ interface(`files_exec_usr_src_files',`
type usr_t, src_t;
')
- list_dirs_pattern($1,usr_t,src_t)
- exec_files_pattern($1,src_t,src_t)
- read_lnk_files_pattern($1,src_t,src_t)
+ list_dirs_pattern($1, usr_t, src_t)
+ exec_files_pattern($1, src_t, src_t)
+ read_lnk_files_pattern($1, src_t, src_t)
')
########################################
@@ -3705,7 +3705,7 @@ interface(`files_read_kernel_symbol_table',`
')
allow $1 boot_t:dir list_dir_perms;
- read_files_pattern($1,boot_t,system_map_t)
+ read_files_pattern($1, boot_t, system_map_t)
')
########################################
@@ -3724,7 +3724,7 @@ interface(`files_delete_kernel_symbol_table',`
')
allow $1 boot_t:dir list_dir_perms;
- delete_files_pattern($1,boot_t,system_map_t)
+ delete_files_pattern($1, boot_t, system_map_t)
')
########################################
@@ -3852,7 +3852,7 @@ interface(`files_read_var_files',`
type var_t;
')
- read_files_pattern($1,var_t,var_t)
+ read_files_pattern($1, var_t, var_t)
')
########################################
@@ -3870,7 +3870,7 @@ interface(`files_rw_var_files',`
type var_t;
')
- rw_files_pattern($1,var_t,var_t)
+ rw_files_pattern($1, var_t, var_t)
')
########################################
@@ -3888,7 +3888,7 @@ interface(`files_manage_var_files',`
type var_t;
')
- manage_files_pattern($1,var_t,var_t)
+ manage_files_pattern($1, var_t, var_t)
')
########################################
@@ -3906,7 +3906,7 @@ interface(`files_read_var_symlinks',`
type var_t;
')
- read_lnk_files_pattern($1,var_t,var_t)
+ read_lnk_files_pattern($1, var_t, var_t)
')
########################################
@@ -3925,7 +3925,7 @@ interface(`files_manage_var_symlinks',`
type var_t;
')
- manage_lnk_files_pattern($1,var_t,var_t)
+ manage_lnk_files_pattern($1, var_t, var_t)
')
########################################
@@ -3953,7 +3953,7 @@ interface(`files_var_filetrans',`
type var_t;
')
- filetrans_pattern($1,var_t,$2,$3)
+ filetrans_pattern($1, var_t, $2, $3)
')
########################################
@@ -3971,7 +3971,7 @@ interface(`files_getattr_var_lib_dirs',`
type var_t, var_lib_t;
')
- getattr_dirs_pattern($1,var_t,var_lib_t)
+ getattr_dirs_pattern($1, var_t, var_lib_t)
')
########################################
@@ -3989,7 +3989,7 @@ interface(`files_search_var_lib',`
type var_t, var_lib_t;
')
- search_dirs_pattern($1,var_t,var_lib_t)
+ search_dirs_pattern($1, var_t, var_lib_t)
')
########################################
@@ -4007,7 +4007,7 @@ interface(`files_list_var_lib',`
type var_t, var_lib_t;
')
- list_dirs_pattern($1,var_t,var_lib_t)
+ list_dirs_pattern($1, var_t, var_lib_t)
')
########################################
@@ -4036,7 +4036,7 @@ interface(`files_var_lib_filetrans',`
')
allow $1 var_t:dir search_dir_perms;
- filetrans_pattern($1,var_lib_t,$2,$3)
+ filetrans_pattern($1, var_lib_t, $2, $3)
')
########################################
@@ -4055,7 +4055,7 @@ interface(`files_read_var_lib_files',`
')
allow $1 var_lib_t:dir list_dir_perms;
- read_files_pattern($1,{ var_t var_lib_t },var_lib_t)
+ read_files_pattern($1, { var_t var_lib_t }, var_lib_t)
')
########################################
@@ -4073,7 +4073,7 @@ interface(`files_read_var_lib_symlinks',`
type var_t, var_lib_t;
')
- read_lnk_files_pattern($1,{ var_t var_lib_t },var_lib_t)
+ read_lnk_files_pattern($1, { var_t var_lib_t }, var_lib_t)
')
# cjp: the next two interfaces really need to be fixed
@@ -4096,7 +4096,7 @@ interface(`files_manage_urandom_seed',`
')
allow $1 var_t:dir search_dir_perms;
- manage_files_pattern($1,var_lib_t,var_lib_t)
+ manage_files_pattern($1, var_lib_t, var_lib_t)
')
########################################
@@ -4116,7 +4116,7 @@ interface(`files_manage_mounttab',`
')
allow $1 var_t:dir search_dir_perms;
- manage_files_pattern($1,var_lib_t,var_lib_t)
+ manage_files_pattern($1, var_lib_t, var_lib_t)
')
########################################
@@ -4134,7 +4134,7 @@ interface(`files_search_locks',`
type var_t, var_lock_t;
')
- search_dirs_pattern($1,var_t,var_lock_t)
+ search_dirs_pattern($1, var_t, var_lock_t)
')
########################################
@@ -4172,7 +4172,7 @@ interface(`files_rw_lock_dirs',`
type var_t, var_lock_t;
')
- rw_dirs_pattern($1,var_t,var_lock_t)
+ rw_dirs_pattern($1, var_t, var_lock_t)
')
########################################
@@ -4192,7 +4192,7 @@ interface(`files_getattr_generic_locks',`
allow $1 var_t:dir search_dir_perms;
allow $1 var_lock_t:dir list_dir_perms;
- getattr_files_pattern($1,var_lock_t,var_lock_t)
+ getattr_files_pattern($1, var_lock_t, var_lock_t)
')
########################################
@@ -4212,7 +4212,7 @@ interface(`files_manage_generic_locks',`
')
allow $1 var_t:dir search_dir_perms;
- manage_files_pattern($1,var_lock_t,var_lock_t)
+ manage_files_pattern($1, var_lock_t, var_lock_t)
')
########################################
@@ -4233,7 +4233,7 @@ interface(`files_delete_all_locks',`
')
allow $1 var_t:dir search_dir_perms;
- delete_files_pattern($1,lockfile,lockfile)
+ delete_files_pattern($1, lockfile, lockfile)
')
########################################
@@ -4254,8 +4254,8 @@ interface(`files_read_all_locks',`
allow $1 { var_t var_lock_t }:dir search_dir_perms;
allow $1 lockfile:dir list_dir_perms;
- read_files_pattern($1,lockfile,lockfile)
- read_lnk_files_pattern($1,lockfile,lockfile)
+ read_files_pattern($1, lockfile, lockfile)
+ read_lnk_files_pattern($1, lockfile, lockfile)
')
########################################
@@ -4285,7 +4285,7 @@ interface(`files_lock_filetrans',`
')
allow $1 var_t:dir search_dir_perms;
- filetrans_pattern($1,var_lock_t,$2,$3)
+ filetrans_pattern($1, var_lock_t, $2, $3)
')
########################################
@@ -4323,7 +4323,7 @@ interface(`files_search_pids',`
type var_t, var_run_t;
')
- search_dirs_pattern($1,var_t,var_run_t)
+ search_dirs_pattern($1, var_t, var_run_t)
')
########################################
@@ -4361,7 +4361,7 @@ interface(`files_list_pids',`
type var_t, var_run_t;
')
- list_dirs_pattern($1,var_t,var_run_t)
+ list_dirs_pattern($1, var_t, var_run_t)
')
########################################
@@ -4391,7 +4391,7 @@ interface(`files_pid_filetrans',`
')
allow $1 var_t:dir search_dir_perms;
- filetrans_pattern($1,var_run_t,$2,$3)
+ filetrans_pattern($1, var_run_t, $2, $3)
')
########################################
@@ -4410,7 +4410,7 @@ interface(`files_rw_generic_pids',`
')
list_dirs_pattern($1,var_t,var_run_t)
- rw_files_pattern($1,var_run_t,var_run_t)
+ rw_files_pattern($1, var_run_t, var_run_t)
')
########################################
@@ -4466,8 +4466,8 @@ interface(`files_read_all_pids',`
type var_t;
')
- list_dirs_pattern($1,var_t,pidfile)
- read_files_pattern($1,pidfile,pidfile)
+ list_dirs_pattern($1, var_t, pidfile)
+ read_files_pattern($1, pidfile, pidfile)
')
########################################
@@ -4509,9 +4509,9 @@ interface(`files_delete_all_pids',`
allow $1 var_t:dir search_dir_perms;
allow $1 var_run_t:dir rmdir;
allow $1 var_run_t:lnk_file delete_lnk_file_perms;
- delete_files_pattern($1,pidfile,pidfile)
- delete_fifo_files_pattern($1,pidfile,pidfile)
- delete_sock_files_pattern($1,pidfile,{ pidfile var_run_t })
+ delete_files_pattern($1, pidfile, pidfile)
+ delete_fifo_files_pattern($1, pidfile, pidfile)
+ delete_sock_files_pattern($1, pidfile, { pidfile var_run_t })
')
########################################
@@ -4531,7 +4531,7 @@ interface(`files_delete_all_pid_dirs',`
')
allow $1 var_t:dir search_dir_perms;
- delete_dirs_pattern($1,pidfile,pidfile)
+ delete_dirs_pattern($1, pidfile, pidfile)
')
########################################
@@ -4550,7 +4550,7 @@ interface(`files_search_spool',`
type var_t, var_spool_t;
')
- search_dirs_pattern($1,var_t,var_spool_t)
+ search_dirs_pattern($1, var_t, var_spool_t)
')
########################################
@@ -4588,7 +4588,7 @@ interface(`files_list_spool',`
type var_t, var_spool_t;
')
- list_dirs_pattern($1,var_t,var_spool_t)
+ list_dirs_pattern($1, var_t, var_spool_t)
')
########################################
@@ -4608,7 +4608,7 @@ interface(`files_manage_generic_spool_dirs',`
')
allow $1 var_t:dir search_dir_perms;
- manage_dirs_pattern($1,var_spool_t,var_spool_t)
+ manage_dirs_pattern($1, var_spool_t, var_spool_t)
')
########################################
@@ -4626,8 +4626,8 @@ interface(`files_read_generic_spool',`
type var_t, var_spool_t;
')
- list_dirs_pattern($1,var_t,var_spool_t)
- read_files_pattern($1,var_spool_t,var_spool_t)
+ list_dirs_pattern($1, var_t, var_spool_t)
+ read_files_pattern($1, var_spool_t, var_spool_t)
')
########################################
@@ -4647,7 +4647,7 @@ interface(`files_manage_generic_spool',`
')
allow $1 var_t:dir search_dir_perms;
- manage_files_pattern($1,var_spool_t,var_spool_t)
+ manage_files_pattern($1, var_spool_t, var_spool_t)
')
########################################
@@ -4678,7 +4678,7 @@ interface(`files_spool_filetrans',`
')
allow $1 var_t:dir search_dir_perms;
- filetrans_pattern($1,var_spool_t,$2,$3)
+ filetrans_pattern($1, var_spool_t, $2, $3)
')
########################################
diff --git a/policy/modules/kernel/files.te b/policy/modules/kernel/files.te
index e620ef1..c4e3058 100644
--- a/policy/modules/kernel/files.te
+++ b/policy/modules/kernel/files.te
@@ -1,5 +1,5 @@
-policy_module(files,1.9.0)
+policy_module(files, 1.9.0)
########################################
#
diff --git a/policy/modules/kernel/filesystem.if b/policy/modules/kernel/filesystem.if
index 1bca75e..9a04426 100644
--- a/policy/modules/kernel/filesystem.if
+++ b/policy/modules/kernel/filesystem.if
@@ -285,7 +285,7 @@ interface(`fs_read_anon_inodefs_files',`
')
- read_files_pattern($1,anon_inodefs_t,anon_inodefs_t)
+ read_files_pattern($1, anon_inodefs_t, anon_inodefs_t)
')
########################################
@@ -305,7 +305,7 @@ interface(`fs_rw_anon_inodefs_files',`
')
- rw_files_pattern($1,anon_inodefs_t,anon_inodefs_t)
+ rw_files_pattern($1, anon_inodefs_t, anon_inodefs_t)
')
########################################
@@ -457,7 +457,7 @@ interface(`fs_manage_autofs_symlinks',`
type autofs_t;
')
- manage_lnk_files_pattern($1,autofs_t,autofs_t)
+ manage_lnk_files_pattern($1, autofs_t, autofs_t)
')
########################################
@@ -512,7 +512,7 @@ interface(`fs_register_binary_executable_type',`
type binfmt_misc_fs_t;
')
- rw_files_pattern($1,binfmt_misc_fs_t,binfmt_misc_fs_t)
+ rw_files_pattern($1, binfmt_misc_fs_t, binfmt_misc_fs_t)
')
########################################
@@ -663,7 +663,7 @@ interface(`fs_read_cifs_files',`
')
allow $1 cifs_t:dir list_dir_perms;
- read_files_pattern($1,cifs_t,cifs_t)
+ read_files_pattern($1, cifs_t, cifs_t)
')
########################################
@@ -737,7 +737,7 @@ interface(`fs_read_noxattr_fs_files',`
attribute noxattrfs;
')
- read_files_pattern($1,noxattrfs,noxattrfs)
+ read_files_pattern($1, noxattrfs, noxattrfs)
')
########################################
@@ -755,7 +755,7 @@ interface(`fs_manage_noxattr_fs_files',`
attribute noxattrfs;
')
- manage_files_pattern($1,noxattrfs,noxattrfs)
+ manage_files_pattern($1, noxattrfs, noxattrfs)
')
########################################
@@ -773,7 +773,7 @@ interface(`fs_read_noxattr_fs_symlinks',`
attribute noxattrfs;
')
- read_lnk_files_pattern($1,noxattrfs,noxattrfs)
+ read_lnk_files_pattern($1, noxattrfs, noxattrfs)
')
########################################
@@ -830,7 +830,7 @@ interface(`fs_read_cifs_symlinks',`
')
allow $1 cifs_t:dir list_dir_perms;
- read_lnk_files_pattern($1,cifs_t,cifs_t)
+ read_lnk_files_pattern($1, cifs_t, cifs_t)
')
########################################
@@ -849,7 +849,7 @@ interface(`fs_read_cifs_named_pipes',`
type cifs_t;
')
- read_fifo_files_pattern($1,cifs_t,cifs_t)
+ read_fifo_files_pattern($1, cifs_t, cifs_t)
')
########################################
@@ -868,7 +868,7 @@ interface(`fs_read_cifs_named_sockets',`
type cifs_t;
')
- read_sock_files_pattern($1,cifs_t,cifs_t)
+ read_sock_files_pattern($1, cifs_t, cifs_t)
')
########################################
@@ -890,7 +890,7 @@ interface(`fs_exec_cifs_files',`
')
allow $1 cifs_t:dir list_dir_perms;
- exec_files_pattern($1,cifs_t,cifs_t)
+ exec_files_pattern($1, cifs_t, cifs_t)
')
########################################
@@ -950,7 +950,7 @@ interface(`fs_manage_cifs_files',`
type cifs_t;
')
- manage_files_pattern($1,cifs_t,cifs_t)
+ manage_files_pattern($1, cifs_t, cifs_t)
')
########################################
@@ -989,7 +989,7 @@ interface(`fs_manage_cifs_symlinks',`
type cifs_t;
')
- manage_lnk_files_pattern($1,cifs_t,cifs_t)
+ manage_lnk_files_pattern($1, cifs_t, cifs_t)
')
########################################
@@ -1008,7 +1008,7 @@ interface(`fs_manage_cifs_named_pipes',`
type cifs_t;
')
- manage_fifo_files_pattern($1,cifs_t,cifs_t)
+ manage_fifo_files_pattern($1, cifs_t, cifs_t)
')
########################################
@@ -1027,7 +1027,7 @@ interface(`fs_manage_cifs_named_sockets',`
type cifs_t;
')
- manage_sock_files_pattern($1,cifs_t,cifs_t)
+ manage_sock_files_pattern($1, cifs_t, cifs_t)
')
########################################
@@ -1071,7 +1071,7 @@ interface(`fs_cifs_domtrans',`
')
allow $1 cifs_t:dir search_dir_perms;
- domain_auto_transition_pattern($1,cifs_t,$2)
+ domain_auto_transition_pattern($1, cifs_t, $2)
')
########################################
@@ -1204,7 +1204,7 @@ interface(`fs_read_dos_files',`
type dosfs_t;
')
- read_files_pattern($1,dosfs_t,dosfs_t)
+ read_files_pattern($1, dosfs_t, dosfs_t)
')
########################################
@@ -1223,7 +1223,7 @@ interface(`fs_manage_dos_files',`
type dosfs_t;
')
- manage_files_pattern($1,dosfs_t,dosfs_t)
+ manage_files_pattern($1, dosfs_t, dosfs_t)
')
########################################
@@ -1436,8 +1436,8 @@ interface(`fs_read_iso9660_files',`
')
allow $1 iso9660_t:dir list_dir_perms;
- read_files_pattern($1,iso9660_t,iso9660_t)
- read_lnk_files_pattern($1,iso9660_t,iso9660_t)
+ read_files_pattern($1, iso9660_t, iso9660_t)
+ read_lnk_files_pattern($1, iso9660_t, iso9660_t)
')
########################################
@@ -1586,7 +1586,7 @@ interface(`fs_read_nfs_files',`
')
allow $1 nfs_t:dir list_dir_perms;
- read_files_pattern($1,nfs_t,nfs_t)
+ read_files_pattern($1, nfs_t, nfs_t)
')
########################################
@@ -1624,7 +1624,7 @@ interface(`fs_write_nfs_files',`
')
allow $1 nfs_t:dir list_dir_perms;
- write_files_pattern($1,nfs_t,nfs_t)
+ write_files_pattern($1, nfs_t, nfs_t)
')
########################################
@@ -1644,7 +1644,7 @@ interface(`fs_exec_nfs_files',`
')
allow $1 nfs_t:dir list_dir_perms;
- exec_files_pattern($1,nfs_t,nfs_t)
+ exec_files_pattern($1, nfs_t, nfs_t)
')
########################################
@@ -1682,7 +1682,7 @@ interface(`fs_read_nfs_symlinks',`
')
allow $1 nfs_t:dir list_dir_perms;
- read_lnk_files_pattern($1,nfs_t,nfs_t)
+ read_lnk_files_pattern($1, nfs_t, nfs_t)
')
#########################################
@@ -1700,7 +1700,7 @@ interface(`fs_read_nfs_named_sockets',`
type nfs_t;
')
- read_sock_files_pattern($1,nfs_t,nfs_t)
+ read_sock_files_pattern($1, nfs_t, nfs_t)
')
#########################################
@@ -1719,7 +1719,7 @@ interface(`fs_read_nfs_named_pipes',`
type nfs_t;
')
- read_fifo_files_pattern($1,nfs_t,nfs_t)
+ read_fifo_files_pattern($1, nfs_t, nfs_t)
')
########################################
@@ -1810,7 +1810,7 @@ interface(`fs_read_removable_files',`
type removable_t;
')
- read_files_pattern($1,removable_t,removable_t)
+ read_files_pattern($1, removable_t, removable_t)
')
########################################
@@ -1846,7 +1846,7 @@ interface(`fs_read_removable_symlinks',`
type removable_t;
')
- read_lnk_files_pattern($1,removable_t,removable_t)
+ read_lnk_files_pattern($1, removable_t, removable_t)
')
########################################
@@ -1882,7 +1882,7 @@ interface(`fs_read_rpc_files',`
type rpc_pipefs_t;
')
- read_files_pattern($1,rpc_pipefs_t,rpc_pipefs_t)
+ read_files_pattern($1, rpc_pipefs_t, rpc_pipefs_t)
')
########################################
@@ -1900,7 +1900,7 @@ interface(`fs_read_rpc_symlinks',`
type rpc_pipefs_t;
')
- read_lnk_files_pattern($1,rpc_pipefs_t,rpc_pipefs_t)
+ read_lnk_files_pattern($1, rpc_pipefs_t, rpc_pipefs_t)
')
########################################
@@ -1979,7 +1979,7 @@ interface(`fs_manage_nfs_files',`
type nfs_t;
')
- manage_files_pattern($1,nfs_t,nfs_t)
+ manage_files_pattern($1, nfs_t, nfs_t)
')
########################################
@@ -2019,7 +2019,7 @@ interface(`fs_manage_nfs_symlinks',`
type nfs_t;
')
- manage_lnk_files_pattern($1,nfs_t,nfs_t)
+ manage_lnk_files_pattern($1, nfs_t, nfs_t)
')
#########################################
@@ -2038,7 +2038,7 @@ interface(`fs_manage_nfs_named_pipes',`
type nfs_t;
')
- manage_fifo_files_pattern($1,nfs_t,nfs_t)
+ manage_fifo_files_pattern($1, nfs_t, nfs_t)
')
#########################################
@@ -2057,7 +2057,7 @@ interface(`fs_manage_nfs_named_sockets',`
type nfs_t;
')
- manage_sock_files_pattern($1,nfs_t,nfs_t)
+ manage_sock_files_pattern($1, nfs_t, nfs_t)
')
########################################
@@ -2101,7 +2101,7 @@ interface(`fs_nfs_domtrans',`
')
allow $1 nfs_t:dir search_dir_perms;
- domain_auto_transition_pattern($1,nfs_t,$2)
+ domain_auto_transition_pattern($1, nfs_t, $2)
')
########################################
@@ -2211,7 +2211,7 @@ interface(`fs_rw_nfsd_fs',`
type nfsd_fs_t;
')
- rw_files_pattern($1,nfsd_fs_t,nfsd_fs_t)
+ rw_files_pattern($1, nfsd_fs_t, nfsd_fs_t)
')
########################################
@@ -2412,7 +2412,7 @@ interface(`fs_manage_ramfs_files',`
type ramfs_t;
')
- manage_files_pattern($1,ramfs_t,ramfs_t)
+ manage_files_pattern($1, ramfs_t, ramfs_t)
')
########################################
@@ -2430,7 +2430,7 @@ interface(`fs_write_ramfs_pipes',`
type ramfs_t;
')
- write_fifo_files_pattern($1,ramfs_t,ramfs_t)
+ write_fifo_files_pattern($1, ramfs_t, ramfs_t)
')
########################################
@@ -2467,7 +2467,7 @@ interface(`fs_rw_ramfs_pipes',`
type ramfs_t;
')
- rw_fifo_files_pattern($1,ramfs_t,ramfs_t)
+ rw_fifo_files_pattern($1, ramfs_t, ramfs_t)
')
########################################
@@ -2486,7 +2486,7 @@ interface(`fs_manage_ramfs_pipes',`
type ramfs_t;
')
- manage_fifo_files_pattern($1,ramfs_t,ramfs_t)
+ manage_fifo_files_pattern($1, ramfs_t, ramfs_t)
')
########################################
@@ -2504,7 +2504,7 @@ interface(`fs_write_ramfs_sockets',`
type ramfs_t;
')
- write_sock_files_pattern($1,ramfs_t,ramfs_t)
+ write_sock_files_pattern($1, ramfs_t, ramfs_t)
')
########################################
@@ -2523,7 +2523,7 @@ interface(`fs_manage_ramfs_sockets',`
type ramfs_t;
')
- manage_sock_files_pattern($1,ramfs_t,ramfs_t)
+ manage_sock_files_pattern($1, ramfs_t, ramfs_t)
')
########################################
@@ -2940,7 +2940,7 @@ interface(`fs_tmpfs_filetrans',`
')
allow $2 tmpfs_t:filesystem associate;
- filetrans_pattern($1,tmpfs_t,$2,$3)
+ filetrans_pattern($1, tmpfs_t, $2, $3)
')
########################################
@@ -3015,7 +3015,7 @@ interface(`fs_rw_tmpfs_files',`
type tmpfs_t;
')
- rw_files_pattern($1,tmpfs_t,tmpfs_t)
+ rw_files_pattern($1, tmpfs_t, tmpfs_t)
')
########################################
@@ -3033,7 +3033,7 @@ interface(`fs_read_tmpfs_symlinks',`
type tmpfs_t;
')
- read_lnk_files_pattern($1,tmpfs_t,tmpfs_t)
+ read_lnk_files_pattern($1, tmpfs_t, tmpfs_t)
')
########################################
@@ -3052,7 +3052,7 @@ interface(`fs_rw_tmpfs_chr_files',`
')
allow $1 tmpfs_t:dir list_dir_perms;
- rw_chr_files_pattern($1,tmpfs_t,tmpfs_t)
+ rw_chr_files_pattern($1, tmpfs_t, tmpfs_t)
')
########################################
@@ -3090,7 +3090,7 @@ interface(`fs_relabel_tmpfs_chr_file',`
')
allow $1 tmpfs_t:dir list_dir_perms;
- relabel_chr_files_pattern($1,tmpfs_t,tmpfs_t)
+ relabel_chr_files_pattern($1, tmpfs_t, tmpfs_t)
')
########################################
@@ -3109,7 +3109,7 @@ interface(`fs_rw_tmpfs_blk_files',`
')
allow $1 tmpfs_t:dir list_dir_perms;
- rw_blk_files_pattern($1,tmpfs_t,tmpfs_t)
+ rw_blk_files_pattern($1, tmpfs_t, tmpfs_t)
')
########################################
@@ -3128,7 +3128,7 @@ interface(`fs_relabel_tmpfs_blk_file',`
')
allow $1 tmpfs_t:dir list_dir_perms;
- relabel_blk_files_pattern($1,tmpfs_t,tmpfs_t)
+ relabel_blk_files_pattern($1, tmpfs_t, tmpfs_t)
')
########################################
@@ -3147,7 +3147,7 @@ interface(`fs_manage_tmpfs_files',`
type tmpfs_t;
')
- manage_files_pattern($1,tmpfs_t,tmpfs_t)
+ manage_files_pattern($1, tmpfs_t, tmpfs_t)
')
########################################
@@ -3166,7 +3166,7 @@ interface(`fs_manage_tmpfs_symlinks',`
type tmpfs_t;
')
- manage_lnk_files_pattern($1,tmpfs_t,tmpfs_t)
+ manage_lnk_files_pattern($1, tmpfs_t, tmpfs_t)
')
########################################
@@ -3185,7 +3185,7 @@ interface(`fs_manage_tmpfs_sockets',`
type tmpfs_t;
')
- manage_sock_files_pattern($1,tmpfs_t,tmpfs_t)
+ manage_sock_files_pattern($1, tmpfs_t, tmpfs_t)
')
########################################
@@ -3204,7 +3204,7 @@ interface(`fs_manage_tmpfs_chr_files',`
type tmpfs_t;
')
- manage_chr_files_pattern($1,tmpfs_t,tmpfs_t)
+ manage_chr_files_pattern($1, tmpfs_t, tmpfs_t)
')
########################################
@@ -3223,7 +3223,7 @@ interface(`fs_manage_tmpfs_blk_files',`
type tmpfs_t;
')
- manage_blk_files_pattern($1,tmpfs_t,tmpfs_t)
+ manage_blk_files_pattern($1, tmpfs_t, tmpfs_t)
')
########################################
@@ -3447,7 +3447,7 @@ interface(`fs_getattr_all_files',`
attribute filesystem_type;
')
- getattr_files_pattern($1,filesystem_type,filesystem_type)
+ getattr_files_pattern($1, filesystem_type, filesystem_type)
')
########################################
@@ -3466,7 +3466,7 @@ interface(`fs_getattr_all_symlinks',`
attribute filesystem_type;
')
- getattr_lnk_files_pattern($1,filesystem_type,filesystem_type)
+ getattr_lnk_files_pattern($1, filesystem_type, filesystem_type)
')
########################################
@@ -3485,7 +3485,7 @@ interface(`fs_getattr_all_pipes',`
attribute filesystem_type;
')
- getattr_fifo_files_pattern($1,filesystem_type,filesystem_type)
+ getattr_fifo_files_pattern($1, filesystem_type, filesystem_type)
')
########################################
@@ -3504,7 +3504,7 @@ interface(`fs_getattr_all_sockets',`
attribute filesystem_type;
')
- getattr_sock_files_pattern($1,filesystem_type,filesystem_type)
+ getattr_sock_files_pattern($1, filesystem_type, filesystem_type)
')
########################################
@@ -3618,11 +3618,11 @@ interface(`fs_relabelfrom_noxattr_fs',`
')
allow $1 noxattrfs:dir list_dir_perms;
- relabelfrom_dirs_pattern($1,noxattrfs,noxattrfs)
- relabelfrom_files_pattern($1,noxattrfs,noxattrfs)
- relabelfrom_lnk_files_pattern($1,noxattrfs,noxattrfs)
- relabelfrom_fifo_files_pattern($1,noxattrfs,noxattrfs)
- relabelfrom_sock_files_pattern($1,noxattrfs,noxattrfs)
- relabelfrom_blk_files_pattern($1,noxattrfs,noxattrfs)
- relabelfrom_chr_files_pattern($1,noxattrfs,noxattrfs)
+ relabelfrom_dirs_pattern($1, noxattrfs, noxattrfs)
+ relabelfrom_files_pattern($1, noxattrfs, noxattrfs)
+ relabelfrom_lnk_files_pattern($1, noxattrfs, noxattrfs)
+ relabelfrom_fifo_files_pattern($1, noxattrfs, noxattrfs)
+ relabelfrom_sock_files_pattern($1, noxattrfs, noxattrfs)
+ relabelfrom_blk_files_pattern($1, noxattrfs, noxattrfs)
+ relabelfrom_chr_files_pattern($1, noxattrfs, noxattrfs)
')
diff --git a/policy/modules/kernel/kernel.if b/policy/modules/kernel/kernel.if
index 270a0c4..fdb4b03 100644
--- a/policy/modules/kernel/kernel.if
+++ b/policy/modules/kernel/kernel.if
@@ -589,7 +589,7 @@ interface(`kernel_search_debugfs',`
type debugfs_t;
')
- search_dirs_pattern($1,debugfs_t,debugfs_t)
+ search_dirs_pattern($1, debugfs_t, debugfs_t)
')
########################################
@@ -607,9 +607,9 @@ interface(`kernel_read_debugfs',`
type debugfs_t;
')
- read_files_pattern($1,debugfs_t,debugfs_t)
- read_lnk_files_pattern($1,debugfs_t,debugfs_t)
- list_dirs_pattern($1,debugfs_t,debugfs_t)
+ read_files_pattern($1, debugfs_t, debugfs_t)
+ read_lnk_files_pattern($1, debugfs_t, debugfs_t)
+ list_dirs_pattern($1, debugfs_t, debugfs_t)
')
########################################
@@ -681,7 +681,7 @@ interface(`kernel_search_proc',`
type proc_t;
')
- search_dirs_pattern($1,proc_t,proc_t)
+ search_dirs_pattern($1, proc_t, proc_t)
')
########################################
@@ -699,7 +699,7 @@ interface(`kernel_list_proc',`
type proc_t;
')
- list_dirs_pattern($1,proc_t,proc_t)
+ list_dirs_pattern($1, proc_t, proc_t)
')
########################################
@@ -736,7 +736,7 @@ interface(`kernel_getattr_proc_files',`
type proc_t;
')
- getattr_files_pattern($1,proc_t,proc_t)
+ getattr_files_pattern($1, proc_t, proc_t)
')
########################################
@@ -754,7 +754,7 @@ interface(`kernel_read_proc_symlinks',`
type proc_t;
')
- read_lnk_files_pattern($1,proc_t,proc_t)
+ read_lnk_files_pattern($1, proc_t, proc_t)
')
########################################
@@ -773,10 +773,10 @@ interface(`kernel_read_system_state',`
type proc_t;
')
- read_files_pattern($1,proc_t,proc_t)
- read_lnk_files_pattern($1,proc_t,proc_t)
+ read_files_pattern($1, proc_t, proc_t)
+ read_lnk_files_pattern($1, proc_t, proc_t)
- list_dirs_pattern($1,proc_t,proc_t)
+ list_dirs_pattern($1, proc_t, proc_t)
')
########################################
@@ -799,7 +799,7 @@ interface(`kernel_write_proc_files',`
type proc_t;
')
- write_files_pattern($1,proc_t,proc_t)
+ write_files_pattern($1, proc_t, proc_t)
')
########################################
@@ -856,8 +856,8 @@ interface(`kernel_rw_afs_state',`
type proc_t, proc_afs_t;
')
- list_dirs_pattern($1,proc_t,proc_t)
- rw_files_pattern($1,proc_afs_t,proc_afs_t)
+ list_dirs_pattern($1, proc_t, proc_t)
+ rw_files_pattern($1, proc_afs_t, proc_afs_t)
')
#######################################
@@ -876,9 +876,9 @@ interface(`kernel_read_software_raid_state',`
type proc_t, proc_mdstat_t;
')
- read_files_pattern($1,proc_t,proc_mdstat_t)
+ read_files_pattern($1, proc_t, proc_mdstat_t)
- list_dirs_pattern($1,proc_t,proc_t)
+ list_dirs_pattern($1, proc_t, proc_t)
')
#######################################
@@ -896,9 +896,9 @@ interface(`kernel_rw_software_raid_state',`
type proc_t, proc_mdstat_t;
')
- rw_files_pattern($1,proc_t,proc_mdstat_t)
+ rw_files_pattern($1, proc_t, proc_mdstat_t)
- list_dirs_pattern($1,proc_t,proc_t)
+ list_dirs_pattern($1, proc_t, proc_t)
')
########################################
@@ -916,9 +916,9 @@ interface(`kernel_getattr_core_if',`
type proc_t, proc_kcore_t;
')
- getattr_files_pattern($1,proc_t,proc_kcore_t)
+ getattr_files_pattern($1, proc_t, proc_kcore_t)
- list_dirs_pattern($1,proc_t,proc_t)
+ list_dirs_pattern($1, proc_t, proc_t)
')
########################################
@@ -957,7 +957,7 @@ interface(`kernel_read_messages',`
type proc_kmsg_t, proc_t;
')
- read_files_pattern($1,proc_t,proc_kmsg_t)
+ read_files_pattern($1, proc_t, proc_kmsg_t)
typeattribute $1 can_receive_kernel_messages;
')
@@ -978,7 +978,7 @@ interface(`kernel_getattr_message_if',`
type proc_kmsg_t, proc_t;
')
- getattr_files_pattern($1,proc_t,proc_kmsg_t)
+ getattr_files_pattern($1, proc_t, proc_kmsg_t)
')
########################################
@@ -1036,7 +1036,7 @@ interface(`kernel_search_network_state',`
type proc_net_t;
')
- search_dirs_pattern($1,proc_t,proc_net_t)
+ search_dirs_pattern($1, proc_t, proc_net_t)
')
########################################
@@ -1055,10 +1055,10 @@ interface(`kernel_read_network_state',`
type proc_t, proc_net_t;
')
- read_files_pattern($1,{ proc_t proc_net_t },proc_net_t)
- read_lnk_files_pattern($1,{ proc_t proc_net_t },proc_net_t)
+ read_files_pattern($1, { proc_t proc_net_t }, proc_net_t)
+ read_lnk_files_pattern($1, { proc_t proc_net_t }, proc_net_t)
- list_dirs_pattern($1,proc_t,proc_net_t)
+ list_dirs_pattern($1, proc_t, proc_net_t)
')
########################################
@@ -1076,9 +1076,9 @@ interface(`kernel_read_network_state_symlinks',`
type proc_t, proc_net_t;
')
- read_lnk_files_pattern($1,{ proc_t proc_net_t },proc_net_t)
+ read_lnk_files_pattern($1, { proc_t proc_net_t }, proc_net_t)
- list_dirs_pattern($1,proc_t,proc_net_t)
+ list_dirs_pattern($1, proc_t, proc_net_t)
')
########################################
@@ -1097,7 +1097,7 @@ interface(`kernel_search_xen_state',`
type proc_t, proc_xen_t;
')
- search_dirs_pattern($1,proc_t,proc_xen_t)
+ search_dirs_pattern($1, proc_t, proc_xen_t)
')
########################################
@@ -1136,10 +1136,10 @@ interface(`kernel_read_xen_state',`
type proc_t, proc_xen_t;
')
- read_files_pattern($1,{ proc_t proc_xen_t },proc_xen_t)
- read_lnk_files_pattern($1,{ proc_t proc_xen_t },proc_xen_t)
+ read_files_pattern($1, { proc_t proc_xen_t }, proc_xen_t)
+ read_lnk_files_pattern($1, { proc_t proc_xen_t }, proc_xen_t)
- list_dirs_pattern($1,proc_t,proc_xen_t)
+ list_dirs_pattern($1, proc_t, proc_xen_t)
')
########################################
@@ -1158,9 +1158,9 @@ interface(`kernel_read_xen_state_symlinks',`
type proc_t, proc_xen_t;
')
- read_lnk_files_pattern($1,{ proc_t proc_xen_t },proc_xen_t)
+ read_lnk_files_pattern($1, { proc_t proc_xen_t }, proc_xen_t)
- list_dirs_pattern($1,proc_t,proc_xen_t)
+ list_dirs_pattern($1, proc_t, proc_xen_t)
')
########################################
@@ -1179,7 +1179,7 @@ interface(`kernel_write_xen_state',`
type proc_t, proc_xen_t;
')
- write_files_pattern($1,{ proc_t proc_xen_t },proc_xen_t)
+ write_files_pattern($1, { proc_t proc_xen_t }, proc_xen_t)
')
########################################
@@ -1236,7 +1236,7 @@ interface(`kernel_read_sysctl',`
type sysctl_t;
')
- list_dirs_pattern($1,proc_t,sysctl_t)
+ list_dirs_pattern($1, proc_t, sysctl_t)
')
########################################
@@ -1255,9 +1255,9 @@ interface(`kernel_read_device_sysctls',`
type proc_t, sysctl_t, sysctl_dev_t;
')
- read_files_pattern($1,{ proc_t sysctl_t sysctl_dev_t },sysctl_dev_t)
+ read_files_pattern($1, { proc_t sysctl_t sysctl_dev_t }, sysctl_dev_t)
- list_dirs_pattern($1,{ proc_t sysctl_t },sysctl_dev_t)
+ list_dirs_pattern($1, { proc_t sysctl_t }, sysctl_dev_t)
')
########################################
@@ -1276,9 +1276,9 @@ interface(`kernel_rw_device_sysctls',`
type proc_t, sysctl_t, sysctl_dev_t;
')
- rw_files_pattern($1,{ proc_t sysctl_t sysctl_dev_t },sysctl_dev_t)
+ rw_files_pattern($1, { proc_t sysctl_t sysctl_dev_t }, sysctl_dev_t)
- list_dirs_pattern($1,{ proc_t sysctl_t },sysctl_dev_t)
+ list_dirs_pattern($1, { proc_t sysctl_t }, sysctl_dev_t)
')
########################################
@@ -1296,7 +1296,7 @@ interface(`kernel_search_vm_sysctl',`
type proc_t, sysctl_t, sysctl_vm_t;
')
- search_dirs_pattern($1,{ proc_t sysctl_t },sysctl_vm_t)
+ search_dirs_pattern($1, { proc_t sysctl_t }, sysctl_vm_t)
')
########################################
@@ -1315,9 +1315,9 @@ interface(`kernel_read_vm_sysctls',`
type proc_t, sysctl_t, sysctl_vm_t;
')
- read_files_pattern($1,{ proc_t sysctl_t sysctl_vm_t },sysctl_vm_t)
+ read_files_pattern($1, { proc_t sysctl_t sysctl_vm_t }, sysctl_vm_t)
- list_dirs_pattern($1,{ proc_t sysctl_t },sysctl_vm_t)
+ list_dirs_pattern($1, { proc_t sysctl_t }, sysctl_vm_t)
')
########################################
@@ -1336,8 +1336,8 @@ interface(`kernel_rw_vm_sysctls',`
type proc_t, sysctl_t, sysctl_vm_t;
')
- rw_files_pattern($1,{ proc_t sysctl_t sysctl_vm_t },sysctl_vm_t)
- list_dirs_pattern($1,{ proc_t sysctl_t },sysctl_vm_t)
+ rw_files_pattern($1 ,{ proc_t sysctl_t sysctl_vm_t }, sysctl_vm_t)
+ list_dirs_pattern($1, { proc_t sysctl_t }, sysctl_vm_t)
# hal needs this
allow $1 sysctl_vm_t:dir write;
@@ -1358,7 +1358,7 @@ interface(`kernel_search_network_sysctl',`
type proc_t, sysctl_t, sysctl_net_t;
')
- search_dirs_pattern($1,{ proc_t sysctl_t },sysctl_net_t)
+ search_dirs_pattern($1, { proc_t sysctl_t }, sysctl_net_t)
')
########################################
@@ -1395,9 +1395,9 @@ interface(`kernel_read_net_sysctls',`
type proc_t, sysctl_t, sysctl_net_t;
')
- read_files_pattern($1,{ proc_t sysctl_t sysctl_net_t },sysctl_net_t)
+ read_files_pattern($1, { proc_t sysctl_t sysctl_net_t }, sysctl_net_t)
- list_dirs_pattern($1,{ proc_t sysctl_t },sysctl_net_t)
+ list_dirs_pattern($1, { proc_t sysctl_t }, sysctl_net_t)
')
########################################
@@ -1416,9 +1416,9 @@ interface(`kernel_rw_net_sysctls',`
type proc_t, sysctl_t, sysctl_net_t;
')
- rw_files_pattern($1,{ proc_t sysctl_t sysctl_net_t },sysctl_net_t)
+ rw_files_pattern($1, { proc_t sysctl_t sysctl_net_t }, sysctl_net_t)
- list_dirs_pattern($1,{ proc_t sysctl_t },sysctl_net_t)
+ list_dirs_pattern($1, { proc_t sysctl_t }, sysctl_net_t)
')
########################################
@@ -1438,9 +1438,9 @@ interface(`kernel_read_unix_sysctls',`
type proc_t, sysctl_t, sysctl_net_t, sysctl_net_unix_t;
')
- read_files_pattern($1,{ proc_t sysctl_t sysctl_net_t },sysctl_net_unix_t)
+ read_files_pattern($1, { proc_t sysctl_t sysctl_net_t }, sysctl_net_unix_t)
- list_dirs_pattern($1,{ proc_t sysctl_t },sysctl_net_t)
+ list_dirs_pattern($1, { proc_t sysctl_t }, sysctl_net_t)
')
########################################
@@ -1460,9 +1460,9 @@ interface(`kernel_rw_unix_sysctls',`
type proc_t, sysctl_t, sysctl_net_t, sysctl_net_unix_t;
')
- rw_files_pattern($1,{ proc_t sysctl_t sysctl_net_t },sysctl_net_unix_t)
+ rw_files_pattern($1, { proc_t sysctl_t sysctl_net_t }, sysctl_net_unix_t)
- list_dirs_pattern($1,{ proc_t sysctl_t },sysctl_net_t)
+ list_dirs_pattern($1, { proc_t sysctl_t }, sysctl_net_t)
')
########################################
@@ -1481,9 +1481,9 @@ interface(`kernel_read_hotplug_sysctls',`
type proc_t, sysctl_t, sysctl_kernel_t, sysctl_hotplug_t;
')
- read_files_pattern($1,{ proc_t sysctl_t sysctl_kernel_t },sysctl_hotplug_t)
+ read_files_pattern($1, { proc_t sysctl_t sysctl_kernel_t }, sysctl_hotplug_t)
- list_dirs_pattern($1,{ proc_t sysctl_t },sysctl_kernel_t)
+ list_dirs_pattern($1, { proc_t sysctl_t }, sysctl_kernel_t)
')
########################################
@@ -1502,9 +1502,9 @@ interface(`kernel_rw_hotplug_sysctls',`
type proc_t, sysctl_t, sysctl_kernel_t, sysctl_hotplug_t;
')
- rw_files_pattern($1,{ proc_t sysctl_t sysctl_kernel_t },sysctl_hotplug_t)
+ rw_files_pattern($1, { proc_t sysctl_t sysctl_kernel_t }, sysctl_hotplug_t)
- list_dirs_pattern($1,{ proc_t sysctl_t },sysctl_kernel_t)
+ list_dirs_pattern($1, { proc_t sysctl_t }, sysctl_kernel_t)
')
########################################
@@ -1523,9 +1523,9 @@ interface(`kernel_read_modprobe_sysctls',`
type proc_t, sysctl_t, sysctl_kernel_t, sysctl_modprobe_t;
')
- read_files_pattern($1,{ proc_t sysctl_t sysctl_kernel_t },sysctl_modprobe_t)
+ read_files_pattern($1, { proc_t sysctl_t sysctl_kernel_t }, sysctl_modprobe_t)
- list_dirs_pattern($1,{ proc_t sysctl_t },sysctl_kernel_t)
+ list_dirs_pattern($1, { proc_t sysctl_t }, sysctl_kernel_t)
')
########################################
@@ -1544,9 +1544,9 @@ interface(`kernel_rw_modprobe_sysctls',`
type proc_t, sysctl_t, sysctl_kernel_t, sysctl_modprobe_t;
')
- rw_files_pattern($1,{ proc_t sysctl_t sysctl_kernel_t },sysctl_modprobe_t)
+ rw_files_pattern($1, { proc_t sysctl_t sysctl_kernel_t }, sysctl_modprobe_t)
- list_dirs_pattern($1,{ proc_t sysctl_t },sysctl_kernel_t)
+ list_dirs_pattern($1, { proc_t sysctl_t }, sysctl_kernel_t)
')
########################################
@@ -1582,9 +1582,9 @@ interface(`kernel_read_kernel_sysctls',`
type proc_t, sysctl_t, sysctl_kernel_t;
')
- read_files_pattern($1,{ proc_t sysctl_t sysctl_kernel_t },sysctl_kernel_t)
+ read_files_pattern($1, { proc_t sysctl_t sysctl_kernel_t }, sysctl_kernel_t)
- list_dirs_pattern($1,{ proc_t sysctl_t },sysctl_kernel_t)
+ list_dirs_pattern($1, { proc_t sysctl_t }, sysctl_kernel_t)
')
########################################
@@ -1621,9 +1621,9 @@ interface(`kernel_rw_kernel_sysctl',`
type proc_t, sysctl_t, sysctl_kernel_t;
')
- rw_files_pattern($1,{ proc_t sysctl_t sysctl_kernel_t },sysctl_kernel_t)
+ rw_files_pattern($1, { proc_t sysctl_t sysctl_kernel_t }, sysctl_kernel_t)
- list_dirs_pattern($1,{ proc_t sysctl_t },sysctl_kernel_t)
+ list_dirs_pattern($1, { proc_t sysctl_t }, sysctl_kernel_t)
')
########################################
@@ -1642,9 +1642,9 @@ interface(`kernel_read_fs_sysctls',`
type proc_t, sysctl_t, sysctl_fs_t;
')
- read_files_pattern($1,{ proc_t sysctl_t sysctl_fs_t },sysctl_fs_t)
+ read_files_pattern($1, { proc_t sysctl_t sysctl_fs_t }, sysctl_fs_t)
- list_dirs_pattern($1,{ proc_t sysctl_t },sysctl_fs_t)
+ list_dirs_pattern($1, { proc_t sysctl_t }, sysctl_fs_t)
')
########################################
@@ -1663,9 +1663,9 @@ interface(`kernel_rw_fs_sysctls',`
type proc_t, sysctl_t, sysctl_fs_t;
')
- rw_files_pattern($1,{ proc_t sysctl_t sysctl_fs_t },sysctl_fs_t)
+ rw_files_pattern($1, { proc_t sysctl_t sysctl_fs_t }, sysctl_fs_t)
- list_dirs_pattern($1,{ proc_t sysctl_t },sysctl_fs_t)
+ list_dirs_pattern($1, { proc_t sysctl_t }, sysctl_fs_t)
')
########################################
@@ -1684,9 +1684,9 @@ interface(`kernel_read_irq_sysctls',`
type proc_t, sysctl_irq_t;
')
- read_files_pattern($1,{ proc_t sysctl_irq_t },sysctl_irq_t)
+ read_files_pattern($1, { proc_t sysctl_irq_t }, sysctl_irq_t)
- list_dirs_pattern($1,proc_t,sysctl_irq_t)
+ list_dirs_pattern($1, proc_t, sysctl_irq_t)
')
########################################
@@ -1705,9 +1705,9 @@ interface(`kernel_rw_irq_sysctls',`
type proc_t, sysctl_irq_t;
')
- rw_files_pattern($1,{ proc_t sysctl_irq_t },sysctl_irq_t)
+ rw_files_pattern($1, { proc_t sysctl_irq_t }, sysctl_irq_t)
- list_dirs_pattern($1,proc_t,sysctl_irq_t)
+ list_dirs_pattern($1, proc_t, sysctl_irq_t)
')
########################################
@@ -1726,9 +1726,9 @@ interface(`kernel_read_rpc_sysctls',`
type proc_t, proc_net_t, sysctl_rpc_t;
')
- read_files_pattern($1,{ proc_t proc_net_t sysctl_rpc_t },sysctl_rpc_t)
+ read_files_pattern($1, { proc_t proc_net_t sysctl_rpc_t }, sysctl_rpc_t)
- list_dirs_pattern($1,{ proc_t proc_net_t },sysctl_rpc_t)
+ list_dirs_pattern($1, { proc_t proc_net_t }, sysctl_rpc_t)
')
########################################
@@ -1747,9 +1747,9 @@ interface(`kernel_rw_rpc_sysctls',`
type proc_t, proc_net_t, sysctl_rpc_t;
')
- rw_files_pattern($1,{ proc_t proc_net_t sysctl_rpc_t },sysctl_rpc_t)
+ rw_files_pattern($1, { proc_t proc_net_t sysctl_rpc_t }, sysctl_rpc_t)
- list_dirs_pattern($1,{ proc_t proc_net_t },sysctl_rpc_t)
+ list_dirs_pattern($1, { proc_t proc_net_t }, sysctl_rpc_t)
')
########################################
@@ -1788,9 +1788,9 @@ interface(`kernel_read_all_sysctls',`
')
# proc_net_t for /proc/net/rpc sysctls
- read_files_pattern($1,{ proc_t proc_net_t sysctl_type },sysctl_type)
+ read_files_pattern($1, { proc_t proc_net_t sysctl_type }, sysctl_type)
- list_dirs_pattern($1,{ proc_t proc_net_t },sysctl_type)
+ list_dirs_pattern($1, { proc_t proc_net_t }, sysctl_type)
')
########################################
@@ -1811,7 +1811,7 @@ interface(`kernel_rw_all_sysctls',`
')
# proc_net_t for /proc/net/rpc sysctls
- rw_files_pattern($1,{ proc_t proc_net_t sysctl_type },sysctl_type)
+ rw_files_pattern($1, { proc_t proc_net_t sysctl_type }, sysctl_type)
allow $1 sysctl_type:dir list_dir_perms;
# why is setattr needed?
@@ -1942,8 +1942,8 @@ interface(`kernel_read_unlabeled_state',`
')
allow $1 unlabeled_t:dir list_dir_perms;
- read_files_pattern($1,unlabeled_t,unlabeled_t)
- read_lnk_files_pattern($1,unlabeled_t,unlabeled_t)
+ read_files_pattern($1, unlabeled_t, unlabeled_t)
+ read_lnk_files_pattern($1, unlabeled_t, unlabeled_t)
')
diff --git a/policy/modules/kernel/mcs.te b/policy/modules/kernel/mcs.te
index 089374e..52fa7f3 100644
--- a/policy/modules/kernel/mcs.te
+++ b/policy/modules/kernel/mcs.te
@@ -1,5 +1,5 @@
-policy_module(mcs,1.1.0)
+policy_module(mcs, 1.1.0)
########################################
#
diff --git a/policy/modules/kernel/mls.te b/policy/modules/kernel/mls.te
index 129e2f7..10b5e5a 100644
--- a/policy/modules/kernel/mls.te
+++ b/policy/modules/kernel/mls.te
@@ -1,5 +1,5 @@
-policy_module(mls,1.7.0)
+policy_module(mls, 1.7.0)
########################################
#
diff --git a/policy/modules/kernel/selinux.te b/policy/modules/kernel/selinux.te
index c97edc0..4293296 100644
--- a/policy/modules/kernel/selinux.te
+++ b/policy/modules/kernel/selinux.te
@@ -1,5 +1,5 @@
-policy_module(selinux,1.6.0)
+policy_module(selinux, 1.6.0)
########################################
#
diff --git a/policy/modules/kernel/storage.if b/policy/modules/kernel/storage.if
index e500e21..2b05767 100644
--- a/policy/modules/kernel/storage.if
+++ b/policy/modules/kernel/storage.if
@@ -225,7 +225,7 @@ interface(`storage_dev_filetrans_fixed_disk',`
type fixed_disk_device_t;
')
- dev_filetrans($1,fixed_disk_device_t,blk_file)
+ dev_filetrans($1, fixed_disk_device_t, blk_file)
')
########################################
@@ -244,7 +244,7 @@ interface(`storage_tmpfs_filetrans_fixed_disk',`
type fixed_disk_device_t;
')
- fs_tmpfs_filetrans($1,fixed_disk_device_t,blk_file)
+ fs_tmpfs_filetrans($1, fixed_disk_device_t, blk_file)
')
########################################
diff --git a/policy/modules/kernel/storage.te b/policy/modules/kernel/storage.te
index 873a934..864e111 100644
--- a/policy/modules/kernel/storage.te
+++ b/policy/modules/kernel/storage.te
@@ -1,5 +1,5 @@
-policy_module(storage,1.6.0)
+policy_module(storage, 1.6.0)
########################################
#
diff --git a/policy/modules/kernel/terminal.if b/policy/modules/kernel/terminal.if
index 3c9ebcb..5486553 100644
--- a/policy/modules/kernel/terminal.if
+++ b/policy/modules/kernel/terminal.if
@@ -772,7 +772,7 @@ interface(`term_relabel_all_user_ptys',`
')
dev_list_all_dev_nodes($1)
- relabel_chr_files_pattern($1,devpts_t,ptynode)
+ relabel_chr_files_pattern($1, devpts_t, ptynode)
')
########################################
diff --git a/policy/modules/kernel/terminal.te b/policy/modules/kernel/terminal.te
index 116b044..f7db981 100644
--- a/policy/modules/kernel/terminal.te
+++ b/policy/modules/kernel/terminal.te
@@ -1,5 +1,5 @@
-policy_module(terminal,1.7.0)
+policy_module(terminal, 1.7.0)
########################################
#
diff --git a/policy/modules/roles/sysadm.te b/policy/modules/roles/sysadm.te
index 1823f4f..f1628d2 100644
--- a/policy/modules/roles/sysadm.te
+++ b/policy/modules/roles/sysadm.te
@@ -11,7 +11,7 @@ policy_module(sysadm, 1.0.0)
## Allow sysadm to debug or ptrace all processes.
##
##
-gen_tunable(allow_ptrace,false)
+gen_tunable(allow_ptrace, false)
role sysadm_r;
diff --git a/policy/modules/roles/unprivuser.if b/policy/modules/roles/unprivuser.if
index 1b55153..c968955 100644
--- a/policy/modules/roles/unprivuser.if
+++ b/policy/modules/roles/unprivuser.if
@@ -59,7 +59,7 @@ interface(`unprivuser_home_filetrans_home_dir',`
type user_home_dir_t;
')
- files_home_filetrans($1,user_home_dir_t,dir)
+ files_home_filetrans($1, user_home_dir_t, dir)
')
########################################
@@ -103,7 +103,7 @@ interface(`unprivuser_home_dir_filetrans_home_content',`
')
files_search_home($1)
- filetrans_pattern($1,user_home_dir_t,user_home_t,$2)
+ filetrans_pattern($1, user_home_dir_t, user_home_t, $2)
')
########################################
@@ -162,7 +162,7 @@ interface(`unprivuser_manage_home_content_dirs',`
')
files_search_home($1)
- manage_dirs_pattern($1,{ user_home_dir_t user_home_t },user_home_t)
+ manage_dirs_pattern($1, { user_home_dir_t user_home_t }, user_home_t)
')
########################################
@@ -201,7 +201,7 @@ interface(`unprivuser_read_home_content_files',`
files_search_home($1)
allow $1 user_home_t:dir list_dir_perms;
- read_files_pattern($1,{ user_home_dir_t user_home_t },user_home_t)
+ read_files_pattern($1, { user_home_dir_t user_home_t }, user_home_t)
')
########################################
@@ -241,7 +241,7 @@ interface(`unprivuser_manage_home_content_files',`
')
files_search_home($1)
- manage_files_pattern($1,{ user_home_dir_t user_home_t },user_home_t)
+ manage_files_pattern($1, { user_home_dir_t user_home_t }, user_home_t)
')
########################################
@@ -280,7 +280,7 @@ interface(`unprivuser_manage_home_content_symlinks',`
')
files_search_home($1)
- manage_lnk_files_pattern($1,{ user_home_dir_t user_home_t },user_home_t)
+ manage_lnk_files_pattern($1, { user_home_dir_t user_home_t }, user_home_t)
')
########################################
@@ -300,7 +300,7 @@ interface(`unprivuser_manage_home_content_pipes',`
')
files_search_home($1)
- manage_fifo_files_pattern($1,{ user_home_dir_t user_home_t },user_home_t)
+ manage_fifo_files_pattern($1, { user_home_dir_t user_home_t }, user_home_t)
')
########################################
@@ -320,6 +320,6 @@ interface(`unprivuser_manage_home_content_sockets',`
')
files_search_home($1)
- manage_sock_files_pattern($1,{ user_home_dir_t user_home_t },user_home_t)
+ manage_sock_files_pattern($1, { user_home_dir_t user_home_t }, user_home_t)
')
diff --git a/policy/modules/services/afs.te b/policy/modules/services/afs.te
index 39d850b..d8b0334 100644
--- a/policy/modules/services/afs.te
+++ b/policy/modules/services/afs.te
@@ -8,7 +8,7 @@ policy_module(afs, 1.3.0)
type afs_bosserver_t;
type afs_bosserver_exec_t;
-init_daemon_domain(afs_bosserver_t,afs_bosserver_exec_t)
+init_daemon_domain(afs_bosserver_t, afs_bosserver_exec_t)
type afs_config_t;
files_type(afs_config_t)
@@ -23,7 +23,7 @@ files_type(afs_files_t)
type afs_fsserver_t;
type afs_fsserver_exec_t;
domain_type(afs_fsserver_t)
-domain_entry_file(afs_fsserver_t,afs_fsserver_exec_t)
+domain_entry_file(afs_fsserver_t, afs_fsserver_exec_t)
role system_r types afs_fsserver_t;
type afs_ka_db_t;
@@ -32,7 +32,7 @@ files_type(afs_ka_db_t)
type afs_kaserver_t;
type afs_kaserver_exec_t;
domain_type(afs_kaserver_t)
-domain_entry_file(afs_kaserver_t,afs_kaserver_exec_t)
+domain_entry_file(afs_kaserver_t, afs_kaserver_exec_t)
role system_r types afs_kaserver_t;
type afs_logfile_t;
@@ -44,7 +44,7 @@ files_type(afs_pt_db_t)
type afs_ptserver_t;
type afs_ptserver_exec_t;
domain_type(afs_ptserver_t)
-domain_entry_file(afs_ptserver_t,afs_ptserver_exec_t)
+domain_entry_file(afs_ptserver_t, afs_ptserver_exec_t)
role system_r types afs_ptserver_t;
type afs_vl_db_t;
@@ -53,7 +53,7 @@ files_type(afs_vl_db_t)
type afs_vlserver_t;
type afs_vlserver_exec_t;
domain_type(afs_vlserver_t)
-domain_entry_file(afs_vlserver_t,afs_vlserver_exec_t)
+domain_entry_file(afs_vlserver_t, afs_vlserver_exec_t)
role system_r types afs_vlserver_t;
########################################
@@ -67,8 +67,8 @@ allow afs_bosserver_t self:udp_socket create_socket_perms;
can_exec(afs_bosserver_t,afs_bosserver_exec_t)
-manage_dirs_pattern(afs_bosserver_t,afs_config_t,afs_config_t)
-manage_files_pattern(afs_bosserver_t,afs_config_t,afs_config_t)
+manage_dirs_pattern(afs_bosserver_t, afs_config_t, afs_config_t)
+manage_files_pattern(afs_bosserver_t, afs_config_t, afs_config_t)
allow afs_bosserver_t afs_dbdir_t:dir { search read getattr };
@@ -126,24 +126,24 @@ allow afs_fsserver_t self:fifo_file rw_fifo_file_perms;
allow afs_fsserver_t self:tcp_socket create_stream_socket_perms;
allow afs_fsserver_t self:udp_socket create_socket_perms;
-read_files_pattern(afs_fsserver_t,afs_config_t,afs_config_t)
+read_files_pattern(afs_fsserver_t, afs_config_t, afs_config_t)
allow afs_fsserver_t afs_config_t:dir list_dir_perms;
-manage_dirs_pattern(afs_fsserver_t,afs_config_t,afs_config_t)
-manage_files_pattern(afs_fsserver_t,afs_config_t,afs_config_t)
+manage_dirs_pattern(afs_fsserver_t, afs_config_t, afs_config_t)
+manage_files_pattern(afs_fsserver_t, afs_config_t, afs_config_t)
allow afs_fsserver_t afs_files_t:filesystem getattr;
-manage_dirs_pattern(afs_fsserver_t,afs_files_t,afs_files_t)
-manage_files_pattern(afs_fsserver_t,afs_files_t,afs_files_t)
-manage_lnk_files_pattern(afs_fsserver_t,afs_files_t,afs_files_t)
-manage_fifo_files_pattern(afs_fsserver_t,afs_files_t,afs_files_t)
-manage_sock_files_pattern(afs_fsserver_t,afs_files_t,afs_files_t)
-filetrans_pattern(afs_fsserver_t,afs_config_t,afs_files_t,{ file lnk_file sock_file fifo_file })
+manage_dirs_pattern(afs_fsserver_t, afs_files_t, afs_files_t)
+manage_files_pattern(afs_fsserver_t, afs_files_t, afs_files_t)
+manage_lnk_files_pattern(afs_fsserver_t, afs_files_t, afs_files_t)
+manage_fifo_files_pattern(afs_fsserver_t, afs_files_t, afs_files_t)
+manage_sock_files_pattern(afs_fsserver_t, afs_files_t, afs_files_t)
+filetrans_pattern(afs_fsserver_t, afs_config_t, afs_files_t, { file lnk_file sock_file fifo_file })
can_exec(afs_fsserver_t, afs_fsserver_exec_t)
-manage_dirs_pattern(afs_fsserver_t,afs_logfile_t,afs_logfile_t)
-manage_files_pattern(afs_fsserver_t,afs_logfile_t,afs_logfile_t)
+manage_dirs_pattern(afs_fsserver_t, afs_logfile_t, afs_logfile_t)
+manage_files_pattern(afs_fsserver_t, afs_logfile_t, afs_logfile_t)
kernel_read_system_state(afs_fsserver_t)
kernel_read_kernel_sysctls(afs_fsserver_t)
@@ -197,13 +197,13 @@ allow afs_kaserver_t self:unix_stream_socket create_stream_socket_perms;
allow afs_kaserver_t self:tcp_socket create_stream_socket_perms;
allow afs_kaserver_t self:udp_socket create_socket_perms;
-manage_files_pattern(afs_kaserver_t,afs_config_t,afs_config_t)
+manage_files_pattern(afs_kaserver_t, afs_config_t, afs_config_t)
-manage_files_pattern(afs_kaserver_t,afs_dbdir_t,afs_ka_db_t)
-filetrans_pattern(afs_kaserver_t,afs_dbdir_t,afs_ka_db_t,file)
+manage_files_pattern(afs_kaserver_t, afs_dbdir_t, afs_ka_db_t)
+filetrans_pattern(afs_kaserver_t, afs_dbdir_t, afs_ka_db_t, file)
-manage_dirs_pattern(afs_kaserver_t,afs_logfile_t,afs_logfile_t)
-manage_files_pattern(afs_kaserver_t,afs_logfile_t,afs_logfile_t)
+manage_dirs_pattern(afs_kaserver_t, afs_logfile_t, afs_logfile_t)
+manage_files_pattern(afs_kaserver_t, afs_logfile_t, afs_logfile_t)
kernel_read_kernel_sysctls(afs_kaserver_t)
@@ -248,11 +248,11 @@ allow afs_ptserver_t self:udp_socket create_socket_perms;
read_files_pattern(afs_ptserver_t,afs_config_t,afs_config_t)
allow afs_ptserver_t afs_config_t:dir list_dir_perms;
-manage_dirs_pattern(afs_ptserver_t,afs_logfile_t,afs_logfile_t)
-manage_files_pattern(afs_ptserver_t,afs_logfile_t,afs_logfile_t)
+manage_dirs_pattern(afs_ptserver_t, afs_logfile_t, afs_logfile_t)
+manage_files_pattern(afs_ptserver_t, afs_logfile_t, afs_logfile_t)
-manage_files_pattern(afs_ptserver_t,afs_dbdir_t,afs_pt_db_t)
-filetrans_pattern(afs_ptserver_t,afs_dbdir_t,afs_pt_db_t,file)
+manage_files_pattern(afs_ptserver_t, afs_dbdir_t, afs_pt_db_t)
+filetrans_pattern(afs_ptserver_t, afs_dbdir_t, afs_pt_db_t, file)
corenet_all_recvfrom_unlabeled(afs_ptserver_t)
corenet_all_recvfrom_netlabel(afs_ptserver_t)
@@ -289,11 +289,11 @@ allow afs_vlserver_t self:udp_socket create_socket_perms;
read_files_pattern(afs_vlserver_t,afs_config_t,afs_config_t)
allow afs_vlserver_t afs_config_t:dir list_dir_perms;
-manage_dirs_pattern(afs_vlserver_t,afs_logfile_t,afs_logfile_t)
-manage_files_pattern(afs_vlserver_t,afs_logfile_t,afs_logfile_t)
+manage_dirs_pattern(afs_vlserver_t, afs_logfile_t, afs_logfile_t)
+manage_files_pattern(afs_vlserver_t, afs_logfile_t, afs_logfile_t)
-manage_files_pattern(afs_vlserver_t,afs_dbdir_t,afs_vl_db_t)
-filetrans_pattern(afs_vlserver_t,afs_dbdir_t,afs_vl_db_t,file)
+manage_files_pattern(afs_vlserver_t, afs_dbdir_t, afs_vl_db_t)
+filetrans_pattern(afs_vlserver_t, afs_dbdir_t,afs_vl_db_t, file)
corenet_all_recvfrom_unlabeled(afs_vlserver_t)
corenet_all_recvfrom_netlabel(afs_vlserver_t)
diff --git a/policy/modules/services/aide.if b/policy/modules/services/aide.if
index 133ca19..b652bd4 100644
--- a/policy/modules/services/aide.if
+++ b/policy/modules/services/aide.if
@@ -16,7 +16,7 @@ interface(`aide_domtrans',`
')
corecmd_search_bin($1)
- domtrans_pattern($1,aide_exec_t,aide_t)
+ domtrans_pattern($1, aide_exec_t, aide_t)
')
diff --git a/policy/modules/services/aide.te b/policy/modules/services/aide.te
index 1ed1c2c..4e90fab 100644
--- a/policy/modules/services/aide.te
+++ b/policy/modules/services/aide.te
@@ -1,5 +1,5 @@
-policy_module(aide,1.4.0)
+policy_module(aide, 1.4.0)
########################################
#
@@ -8,7 +8,7 @@ policy_module(aide,1.4.0)
type aide_t;
type aide_exec_t;
-application_domain(aide_t,aide_exec_t)
+application_domain(aide_t, aide_exec_t)
# log files
type aide_log_t;
@@ -26,11 +26,11 @@ files_type(aide_db_t)
allow aide_t self:capability { dac_override fowner };
# database actions
-manage_files_pattern(aide_t,aide_db_t,aide_db_t)
+manage_files_pattern(aide_t, aide_db_t, aide_db_t)
# logs
manage_files_pattern(aide_t, aide_log_t, aide_log_t)
-logging_log_filetrans(aide_t,aide_log_t,file)
+logging_log_filetrans(aide_t, aide_log_t, file)
files_read_all_files(aide_t)
diff --git a/policy/modules/services/amavis.if b/policy/modules/services/amavis.if
index ec1a204..2d2b263 100644
--- a/policy/modules/services/amavis.if
+++ b/policy/modules/services/amavis.if
@@ -18,7 +18,7 @@ interface(`amavis_domtrans',`
type amavis_t, amavis_exec_t;
')
- domtrans_pattern($1,amavis_exec_t,amavis_t)
+ domtrans_pattern($1, amavis_exec_t, amavis_t)
')
########################################
@@ -56,8 +56,8 @@ interface(`amavis_manage_spool_files',`
')
files_search_spool($1)
- manage_dirs_pattern($1,amavis_spool_t,amavis_spool_t)
- manage_files_pattern($1,amavis_spool_t,amavis_spool_t)
+ manage_dirs_pattern($1, amavis_spool_t, amavis_spool_t)
+ manage_files_pattern($1, amavis_spool_t, amavis_spool_t)
')
########################################
@@ -87,7 +87,7 @@ interface(`amavis_spool_filetrans',`
')
files_search_spool($1)
- filetrans_pattern($1,amavis_spool_t,$2,$3)
+ filetrans_pattern($1, amavis_spool_t, $2, $3)
')
########################################
@@ -124,7 +124,7 @@ interface(`amavis_read_lib_files',`
type amavis_var_lib_t;
')
- read_files_pattern($1,amavis_var_lib_t,amavis_var_lib_t)
+ read_files_pattern($1, amavis_var_lib_t, amavis_var_lib_t)
allow $1 amavis_var_lib_t:dir list_dir_perms;
files_search_var_lib($1)
')
@@ -145,7 +145,7 @@ interface(`amavis_manage_lib_files',`
type amavis_var_lib_t;
')
- manage_files_pattern($1,amavis_var_lib_t,amavis_var_lib_t)
+ manage_files_pattern($1, amavis_var_lib_t, amavis_var_lib_t)
files_search_var_lib($1)
')
diff --git a/policy/modules/services/amavis.te b/policy/modules/services/amavis.te
index 9ce7094..463fefd 100644
--- a/policy/modules/services/amavis.te
+++ b/policy/modules/services/amavis.te
@@ -54,43 +54,43 @@ allow amavis_t self:netlink_route_socket r_netlink_socket_perms;
# configuration files
allow amavis_t amavis_etc_t:dir list_dir_perms;
-read_files_pattern(amavis_t,amavis_etc_t,amavis_etc_t)
-read_lnk_files_pattern(amavis_t,amavis_etc_t,amavis_etc_t)
+read_files_pattern(amavis_t, amavis_etc_t, amavis_etc_t)
+read_lnk_files_pattern(amavis_t, amavis_etc_t, amavis_etc_t)
# mail quarantine
-manage_dirs_pattern(amavis_t,amavis_quarantine_t,amavis_quarantine_t)
-manage_files_pattern(amavis_t,amavis_quarantine_t,amavis_quarantine_t)
-manage_sock_files_pattern(amavis_t,amavis_quarantine_t,amavis_quarantine_t)
+manage_dirs_pattern(amavis_t, amavis_quarantine_t, amavis_quarantine_t)
+manage_files_pattern(amavis_t, amavis_quarantine_t, amavis_quarantine_t)
+manage_sock_files_pattern(amavis_t, amavis_quarantine_t, amavis_quarantine_t)
# Spool Files
-manage_dirs_pattern(amavis_t,amavis_spool_t,amavis_spool_t)
-manage_files_pattern(amavis_t,amavis_spool_t,amavis_spool_t)
+manage_dirs_pattern(amavis_t, amavis_spool_t, amavis_spool_t)
+manage_files_pattern(amavis_t, amavis_spool_t, amavis_spool_t)
manage_lnk_files_pattern(amavis_t, amavis_spool_t, amavis_spool_t)
-manage_sock_files_pattern(amavis_t,amavis_spool_t,amavis_spool_t)
-filetrans_pattern(amavis_t,amavis_spool_t,amavis_var_run_t,sock_file)
+manage_sock_files_pattern(amavis_t, amavis_spool_t, amavis_spool_t)
+filetrans_pattern(amavis_t, amavis_spool_t, amavis_var_run_t, sock_file)
files_search_spool(amavis_t)
# tmp files
-manage_files_pattern(amavis_t,amavis_tmp_t,amavis_tmp_t)
+manage_files_pattern(amavis_t, amavis_tmp_t, amavis_tmp_t)
allow amavis_t amavis_tmp_t:dir setattr;
files_tmp_filetrans(amavis_t,amavis_tmp_t,file)
# var/lib files for amavis
-manage_dirs_pattern(amavis_t,amavis_var_lib_t,amavis_var_lib_t)
-manage_files_pattern(amavis_t,amavis_var_lib_t,amavis_var_lib_t)
-manage_sock_files_pattern(amavis_t,amavis_var_lib_t,amavis_var_lib_t)
+manage_dirs_pattern(amavis_t, amavis_var_lib_t, amavis_var_lib_t)
+manage_files_pattern(amavis_t, amavis_var_lib_t, amavis_var_lib_t)
+manage_sock_files_pattern(amavis_t, amavis_var_lib_t, amavis_var_lib_t)
files_search_var_lib(amavis_t)
# log files
allow amavis_t amavis_var_log_t:dir setattr;
-manage_files_pattern(amavis_t,amavis_var_log_t,amavis_var_log_t)
-manage_sock_files_pattern(amavis_t,amavis_var_log_t,amavis_var_log_t)
-logging_log_filetrans(amavis_t,amavis_var_log_t,{ sock_file file dir })
+manage_files_pattern(amavis_t, amavis_var_log_t, amavis_var_log_t)
+manage_sock_files_pattern(amavis_t, amavis_var_log_t, amavis_var_log_t)
+logging_log_filetrans(amavis_t, amavis_var_log_t, { sock_file file dir })
# pid file
-manage_files_pattern(amavis_t,amavis_var_run_t,amavis_var_run_t)
-manage_sock_files_pattern(amavis_t,amavis_var_run_t,amavis_var_run_t)
-files_pid_filetrans(amavis_t,amavis_var_run_t, { file sock_file })
+manage_files_pattern(amavis_t, amavis_var_run_t, amavis_var_run_t)
+manage_sock_files_pattern(amavis_t, amavis_var_run_t, amavis_var_run_t)
+files_pid_filetrans(amavis_t, amavis_var_run_t, { file sock_file })
kernel_read_kernel_sysctls(amavis_t)
# amavis tries to access /proc/self/stat, /etc/shadow and /root - perl...
diff --git a/policy/modules/services/apache.if b/policy/modules/services/apache.if
index 085f250..e590e67 100644
--- a/policy/modules/services/apache.if
+++ b/policy/modules/services/apache.if
@@ -20,7 +20,7 @@ template(`apache_content_template',`
')
# allow write access to public file transfer
# services files.
- gen_tunable(allow_httpd_$1_script_anon_write,false)
+ gen_tunable(allow_httpd_$1_script_anon_write, false)
#This type is for webpages
type httpd_$1_content_t, httpdcontent; # customizable
@@ -38,7 +38,7 @@ template(`apache_content_template',`
# This type is used for executable scripts files
type httpd_$1_script_exec_t, httpd_script_exec_type; # customizable;
corecmd_shell_entry_type(httpd_$1_script_t)
- domain_entry_file(httpd_$1_script_t,httpd_$1_script_exec_t)
+ domain_entry_file(httpd_$1_script_t, httpd_$1_script_exec_t)
# The following three are the only areas that
# scripts can read, read/write, or append to
@@ -67,27 +67,27 @@ template(`apache_content_template',`
# Allow the script process to search the cgi directory, and users directory
allow httpd_$1_script_t httpd_$1_content_t:dir search_dir_perms;
- append_files_pattern(httpd_$1_script_t,httpd_log_t,httpd_log_t)
+ append_files_pattern(httpd_$1_script_t, httpd_log_t, httpd_log_t)
logging_search_logs(httpd_$1_script_t)
can_exec(httpd_$1_script_t, httpd_$1_script_exec_t)
allow httpd_$1_script_t httpd_$1_script_exec_t:dir search_dir_perms;
allow httpd_$1_script_t httpd_$1_script_ra_t:dir { list_dir_perms add_entry_dir_perms };
- read_files_pattern(httpd_$1_script_t,httpd_$1_script_ra_t,httpd_$1_script_ra_t)
- append_files_pattern(httpd_$1_script_t,httpd_$1_script_ra_t,httpd_$1_script_ra_t)
- read_lnk_files_pattern(httpd_$1_script_t,httpd_$1_script_ra_t,httpd_$1_script_ra_t)
+ read_files_pattern(httpd_$1_script_t, httpd_$1_script_ra_t, httpd_$1_script_ra_t)
+ append_files_pattern(httpd_$1_script_t, httpd_$1_script_ra_t, httpd_$1_script_ra_t)
+ read_lnk_files_pattern(httpd_$1_script_t, httpd_$1_script_ra_t, httpd_$1_script_ra_t)
allow httpd_$1_script_t httpd_$1_script_ro_t:dir list_dir_perms;
read_files_pattern(httpd_$1_script_t,httpd_$1_script_ro_t,httpd_$1_script_ro_t)
read_lnk_files_pattern(httpd_$1_script_t,httpd_$1_script_ro_t,httpd_$1_script_ro_t)
- manage_dirs_pattern(httpd_$1_script_t,httpd_$1_script_rw_t,httpd_$1_script_rw_t)
- manage_files_pattern(httpd_$1_script_t,httpd_$1_script_rw_t,httpd_$1_script_rw_t)
- manage_lnk_files_pattern(httpd_$1_script_t,httpd_$1_script_rw_t,httpd_$1_script_rw_t)
- manage_fifo_files_pattern(httpd_$1_script_t,httpd_$1_script_rw_t,httpd_$1_script_rw_t)
- manage_sock_files_pattern(httpd_$1_script_t,httpd_$1_script_rw_t,httpd_$1_script_rw_t)
- files_tmp_filetrans(httpd_$1_script_t,httpd_$1_script_rw_t,{ dir file lnk_file sock_file fifo_file })
+ manage_dirs_pattern(httpd_$1_script_t, httpd_$1_script_rw_t, httpd_$1_script_rw_t)
+ manage_files_pattern(httpd_$1_script_t, httpd_$1_script_rw_t, httpd_$1_script_rw_t)
+ manage_lnk_files_pattern(httpd_$1_script_t, httpd_$1_script_rw_t, httpd_$1_script_rw_t)
+ manage_fifo_files_pattern(httpd_$1_script_t, httpd_$1_script_rw_t, httpd_$1_script_rw_t)
+ manage_sock_files_pattern(httpd_$1_script_t, httpd_$1_script_rw_t, httpd_$1_script_rw_t)
+ files_tmp_filetrans(httpd_$1_script_t, httpd_$1_script_rw_t, { dir file lnk_file sock_file fifo_file })
kernel_dontaudit_search_sysctl(httpd_$1_script_t)
kernel_dontaudit_search_kernel_sysctl(httpd_$1_script_t)
@@ -114,9 +114,9 @@ template(`apache_content_template',`
tunable_policy(`httpd_enable_cgi && httpd_unified',`
allow httpd_$1_script_t httpdcontent:file entrypoint;
- manage_dirs_pattern(httpd_$1_script_t,httpdcontent,httpdcontent)
- manage_files_pattern(httpd_$1_script_t,httpdcontent,httpdcontent)
- manage_lnk_files_pattern(httpd_$1_script_t,httpdcontent,httpdcontent)
+ manage_dirs_pattern(httpd_$1_script_t, httpdcontent, httpdcontent)
+ manage_files_pattern(httpd_$1_script_t, httpdcontent, httpdcontent)
+ manage_lnk_files_pattern(httpd_$1_script_t, httpdcontent, httpdcontent)
can_exec(httpd_$1_script_t, httpdcontent)
')
@@ -126,23 +126,23 @@ template(`apache_content_template',`
# Allow the web server to run scripts and serve pages
tunable_policy(`httpd_builtin_scripting',`
- manage_dirs_pattern(httpd_t,httpd_$1_script_rw_t,httpd_$1_script_rw_t)
- manage_files_pattern(httpd_t,httpd_$1_script_rw_t,httpd_$1_script_rw_t)
- manage_lnk_files_pattern(httpd_t,httpd_$1_script_rw_t,httpd_$1_script_rw_t)
- rw_sock_files_pattern(httpd_t,httpd_$1_script_rw_t,httpd_$1_script_rw_t)
+ manage_dirs_pattern(httpd_t, httpd_$1_script_rw_t, httpd_$1_script_rw_t)
+ manage_files_pattern(httpd_t, httpd_$1_script_rw_t, httpd_$1_script_rw_t)
+ manage_lnk_files_pattern(httpd_t, httpd_$1_script_rw_t, httpd_$1_script_rw_t)
+ rw_sock_files_pattern(httpd_t, httpd_$1_script_rw_t, httpd_$1_script_rw_t)
allow httpd_t httpd_$1_script_ra_t:dir { list_dir_perms add_entry_dir_perms };
- read_files_pattern(httpd_t,httpd_$1_script_ra_t,httpd_$1_script_ra_t)
- append_files_pattern(httpd_t,httpd_$1_script_ra_t,httpd_$1_script_ra_t)
- read_lnk_files_pattern(httpd_t,httpd_$1_script_ra_t,httpd_$1_script_ra_t)
+ read_files_pattern(httpd_t, httpd_$1_script_ra_t, httpd_$1_script_ra_t)
+ append_files_pattern(httpd_t, httpd_$1_script_ra_t, httpd_$1_script_ra_t)
+ read_lnk_files_pattern(httpd_t, httpd_$1_script_ra_t, httpd_$1_script_ra_t)
allow httpd_t httpd_$1_script_ro_t:dir list_dir_perms;
- read_files_pattern(httpd_t,httpd_$1_script_ro_t,httpd_$1_script_ro_t)
- read_lnk_files_pattern(httpd_t,httpd_$1_script_ro_t,httpd_$1_script_ro_t)
+ read_files_pattern(httpd_t, httpd_$1_script_ro_t, httpd_$1_script_ro_t)
+ read_lnk_files_pattern(httpd_t, httpd_$1_script_ro_t, httpd_$1_script_ro_t)
allow httpd_t httpd_$1_content_t:dir list_dir_perms;
- read_files_pattern(httpd_t,httpd_$1_content_t,httpd_$1_content_t)
- read_lnk_files_pattern(httpd_t,httpd_$1_content_t,httpd_$1_content_t)
+ read_files_pattern(httpd_t, httpd_$1_content_t, httpd_$1_content_t)
+ read_lnk_files_pattern(httpd_t, httpd_$1_content_t, httpd_$1_content_t)
')
tunable_policy(`httpd_enable_cgi',`
@@ -291,33 +291,33 @@ template(`apache_per_role_template', `
allow $2 httpd_$1_htaccess_t:file { manage_file_perms relabelto relabelfrom };
- manage_dirs_pattern($2,httpd_$1_script_ra_t,httpd_$1_script_ra_t)
- manage_files_pattern($2,httpd_$1_script_ra_t,httpd_$1_script_ra_t)
- manage_lnk_files_pattern($2,httpd_$1_script_ra_t,httpd_$1_script_ra_t)
- relabel_dirs_pattern($2,httpd_$1_script_ra_t,httpd_$1_script_ra_t)
- relabel_files_pattern($2,httpd_$1_script_ra_t,httpd_$1_script_ra_t)
- relabel_lnk_files_pattern($2,httpd_$1_script_ra_t,httpd_$1_script_ra_t)
-
- manage_dirs_pattern($2,httpd_$1_script_ro_t,httpd_$1_script_ro_t)
- manage_files_pattern($2,httpd_$1_script_ro_t,httpd_$1_script_ro_t)
- manage_lnk_files_pattern($2,httpd_$1_script_ro_t,httpd_$1_script_ro_t)
- relabel_dirs_pattern($2,httpd_$1_script_ro_t,httpd_$1_script_ro_t)
- relabel_files_pattern($2,httpd_$1_script_ro_t,httpd_$1_script_ro_t)
- relabel_lnk_files_pattern($2,httpd_$1_script_ro_t,httpd_$1_script_ro_t)
-
- manage_dirs_pattern($2,httpd_$1_script_rw_t,httpd_$1_script_rw_t)
- manage_files_pattern($2,httpd_$1_script_rw_t,httpd_$1_script_rw_t)
- manage_lnk_files_pattern($2,httpd_$1_script_rw_t,httpd_$1_script_rw_t)
- relabel_dirs_pattern($2,httpd_$1_script_rw_t,httpd_$1_script_rw_t)
- relabel_files_pattern($2,httpd_$1_script_rw_t,httpd_$1_script_rw_t)
- relabel_lnk_files_pattern($2,httpd_$1_script_rw_t,httpd_$1_script_rw_t)
-
- manage_dirs_pattern($2,httpd_$1_script_exec_t,httpd_$1_script_exec_t)
- manage_files_pattern($2,httpd_$1_script_exec_t,httpd_$1_script_exec_t)
- manage_lnk_files_pattern($2,httpd_$1_script_exec_t,httpd_$1_script_exec_t)
- relabel_dirs_pattern($2,httpd_$1_script_exec_t,httpd_$1_script_exec_t)
- relabel_files_pattern($2,httpd_$1_script_exec_t,httpd_$1_script_exec_t)
- relabel_lnk_files_pattern($2,httpd_$1_script_exec_t,httpd_$1_script_exec_t)
+ manage_dirs_pattern($2, httpd_$1_script_ra_t, httpd_$1_script_ra_t)
+ manage_files_pattern($2, httpd_$1_script_ra_t, httpd_$1_script_ra_t)
+ manage_lnk_files_pattern($2, httpd_$1_script_ra_t, httpd_$1_script_ra_t)
+ relabel_dirs_pattern($2, httpd_$1_script_ra_t, httpd_$1_script_ra_t)
+ relabel_files_pattern($2, httpd_$1_script_ra_t, httpd_$1_script_ra_t)
+ relabel_lnk_files_pattern($2, httpd_$1_script_ra_t, httpd_$1_script_ra_t)
+
+ manage_dirs_pattern($2, httpd_$1_script_ro_t, httpd_$1_script_ro_t)
+ manage_files_pattern($2, httpd_$1_script_ro_t, httpd_$1_script_ro_t)
+ manage_lnk_files_pattern($2, httpd_$1_script_ro_t, httpd_$1_script_ro_t)
+ relabel_dirs_pattern($2, httpd_$1_script_ro_t, httpd_$1_script_ro_t)
+ relabel_files_pattern($2, httpd_$1_script_ro_t, httpd_$1_script_ro_t)
+ relabel_lnk_files_pattern($2, httpd_$1_script_ro_t, httpd_$1_script_ro_t)
+
+ manage_dirs_pattern($2, httpd_$1_script_rw_t, httpd_$1_script_rw_t)
+ manage_files_pattern($2, httpd_$1_script_rw_t, httpd_$1_script_rw_t)
+ manage_lnk_files_pattern($2, httpd_$1_script_rw_t, httpd_$1_script_rw_t)
+ relabel_dirs_pattern($2, httpd_$1_script_rw_t, httpd_$1_script_rw_t)
+ relabel_files_pattern($2, httpd_$1_script_rw_t, httpd_$1_script_rw_t)
+ relabel_lnk_files_pattern($2, httpd_$1_script_rw_t, httpd_$1_script_rw_t)
+
+ manage_dirs_pattern($2, httpd_$1_script_exec_t, httpd_$1_script_exec_t)
+ manage_files_pattern($2, httpd_$1_script_exec_t, httpd_$1_script_exec_t)
+ manage_lnk_files_pattern($2, httpd_$1_script_exec_t, httpd_$1_script_exec_t)
+ relabel_dirs_pattern($2, httpd_$1_script_exec_t, httpd_$1_script_exec_t)
+ relabel_files_pattern($2, httpd_$1_script_exec_t, httpd_$1_script_exec_t)
+ relabel_lnk_files_pattern($2, httpd_$1_script_exec_t, httpd_$1_script_exec_t)
tunable_policy(`httpd_enable_cgi',`
# If a user starts a script by hand it gets the proper context
@@ -360,8 +360,8 @@ template(`apache_read_user_scripts',`
')
allow $2 httpd_$1_script_exec_t:dir list_dir_perms;
- read_files_pattern($2,httpd_$1_script_exec_t,httpd_$1_script_exec_t)
- read_lnk_files_pattern($2,httpd_$1_script_exec_t,httpd_$1_script_exec_t)
+ read_files_pattern($2, httpd_$1_script_exec_t, httpd_$1_script_exec_t)
+ read_lnk_files_pattern($2, httpd_$1_script_exec_t, httpd_$1_script_exec_t)
')
########################################
@@ -386,8 +386,8 @@ template(`apache_read_user_content',`
')
allow $2 httpd_$1_content_t:dir list_dir_perms;
- read_files_pattern($2,httpd_$1_content_t,httpd_$1_content_t)
- read_lnk_files_pattern($2,httpd_$1_content_t,httpd_$1_content_t)
+ read_files_pattern($2, httpd_$1_content_t, httpd_$1_content_t)
+ read_lnk_files_pattern($2, httpd_$1_content_t, httpd_$1_content_t)
')
########################################
@@ -406,7 +406,7 @@ interface(`apache_domtrans',`
')
corecmd_search_bin($1)
- domtrans_pattern($1,httpd_exec_t,httpd_t)
+ domtrans_pattern($1, httpd_exec_t, httpd_t)
')
########################################
@@ -517,13 +517,13 @@ interface(`apache_manage_all_content',`
attribute httpdcontent, httpd_script_exec_type;
')
- manage_dirs_pattern($1,httpdcontent,httpdcontent)
- manage_files_pattern($1,httpdcontent,httpdcontent)
- manage_lnk_files_pattern($1,httpdcontent,httpdcontent)
+ manage_dirs_pattern($1, httpdcontent, httpdcontent)
+ manage_files_pattern($1, httpdcontent, httpdcontent)
+ manage_lnk_files_pattern($1, httpdcontent, httpdcontent)
- manage_dirs_pattern($1,httpd_script_exec_type,httpd_script_exec_type)
- manage_files_pattern($1,httpd_script_exec_type,httpd_script_exec_type)
- manage_lnk_files_pattern($1,httpd_script_exec_type,httpd_script_exec_type)
+ manage_dirs_pattern($1, httpd_script_exec_type, httpd_script_exec_type)
+ manage_files_pattern($1, httpd_script_exec_type, httpd_script_exec_type)
+ manage_lnk_files_pattern($1, httpd_script_exec_type, httpd_script_exec_type)
')
########################################
@@ -564,8 +564,8 @@ interface(`apache_read_config',`
files_search_etc($1)
allow $1 httpd_config_t:dir list_dir_perms;
- read_files_pattern($1,httpd_config_t,httpd_config_t)
- read_lnk_files_pattern($1,httpd_config_t,httpd_config_t)
+ read_files_pattern($1, httpd_config_t, httpd_config_t)
+ read_lnk_files_pattern($1, httpd_config_t, httpd_config_t)
')
########################################
@@ -585,9 +585,9 @@ interface(`apache_manage_config',`
')
files_search_etc($1)
- manage_dirs_pattern($1,httpd_config_t,httpd_config_t)
- manage_files_pattern($1,httpd_config_t,httpd_config_t)
- read_lnk_files_pattern($1,httpd_config_t,httpd_config_t)
+ manage_dirs_pattern($1, httpd_config_t, httpd_config_t)
+ manage_files_pattern($1, httpd_config_t, httpd_config_t)
+ read_lnk_files_pattern($1, httpd_config_t, httpd_config_t)
')
########################################
@@ -607,7 +607,7 @@ interface(`apache_domtrans_helper',`
')
corecmd_search_bin($1)
- domtrans_pattern($1,httpd_helper_exec_t,httpd_helper_t)
+ domtrans_pattern($1, httpd_helper_exec_t, httpd_helper_t)
')
########################################
@@ -662,8 +662,8 @@ interface(`apache_read_log',`
logging_search_logs($1)
allow $1 httpd_log_t:dir list_dir_perms;
- read_files_pattern($1,httpd_log_t,httpd_log_t)
- read_lnk_files_pattern($1,httpd_log_t,httpd_log_t)
+ read_files_pattern($1, httpd_log_t, httpd_log_t)
+ read_lnk_files_pattern($1, httpd_log_t, httpd_log_t)
')
########################################
@@ -684,7 +684,7 @@ interface(`apache_append_log',`
logging_search_logs($1)
allow $1 httpd_log_t:dir list_dir_perms;
- append_files_pattern($1,httpd_log_t,httpd_log_t)
+ append_files_pattern($1, httpd_log_t, httpd_log_t)
')
########################################
@@ -723,9 +723,9 @@ interface(`apache_manage_log',`
')
logging_search_logs($1)
- manage_dirs_pattern($1,httpd_log_t,httpd_log_t)
- manage_files_pattern($1,httpd_log_t,httpd_log_t)
- read_lnk_files_pattern($1,httpd_log_t,httpd_log_t)
+ manage_dirs_pattern($1, httpd_log_t, httpd_log_t)
+ manage_files_pattern($1, httpd_log_t, httpd_log_t)
+ read_lnk_files_pattern($1, httpd_log_t, httpd_log_t)
')
########################################
@@ -803,7 +803,7 @@ interface(`apache_domtrans_rotatelogs',`
type httpd_rotatelogs_t, httpd_rotatelogs_exec_t;
')
- domtrans_pattern($1,httpd_rotatelogs_exec_t,httpd_rotatelogs_t)
+ domtrans_pattern($1, httpd_rotatelogs_exec_t, httpd_rotatelogs_t)
')
########################################
@@ -825,9 +825,9 @@ interface(`apache_manage_sys_content',`
')
files_search_var($1)
- manage_dirs_pattern($1,httpd_sys_content_t,httpd_sys_content_t)
- manage_files_pattern($1,httpd_sys_content_t,httpd_sys_content_t)
- manage_lnk_files_pattern($1,httpd_sys_content_t,httpd_sys_content_t)
+ manage_dirs_pattern($1, httpd_sys_content_t, httpd_sys_content_t)
+ manage_files_pattern($1, httpd_sys_content_t, httpd_sys_content_t)
+ manage_lnk_files_pattern($1, httpd_sys_content_t, httpd_sys_content_t)
')
########################################
@@ -992,8 +992,8 @@ interface(`apache_read_sys_content',`
')
allow $1 httpd_sys_content_t:dir list_dir_perms;
- read_files_pattern($1,httpd_sys_content_t,httpd_sys_content_t)
- read_lnk_files_pattern($1,httpd_sys_content_t,httpd_sys_content_t)
+ read_files_pattern($1, httpd_sys_content_t, httpd_sys_content_t)
+ read_lnk_files_pattern($1, httpd_sys_content_t, httpd_sys_content_t)
')
########################################
@@ -1030,13 +1030,13 @@ interface(`apache_manage_all_user_content',`
attribute httpd_user_content_type, httpd_user_script_exec_type;
')
- manage_dirs_pattern($1,httpd_user_content_type,httpd_user_content_type)
- manage_files_pattern($1,httpd_user_content_type,httpd_user_content_type)
- manage_lnk_files_pattern($1,httpd_user_content_type,httpd_user_content_type)
+ manage_dirs_pattern($1, httpd_user_content_type, httpd_user_content_type)
+ manage_files_pattern($1, httpd_user_content_type, httpd_user_content_type)
+ manage_lnk_files_pattern($1, httpd_user_content_type, httpd_user_content_type)
- manage_dirs_pattern($1,httpd_user_script_exec_type,httpd_user_script_exec_type)
- manage_files_pattern($1,httpd_user_script_exec_type,httpd_user_script_exec_type)
- manage_lnk_files_pattern($1,httpd_user_script_exec_type,httpd_user_script_exec_type)
+ manage_dirs_pattern($1, httpd_user_script_exec_type, httpd_user_script_exec_type)
+ manage_files_pattern($1, httpd_user_script_exec_type, httpd_user_script_exec_type)
+ manage_lnk_files_pattern($1, httpd_user_script_exec_type, httpd_user_script_exec_type)
')
########################################
diff --git a/policy/modules/services/apache.te b/policy/modules/services/apache.te
index 2441f79..be43195 100644
--- a/policy/modules/services/apache.te
+++ b/policy/modules/services/apache.te
@@ -27,28 +27,28 @@ policy_module(apache, 1.10.0)
## be labeled public_content_rw_t.
##
##
-gen_tunable(allow_httpd_anon_write,false)
+gen_tunable(allow_httpd_anon_write, false)
##
##
## Allow Apache to use mod_auth_pam
##
##
-gen_tunable(allow_httpd_mod_auth_pam,false)
+gen_tunable(allow_httpd_mod_auth_pam, false)
##
##
## Allow httpd to use built in scripting (usually php)
##
##
-gen_tunable(httpd_builtin_scripting,false)
+gen_tunable(httpd_builtin_scripting, false)
##
##
## Allow HTTPD scripts and modules to connect to the network using TCP.
##
##
-gen_tunable(httpd_can_network_connect,false)
+gen_tunable(httpd_can_network_connect, false)
##
##
@@ -69,7 +69,7 @@ gen_tunable(httpd_can_network_relay, false)
## Allow httpd cgi support
##
##
-gen_tunable(httpd_enable_cgi,false)
+gen_tunable(httpd_enable_cgi, false)
##
##
@@ -77,21 +77,21 @@ gen_tunable(httpd_enable_cgi,false)
## listening on the ftp port.
##
##
-gen_tunable(httpd_enable_ftp_server,false)
+gen_tunable(httpd_enable_ftp_server, false)
##
##
## Allow httpd to read home directories
##
##
-gen_tunable(httpd_enable_homedirs,false)
+gen_tunable(httpd_enable_homedirs, false)
##
##
## Allow HTTPD to run SSI executables in the same domain as system CGI scripts.
##
##
-gen_tunable(httpd_ssi_exec,false)
+gen_tunable(httpd_ssi_exec, false)
##
##
@@ -100,14 +100,14 @@ gen_tunable(httpd_ssi_exec,false)
## the terminal.
##
##
-gen_tunable(httpd_tty_comm,false)
+gen_tunable(httpd_tty_comm, false)
##
##
## Unify HTTPD handling of all content files.
##
##
-gen_tunable(httpd_unified,false)
+gen_tunable(httpd_unified, false)
attribute httpdcontent;
attribute httpd_user_content_type;
@@ -123,7 +123,7 @@ attribute httpd_script_domains;
type httpd_t;
type httpd_exec_t;
-init_daemon_domain(httpd_t,httpd_exec_t)
+init_daemon_domain(httpd_t, httpd_exec_t)
role system_r types httpd_t;
# httpd_cache_t is the type given to the /var/cache/httpd
@@ -138,7 +138,7 @@ files_type(httpd_config_t)
type httpd_helper_t;
type httpd_helper_exec_t;
domain_type(httpd_helper_t)
-domain_entry_file(httpd_helper_t,httpd_helper_exec_t)
+domain_entry_file(httpd_helper_t, httpd_helper_exec_t)
role system_r types httpd_helper_t;
type httpd_lock_t;
@@ -155,7 +155,7 @@ files_type(httpd_modules_t)
type httpd_php_t;
type httpd_php_exec_t;
domain_type(httpd_php_t)
-domain_entry_file(httpd_php_t,httpd_php_exec_t)
+domain_entry_file(httpd_php_t, httpd_php_exec_t)
role system_r types httpd_php_t;
type httpd_php_tmp_t;
@@ -172,7 +172,7 @@ files_type(httpd_squirrelmail_t)
type httpd_suexec_t; #, daemon;
type httpd_suexec_exec_t;
domain_type(httpd_suexec_t)
-domain_entry_file(httpd_suexec_t,httpd_suexec_exec_t)
+domain_entry_file(httpd_suexec_t, httpd_suexec_exec_t)
role system_r types httpd_suexec_t;
type httpd_suexec_tmp_t;
@@ -223,68 +223,68 @@ allow httpd_t self:tcp_socket create_stream_socket_perms;
allow httpd_t self:udp_socket create_socket_perms;
# Allow httpd_t to put files in /var/cache/httpd etc
-manage_dirs_pattern(httpd_t,httpd_cache_t,httpd_cache_t)
-manage_files_pattern(httpd_t,httpd_cache_t,httpd_cache_t)
-manage_lnk_files_pattern(httpd_t,httpd_cache_t,httpd_cache_t)
+manage_dirs_pattern(httpd_t, httpd_cache_t, httpd_cache_t)
+manage_files_pattern(httpd_t, httpd_cache_t, httpd_cache_t)
+manage_lnk_files_pattern(httpd_t, httpd_cache_t, httpd_cache_t)
# Allow the httpd_t to read the web servers config files
allow httpd_t httpd_config_t:dir list_dir_perms;
-read_files_pattern(httpd_t,httpd_config_t,httpd_config_t)
-read_lnk_files_pattern(httpd_t,httpd_config_t,httpd_config_t)
+read_files_pattern(httpd_t, httpd_config_t, httpd_config_t)
+read_lnk_files_pattern(httpd_t, httpd_config_t, httpd_config_t)
can_exec(httpd_t, httpd_exec_t)
allow httpd_t httpd_lock_t:file manage_file_perms;
-files_lock_filetrans(httpd_t,httpd_lock_t,file)
+files_lock_filetrans(httpd_t, httpd_lock_t, file)
allow httpd_t httpd_log_t:dir setattr;
-create_files_pattern(httpd_t,httpd_log_t,httpd_log_t)
-append_files_pattern(httpd_t,httpd_log_t,httpd_log_t)
-read_files_pattern(httpd_t,httpd_log_t,httpd_log_t)
-read_lnk_files_pattern(httpd_t,httpd_log_t,httpd_log_t)
+create_files_pattern(httpd_t, httpd_log_t, httpd_log_t)
+append_files_pattern(httpd_t, httpd_log_t, httpd_log_t)
+read_files_pattern(httpd_t, httpd_log_t, httpd_log_t)
+read_lnk_files_pattern(httpd_t, httpd_log_t, httpd_log_t)
# cjp: need to refine create interfaces to
# cut this back to add_name only
-logging_log_filetrans(httpd_t,httpd_log_t,file)
+logging_log_filetrans(httpd_t, httpd_log_t, file)
allow httpd_t httpd_modules_t:dir list_dir_perms;
-mmap_files_pattern(httpd_t,httpd_modules_t,httpd_modules_t)
-read_files_pattern(httpd_t,httpd_modules_t,httpd_modules_t)
+mmap_files_pattern(httpd_t, httpd_modules_t, httpd_modules_t)
+read_files_pattern(httpd_t, httpd_modules_t, httpd_modules_t)
apache_domtrans_rotatelogs(httpd_t)
# Apache-httpd needs to be able to send signals to the log rotate procs.
allow httpd_t httpd_rotatelogs_t:process signal_perms;
-manage_dirs_pattern(httpd_t,httpd_squirrelmail_t,httpd_squirrelmail_t)
-manage_files_pattern(httpd_t,httpd_squirrelmail_t,httpd_squirrelmail_t)
-manage_lnk_files_pattern(httpd_t,httpd_squirrelmail_t,httpd_squirrelmail_t)
+manage_dirs_pattern(httpd_t, httpd_squirrelmail_t, httpd_squirrelmail_t)
+manage_files_pattern(httpd_t, httpd_squirrelmail_t, httpd_squirrelmail_t)
+manage_lnk_files_pattern(httpd_t, httpd_squirrelmail_t, httpd_squirrelmail_t)
allow httpd_t httpd_suexec_exec_t:file { getattr read };
allow httpd_t httpd_sys_content_t:dir list_dir_perms;
-read_files_pattern(httpd_t,httpd_sys_content_t,httpd_sys_content_t)
-read_lnk_files_pattern(httpd_t,httpd_sys_content_t,httpd_sys_content_t)
+read_files_pattern(httpd_t, httpd_sys_content_t, httpd_sys_content_t)
+read_lnk_files_pattern(httpd_t, httpd_sys_content_t, httpd_sys_content_t)
-manage_dirs_pattern(httpd_t,httpd_tmp_t,httpd_tmp_t)
-manage_files_pattern(httpd_t,httpd_tmp_t,httpd_tmp_t)
+manage_dirs_pattern(httpd_t, httpd_tmp_t, httpd_tmp_t)
+manage_files_pattern(httpd_t, httpd_tmp_t, httpd_tmp_t)
files_tmp_filetrans(httpd_t, httpd_tmp_t, { file dir })
-manage_dirs_pattern(httpd_t,httpd_tmpfs_t,httpd_tmpfs_t)
-manage_files_pattern(httpd_t,httpd_tmpfs_t,httpd_tmpfs_t)
-manage_lnk_files_pattern(httpd_t,httpd_tmpfs_t,httpd_tmpfs_t)
-manage_fifo_files_pattern(httpd_t,httpd_tmpfs_t,httpd_tmpfs_t)
-manage_sock_files_pattern(httpd_t,httpd_tmpfs_t,httpd_tmpfs_t)
-fs_tmpfs_filetrans(httpd_t,httpd_tmpfs_t,{ dir file lnk_file sock_file fifo_file })
+manage_dirs_pattern(httpd_t, httpd_tmpfs_t, httpd_tmpfs_t)
+manage_files_pattern(httpd_t, httpd_tmpfs_t, httpd_tmpfs_t)
+manage_lnk_files_pattern(httpd_t, httpd_tmpfs_t, httpd_tmpfs_t)
+manage_fifo_files_pattern(httpd_t, httpd_tmpfs_t, httpd_tmpfs_t)
+manage_sock_files_pattern(httpd_t, httpd_tmpfs_t, httpd_tmpfs_t)
+fs_tmpfs_filetrans(httpd_t, httpd_tmpfs_t,{ dir file lnk_file sock_file fifo_file })
-manage_files_pattern(httpd_t,httpd_var_lib_t,httpd_var_lib_t)
-files_var_lib_filetrans(httpd_t,httpd_var_lib_t,file)
+manage_files_pattern(httpd_t, httpd_var_lib_t, httpd_var_lib_t)
+files_var_lib_filetrans(httpd_t, httpd_var_lib_t, file)
-manage_files_pattern(httpd_t,httpd_var_run_t,httpd_var_run_t)
-manage_sock_files_pattern(httpd_t,httpd_var_run_t,httpd_var_run_t)
-files_pid_filetrans(httpd_t,httpd_var_run_t, { file sock_file })
+manage_files_pattern(httpd_t, httpd_var_run_t, httpd_var_run_t)
+manage_sock_files_pattern(httpd_t, httpd_var_run_t, httpd_var_run_t)
+files_pid_filetrans(httpd_t, httpd_var_run_t, { file sock_file })
-manage_dirs_pattern(httpd_t,squirrelmail_spool_t,squirrelmail_spool_t)
-manage_files_pattern(httpd_t,squirrelmail_spool_t,squirrelmail_spool_t)
-manage_lnk_files_pattern(httpd_t,squirrelmail_spool_t,squirrelmail_spool_t)
+manage_dirs_pattern(httpd_t, squirrelmail_spool_t, squirrelmail_spool_t)
+manage_files_pattern(httpd_t, squirrelmail_spool_t, squirrelmail_spool_t)
+manage_lnk_files_pattern(httpd_t, squirrelmail_spool_t, squirrelmail_spool_t)
kernel_read_kernel_sysctls(httpd_t)
# for modules that want to access /proc/meminfo
@@ -385,9 +385,9 @@ tunable_policy(`httpd_can_network_relay',`
tunable_policy(`httpd_enable_cgi && httpd_unified && httpd_builtin_scripting',`
domtrans_pattern(httpd_t, httpdcontent, httpd_sys_script_t)
- manage_dirs_pattern(httpd_t,httpdcontent,httpdcontent)
- manage_files_pattern(httpd_t,httpdcontent,httpdcontent)
- manage_lnk_files_pattern(httpd_t,httpdcontent,httpdcontent)
+ manage_dirs_pattern(httpd_t, httpdcontent, httpdcontent)
+ manage_files_pattern(httpd_t, httpdcontent, httpdcontent)
+ manage_lnk_files_pattern(httpd_t, httpdcontent, httpdcontent)
')
tunable_policy(`httpd_enable_ftp_server',`
@@ -546,8 +546,8 @@ domtrans_pattern(httpd_t, httpd_php_exec_t, httpd_php_t)
# allow php to read and append to apache logfiles
allow httpd_php_t httpd_log_t:file { read_file_perms append_file_perms };
-manage_dirs_pattern(httpd_php_t,httpd_php_tmp_t,httpd_php_tmp_t)
-manage_files_pattern(httpd_php_t,httpd_php_tmp_t,httpd_php_tmp_t)
+manage_dirs_pattern(httpd_php_t, httpd_php_tmp_t, httpd_php_tmp_t)
+manage_files_pattern(httpd_php_t, httpd_php_tmp_t, httpd_php_tmp_t)
files_tmp_filetrans(httpd_php_t, httpd_php_tmp_t, { file dir })
fs_search_auto_mountpoints(httpd_php_t)
@@ -581,14 +581,14 @@ allow httpd_suexec_t self:unix_stream_socket create_stream_socket_perms;
domtrans_pattern(httpd_t, httpd_suexec_exec_t, httpd_suexec_t)
-create_files_pattern(httpd_suexec_t,httpd_log_t,httpd_log_t)
-append_files_pattern(httpd_suexec_t,httpd_log_t,httpd_log_t)
-read_files_pattern(httpd_suexec_t,httpd_log_t,httpd_log_t)
+create_files_pattern(httpd_suexec_t, httpd_log_t, httpd_log_t)
+append_files_pattern(httpd_suexec_t, httpd_log_t, httpd_log_t)
+read_files_pattern(httpd_suexec_t, httpd_log_t, httpd_log_t)
allow httpd_suexec_t httpd_t:fifo_file getattr;
-manage_dirs_pattern(httpd_suexec_t,httpd_suexec_tmp_t,httpd_suexec_tmp_t)
-manage_files_pattern(httpd_suexec_t,httpd_suexec_tmp_t,httpd_suexec_tmp_t)
+manage_dirs_pattern(httpd_suexec_t, httpd_suexec_tmp_t, httpd_suexec_tmp_t)
+manage_files_pattern(httpd_suexec_t, httpd_suexec_tmp_t, httpd_suexec_tmp_t)
files_tmp_filetrans(httpd_suexec_t, httpd_suexec_tmp_t, { file dir })
kernel_read_kernel_sysctls(httpd_suexec_t)
@@ -681,8 +681,8 @@ dontaudit httpd_sys_script_t httpd_config_t:dir search;
allow httpd_sys_script_t httpd_squirrelmail_t:file { append read };
allow httpd_sys_script_t squirrelmail_spool_t:dir list_dir_perms;
-read_files_pattern(httpd_sys_script_t,squirrelmail_spool_t,squirrelmail_spool_t)
-read_lnk_files_pattern(httpd_sys_script_t,squirrelmail_spool_t,squirrelmail_spool_t)
+read_files_pattern(httpd_sys_script_t, squirrelmail_spool_t, squirrelmail_spool_t)
+read_lnk_files_pattern(httpd_sys_script_t, squirrelmail_spool_t, squirrelmail_spool_t)
kernel_read_kernel_sysctls(httpd_sys_script_t)
@@ -728,7 +728,7 @@ optional_policy(`
# httpd_rotatelogs local policy
#
-manage_files_pattern(httpd_rotatelogs_t,httpd_log_t,httpd_log_t)
+manage_files_pattern(httpd_rotatelogs_t, httpd_log_t, httpd_log_t)
kernel_read_kernel_sysctls(httpd_rotatelogs_t)
kernel_dontaudit_list_proc(httpd_rotatelogs_t)
diff --git a/policy/modules/services/apcupsd.if b/policy/modules/services/apcupsd.if
index 1a3789b..afb568f 100644
--- a/policy/modules/services/apcupsd.if
+++ b/policy/modules/services/apcupsd.if
@@ -15,7 +15,7 @@ interface(`apcupsd_domtrans',`
type apcupsd_t, apcupsd_exec_t;
')
- domtrans_pattern($1,apcupsd_exec_t,apcupsd_t)
+ domtrans_pattern($1, apcupsd_exec_t, apcupsd_t)
')
########################################
@@ -95,5 +95,5 @@ interface(`httpd_apcupsd_cgi_script_domtrans',`
type httpd_apcupsd_cgi_script_t, httpd_apcupsd_cgi_script_exec_t;
')
- domtrans_pattern($1,httpd_apcupsd_cgi_script_exec_t,httpd_apcupsd_cgi_script_t)
+ domtrans_pattern($1, httpd_apcupsd_cgi_script_exec_t, httpd_apcupsd_cgi_script_t)
')
diff --git a/policy/modules/services/apcupsd.te b/policy/modules/services/apcupsd.te
index fcd32ca..758c460 100644
--- a/policy/modules/services/apcupsd.te
+++ b/policy/modules/services/apcupsd.te
@@ -1,5 +1,5 @@
-policy_module(apcupsd,1.3.0)
+policy_module(apcupsd, 1.3.0)
########################################
#
@@ -37,13 +37,13 @@ allow apcupsd_t apcupsd_lock_t:file manage_file_perms;
files_lock_filetrans(apcupsd_t,apcupsd_lock_t,file)
allow apcupsd_t apcupsd_log_t:dir setattr;
-manage_files_pattern(apcupsd_t,apcupsd_log_t,apcupsd_log_t)
-logging_log_filetrans(apcupsd_t,apcupsd_log_t,{ file dir })
+manage_files_pattern(apcupsd_t, apcupsd_log_t, apcupsd_log_t)
+logging_log_filetrans(apcupsd_t, apcupsd_log_t, { file dir })
manage_files_pattern(apcupsd_t, apcupsd_tmp_t, apcupsd_tmp_t)
files_tmp_filetrans(apcupsd_t, apcupsd_tmp_t, file)
-manage_files_pattern(apcupsd_t,apcupsd_var_run_t,apcupsd_var_run_t)
+manage_files_pattern(apcupsd_t, apcupsd_var_run_t, apcupsd_var_run_t)
files_pid_filetrans(apcupsd_t,apcupsd_var_run_t, file)
kernel_read_system_state(apcupsd_t)
diff --git a/policy/modules/services/apm.if b/policy/modules/services/apm.if
index 901788f..3e8778e 100644
--- a/policy/modules/services/apm.if
+++ b/policy/modules/services/apm.if
@@ -16,7 +16,7 @@ interface(`apm_domtrans_client',`
')
corecmd_search_bin($1)
- domtrans_pattern($1,apm_exec_t,apm_t)
+ domtrans_pattern($1, apm_exec_t, apm_t)
')
########################################
diff --git a/policy/modules/services/apm.te b/policy/modules/services/apm.te
index bd00102..b408f87 100644
--- a/policy/modules/services/apm.te
+++ b/policy/modules/services/apm.te
@@ -7,11 +7,11 @@ policy_module(apm, 1.7.0)
#
type apmd_t;
type apmd_exec_t;
-init_daemon_domain(apmd_t,apmd_exec_t)
+init_daemon_domain(apmd_t, apmd_exec_t)
type apm_t;
type apm_exec_t;
-application_domain(apm_t,apm_exec_t)
+application_domain(apm_t, apm_exec_t)
role system_r types apm_t;
@@ -73,12 +73,12 @@ allow apmd_t self:unix_stream_socket create_stream_socket_perms;
allow apmd_t apmd_log_t:file manage_file_perms;
logging_log_filetrans(apmd_t,apmd_log_t,file)
-manage_dirs_pattern(apmd_t,apmd_tmp_t,apmd_tmp_t)
-manage_files_pattern(apmd_t,apmd_tmp_t,apmd_tmp_t)
+manage_dirs_pattern(apmd_t, apmd_tmp_t, apmd_tmp_t)
+manage_files_pattern(apmd_t, apmd_tmp_t, apmd_tmp_t)
files_tmp_filetrans(apmd_t, apmd_tmp_t, { file dir })
-manage_files_pattern(apmd_t,apmd_var_run_t,apmd_var_run_t)
-manage_sock_files_pattern(apmd_t,apmd_var_run_t,apmd_var_run_t)
+manage_files_pattern(apmd_t, apmd_var_run_t, apmd_var_run_t)
+manage_sock_files_pattern(apmd_t, apmd_var_run_t, apmd_var_run_t)
files_pid_filetrans(apmd_t, apmd_var_run_t, { file sock_file })
kernel_read_kernel_sysctls(apmd_t)
@@ -168,9 +168,9 @@ ifdef(`distro_redhat',`
')
ifdef(`distro_suse',`
- manage_dirs_pattern(apmd_t,apmd_var_lib_t,apmd_var_lib_t)
- manage_files_pattern(apmd_t,apmd_var_lib_t,apmd_var_lib_t)
- files_var_lib_filetrans(apmd_t,apmd_var_lib_t,file)
+ manage_dirs_pattern(apmd_t, apmd_var_lib_t, apmd_var_lib_t)
+ manage_files_pattern(apmd_t, apmd_var_lib_t, apmd_var_lib_t)
+ files_var_lib_filetrans(apmd_t, apmd_var_lib_t, file)
')
optional_policy(`
diff --git a/policy/modules/services/arpwatch.if b/policy/modules/services/arpwatch.if
index 7f830f9..5757c34 100644
--- a/policy/modules/services/arpwatch.if
+++ b/policy/modules/services/arpwatch.if
@@ -33,7 +33,7 @@ interface(`arpwatch_manage_data_files',`
type arpwatch_data_t;
')
- manage_files_pattern($1,arpwatch_data_t,arpwatch_data_t)
+ manage_files_pattern($1, arpwatch_data_t, arpwatch_data_t)
')
########################################
diff --git a/policy/modules/services/arpwatch.te b/policy/modules/services/arpwatch.te
index e4a5532..d697881 100644
--- a/policy/modules/services/arpwatch.te
+++ b/policy/modules/services/arpwatch.te
@@ -8,7 +8,7 @@ policy_module(arpwatch, 1.6.0)
type arpwatch_t;
type arpwatch_exec_t;
-init_daemon_domain(arpwatch_t,arpwatch_exec_t)
+init_daemon_domain(arpwatch_t, arpwatch_exec_t)
type arpwatch_data_t;
files_type(arpwatch_data_t)
@@ -32,16 +32,16 @@ allow arpwatch_t self:tcp_socket { connect create_stream_socket_perms };
allow arpwatch_t self:udp_socket create_socket_perms;
allow arpwatch_t self:packet_socket create_socket_perms;
-manage_dirs_pattern(arpwatch_t,arpwatch_data_t,arpwatch_data_t)
-manage_files_pattern(arpwatch_t,arpwatch_data_t,arpwatch_data_t)
-manage_lnk_files_pattern(arpwatch_t,arpwatch_data_t,arpwatch_data_t)
+manage_dirs_pattern(arpwatch_t, arpwatch_data_t, arpwatch_data_t)
+manage_files_pattern(arpwatch_t, arpwatch_data_t, arpwatch_data_t)
+manage_lnk_files_pattern(arpwatch_t, arpwatch_data_t, arpwatch_data_t)
-manage_dirs_pattern(arpwatch_t,arpwatch_tmp_t,arpwatch_tmp_t)
-manage_files_pattern(arpwatch_t,arpwatch_tmp_t,arpwatch_tmp_t)
+manage_dirs_pattern(arpwatch_t, arpwatch_tmp_t, arpwatch_tmp_t)
+manage_files_pattern(arpwatch_t, arpwatch_tmp_t, arpwatch_tmp_t)
files_tmp_filetrans(arpwatch_t, arpwatch_tmp_t, { file dir })
-manage_files_pattern(arpwatch_t,arpwatch_var_run_t,arpwatch_var_run_t)
-files_pid_filetrans(arpwatch_t,arpwatch_var_run_t,file)
+manage_files_pattern(arpwatch_t, arpwatch_var_run_t, arpwatch_var_run_t)
+files_pid_filetrans(arpwatch_t, arpwatch_var_run_t, file)
kernel_read_kernel_sysctls(arpwatch_t)
kernel_list_proc(arpwatch_t)
diff --git a/policy/modules/services/asterisk.te b/policy/modules/services/asterisk.te
index d202aa1..afa439c 100644
--- a/policy/modules/services/asterisk.te
+++ b/policy/modules/services/asterisk.te
@@ -8,7 +8,7 @@ policy_module(asterisk, 1.5.0)
type asterisk_t;
type asterisk_exec_t;
-init_daemon_domain(asterisk_t,asterisk_exec_t)
+init_daemon_domain(asterisk_t, asterisk_exec_t)
type asterisk_etc_t;
files_config_file(asterisk_etc_t)
@@ -47,34 +47,34 @@ allow asterisk_t self:tcp_socket create_stream_socket_perms;
allow asterisk_t self:udp_socket create_socket_perms;
allow asterisk_t asterisk_etc_t:dir list_dir_perms;
-read_files_pattern(asterisk_t,asterisk_etc_t,asterisk_etc_t)
-read_lnk_files_pattern(asterisk_t,asterisk_etc_t,asterisk_etc_t)
+read_files_pattern(asterisk_t, asterisk_etc_t, asterisk_etc_t)
+read_lnk_files_pattern(asterisk_t, asterisk_etc_t, asterisk_etc_t)
files_search_etc(asterisk_t)
-manage_files_pattern(asterisk_t,asterisk_log_t,asterisk_log_t)
-logging_log_filetrans(asterisk_t,asterisk_log_t,{ file dir })
+manage_files_pattern(asterisk_t, asterisk_log_t, asterisk_log_t)
+logging_log_filetrans(asterisk_t, asterisk_log_t, { file dir })
-manage_dirs_pattern(asterisk_t,asterisk_spool_t,asterisk_spool_t)
-manage_files_pattern(asterisk_t,asterisk_spool_t,asterisk_spool_t)
-manage_lnk_files_pattern(asterisk_t,asterisk_spool_t,asterisk_spool_t)
+manage_dirs_pattern(asterisk_t, asterisk_spool_t, asterisk_spool_t)
+manage_files_pattern(asterisk_t, asterisk_spool_t, asterisk_spool_t)
+manage_lnk_files_pattern(asterisk_t, asterisk_spool_t, asterisk_spool_t)
-manage_dirs_pattern(asterisk_t,asterisk_tmp_t,asterisk_tmp_t)
-manage_files_pattern(asterisk_t,asterisk_tmp_t,asterisk_tmp_t)
+manage_dirs_pattern(asterisk_t, asterisk_tmp_t, asterisk_tmp_t)
+manage_files_pattern(asterisk_t, asterisk_tmp_t, asterisk_tmp_t)
files_tmp_filetrans(asterisk_t, asterisk_tmp_t, { file dir })
-manage_files_pattern(asterisk_t,asterisk_tmpfs_t,asterisk_tmpfs_t)
-manage_lnk_files_pattern(asterisk_t,asterisk_tmpfs_t,asterisk_tmpfs_t)
-manage_fifo_files_pattern(asterisk_t,asterisk_tmpfs_t,asterisk_tmpfs_t)
-manage_sock_files_pattern(asterisk_t,asterisk_tmpfs_t,asterisk_tmpfs_t)
-fs_tmpfs_filetrans(asterisk_t,asterisk_tmpfs_t,{ dir file lnk_file sock_file fifo_file })
+manage_files_pattern(asterisk_t, asterisk_tmpfs_t, asterisk_tmpfs_t)
+manage_lnk_files_pattern(asterisk_t, asterisk_tmpfs_t, asterisk_tmpfs_t)
+manage_fifo_files_pattern(asterisk_t, asterisk_tmpfs_t, asterisk_tmpfs_t)
+manage_sock_files_pattern(asterisk_t, asterisk_tmpfs_t, asterisk_tmpfs_t)
+fs_tmpfs_filetrans(asterisk_t, asterisk_tmpfs_t, { dir file lnk_file sock_file fifo_file })
-manage_files_pattern(asterisk_t,asterisk_var_lib_t,asterisk_var_lib_t)
-files_var_lib_filetrans(asterisk_t,asterisk_var_lib_t,file)
+manage_files_pattern(asterisk_t, asterisk_var_lib_t, asterisk_var_lib_t)
+files_var_lib_filetrans(asterisk_t, asterisk_var_lib_t, file)
-manage_files_pattern(asterisk_t,asterisk_var_run_t,asterisk_var_run_t)
-manage_fifo_files_pattern(asterisk_t,asterisk_var_run_t,asterisk_var_run_t)
-manage_sock_files_pattern(asterisk_t,asterisk_var_run_t,asterisk_var_run_t)
-files_pid_filetrans(asterisk_t,asterisk_var_run_t,file)
+manage_files_pattern(asterisk_t, asterisk_var_run_t, asterisk_var_run_t)
+manage_fifo_files_pattern(asterisk_t, asterisk_var_run_t, asterisk_var_run_t)
+manage_sock_files_pattern(asterisk_t, asterisk_var_run_t, asterisk_var_run_t)
+files_pid_filetrans(asterisk_t, asterisk_var_run_t, file)
kernel_read_system_state(asterisk_t)
kernel_read_kernel_sysctls(asterisk_t)
diff --git a/policy/modules/services/audioentropy.te b/policy/modules/services/audioentropy.te
index 8786b44..f15f6d7 100644
--- a/policy/modules/services/audioentropy.te
+++ b/policy/modules/services/audioentropy.te
@@ -8,7 +8,7 @@ policy_module(audio_entropy, 1.4.0)
type entropyd_t;
type entropyd_exec_t;
-init_daemon_domain(entropyd_t,entropyd_exec_t)
+init_daemon_domain(entropyd_t, entropyd_exec_t)
type entropyd_var_run_t;
files_pid_file(entropyd_var_run_t)
@@ -22,8 +22,8 @@ allow entropyd_t self:capability { dac_override ipc_lock sys_admin };
dontaudit entropyd_t self:capability sys_tty_config;
allow entropyd_t self:process signal_perms;
-manage_files_pattern(entropyd_t,entropyd_var_run_t,entropyd_var_run_t)
-files_pid_filetrans(entropyd_t,entropyd_var_run_t,file)
+manage_files_pattern(entropyd_t, entropyd_var_run_t, entropyd_var_run_t)
+files_pid_filetrans(entropyd_t, entropyd_var_run_t, file)
kernel_read_kernel_sysctls(entropyd_t)
kernel_list_proc(entropyd_t)
diff --git a/policy/modules/services/automount.if b/policy/modules/services/automount.if
index 6306fbd..fa34bf9 100644
--- a/policy/modules/services/automount.if
+++ b/policy/modules/services/automount.if
@@ -35,7 +35,7 @@ interface(`automount_exec_config',`
')
corecmd_search_bin($1)
- can_exec($1,automount_etc_t)
+ can_exec($1, automount_etc_t)
')
########################################
@@ -53,7 +53,7 @@ interface(`automount_read_state',`
type automount_t;
')
- read_files_pattern($1,automount_t,automount_t)
+ read_files_pattern($1, automount_t, automount_t)
')
########################################
diff --git a/policy/modules/services/automount.te b/policy/modules/services/automount.te
index 6cd10dc..8241f9f 100644
--- a/policy/modules/services/automount.te
+++ b/policy/modules/services/automount.te
@@ -8,7 +8,7 @@ policy_module(automount, 1.9.0)
type automount_t;
type automount_exec_t;
-init_daemon_domain(automount_t,automount_exec_t)
+init_daemon_domain(automount_t, automount_exec_t)
type automount_var_run_t;
files_pid_file(automount_var_run_t)
@@ -40,19 +40,19 @@ allow automount_t self:netlink_route_socket r_netlink_socket_perms;
can_exec(automount_t, automount_exec_t)
allow automount_t automount_lock_t:file manage_file_perms;
-files_lock_filetrans(automount_t,automount_lock_t,file)
+files_lock_filetrans(automount_t, automount_lock_t, file)
-manage_dirs_pattern(automount_t,automount_tmp_t,automount_tmp_t)
-manage_files_pattern(automount_t,automount_tmp_t,automount_tmp_t)
+manage_dirs_pattern(automount_t, automount_tmp_t, automount_tmp_t)
+manage_files_pattern(automount_t, automount_tmp_t, automount_tmp_t)
files_tmp_filetrans(automount_t, automount_tmp_t, { file dir })
# Allow automount to create and delete directories in / and /home
allow automount_t automount_tmp_t:dir manage_dir_perms;
-files_home_filetrans(automount_t,automount_tmp_t,dir)
-files_root_filetrans(automount_t,automount_tmp_t,dir)
+files_home_filetrans(automount_t, automount_tmp_t, dir)
+files_root_filetrans(automount_t, automount_tmp_t, dir)
-manage_files_pattern(automount_t,automount_var_run_t,automount_var_run_t)
-files_pid_filetrans(automount_t,automount_var_run_t,file)
+manage_files_pattern(automount_t, automount_var_run_t, automount_var_run_t)
+files_pid_filetrans(automount_t, automount_var_run_t, file)
kernel_read_kernel_sysctls(automount_t)
kernel_read_irq_sysctls(automount_t)
diff --git a/policy/modules/services/avahi.if b/policy/modules/services/avahi.if
index 2889825..607c113 100644
--- a/policy/modules/services/avahi.if
+++ b/policy/modules/services/avahi.if
@@ -37,7 +37,7 @@ interface(`avahi_stream_connect',`
')
files_search_pids($1)
- stream_connect_pattern($1,avahi_var_run_t,avahi_var_run_t,avahi_t)
+ stream_connect_pattern($1, avahi_var_run_t, avahi_var_run_t, avahi_t)
')
########################################
diff --git a/policy/modules/services/avahi.te b/policy/modules/services/avahi.te
index d646690..3869e4f 100644
--- a/policy/modules/services/avahi.te
+++ b/policy/modules/services/avahi.te
@@ -8,7 +8,7 @@ policy_module(avahi, 1.9.0)
type avahi_t;
type avahi_exec_t;
-init_daemon_domain(avahi_t,avahi_exec_t)
+init_daemon_domain(avahi_t, avahi_exec_t)
type avahi_var_run_t;
files_pid_file(avahi_var_run_t)
@@ -27,8 +27,8 @@ allow avahi_t self:unix_dgram_socket create_socket_perms;
allow avahi_t self:tcp_socket create_stream_socket_perms;
allow avahi_t self:udp_socket create_socket_perms;
-manage_files_pattern(avahi_t,avahi_var_run_t,avahi_var_run_t)
-manage_sock_files_pattern(avahi_t,avahi_var_run_t,avahi_var_run_t)
+manage_files_pattern(avahi_t, avahi_var_run_t, avahi_var_run_t)
+manage_sock_files_pattern(avahi_t, avahi_var_run_t, avahi_var_run_t)
allow avahi_t avahi_var_run_t:dir setattr;
files_pid_filetrans(avahi_t,avahi_var_run_t,file)
diff --git a/policy/modules/services/bind.if b/policy/modules/services/bind.if
index f367bd8..e0932ca 100644
--- a/policy/modules/services/bind.if
+++ b/policy/modules/services/bind.if
@@ -15,7 +15,7 @@ interface(`bind_domtrans_ndc',`
type ndc_t, ndc_exec_t;
')
- domtrans_pattern($1,ndc_exec_t,ndc_t)
+ domtrans_pattern($1, ndc_exec_t, ndc_t)
')
########################################
@@ -83,7 +83,7 @@ interface(`bind_domtrans',`
type named_t, named_exec_t;
')
- domtrans_pattern($1,named_exec_t,named_t)
+ domtrans_pattern($1, named_exec_t, named_t)
')
########################################
@@ -101,7 +101,7 @@ interface(`bind_read_dnssec_keys',`
type named_conf_t, named_zone_t, dnssec_t;
')
- read_files_pattern($1,{ named_conf_t named_zone_t },dnssec_t)
+ read_files_pattern($1, { named_conf_t named_zone_t }, dnssec_t)
')
########################################
@@ -119,7 +119,7 @@ interface(`bind_read_config',`
type named_conf_t;
')
- read_files_pattern($1,named_conf_t,named_conf_t)
+ read_files_pattern($1, named_conf_t, named_conf_t)
')
########################################
@@ -137,7 +137,7 @@ interface(`bind_write_config',`
type named_conf_t;
')
- write_files_pattern($1,named_conf_t,named_conf_t)
+ write_files_pattern($1, named_conf_t, named_conf_t)
allow $1 named_conf_t:file setattr;
')
@@ -157,7 +157,7 @@ interface(`bind_manage_config_dirs',`
type named_conf_t;
')
- manage_dirs_pattern($1,named_conf_t,named_conf_t)
+ manage_dirs_pattern($1, named_conf_t, named_conf_t)
')
########################################
@@ -199,8 +199,8 @@ interface(`bind_manage_cache',`
files_search_var($1)
allow $1 named_zone_t:dir search_dir_perms;
- manage_files_pattern($1,named_cache_t,named_cache_t)
- manage_lnk_files_pattern($1,named_cache_t,named_cache_t)
+ manage_files_pattern($1, named_cache_t, named_cache_t)
+ manage_lnk_files_pattern($1, named_cache_t, named_cache_t)
')
########################################
@@ -238,7 +238,7 @@ interface(`bind_read_zone',`
')
files_search_var($1)
- read_files_pattern($1,named_zone_t,named_zone_t)
+ read_files_pattern($1, named_zone_t, named_zone_t)
')
########################################
diff --git a/policy/modules/services/bind.te b/policy/modules/services/bind.te
index 792e916..33e7dae 100644
--- a/policy/modules/services/bind.te
+++ b/policy/modules/services/bind.te
@@ -12,7 +12,7 @@ policy_module(bind, 1.7.0)
## Generally this is used for dynamic DNS or zone transfers.
##
##
-gen_tunable(named_write_master_zones,false)
+gen_tunable(named_write_master_zones, false)
# for DNSSEC key files
type dnssec_t;
@@ -20,11 +20,11 @@ files_security_file(dnssec_t)
type named_t;
type named_exec_t;
-init_daemon_domain(named_t,named_exec_t)
+init_daemon_domain(named_t, named_exec_t)
role system_r types named_t;
type named_checkconf_exec_t;
-init_system_domain(named_t,named_checkconf_exec_t)
+init_system_domain(named_t, named_checkconf_exec_t)
# A type for configuration files of named.
type named_conf_t;
@@ -50,7 +50,7 @@ files_type(named_zone_t)
type ndc_t;
type ndc_exec_t;
-init_system_domain(ndc_t,ndc_exec_t)
+init_system_domain(ndc_t, ndc_exec_t)
role system_r types ndc_t;
########################################
@@ -71,30 +71,30 @@ allow named_t dnssec_t:file { getattr read };
# read configuration
allow named_t named_conf_t:dir list_dir_perms;
-read_files_pattern(named_t,named_conf_t,named_conf_t)
-read_lnk_files_pattern(named_t,named_conf_t,named_conf_t)
+read_files_pattern(named_t, named_conf_t, named_conf_t)
+read_lnk_files_pattern(named_t, named_conf_t, named_conf_t)
# write cache for secondary zones
-manage_files_pattern(named_t,named_cache_t,named_cache_t)
-manage_lnk_files_pattern(named_t,named_cache_t,named_cache_t)
+manage_files_pattern(named_t, named_cache_t, named_cache_t)
+manage_lnk_files_pattern(named_t, named_cache_t, named_cache_t)
can_exec(named_t, named_exec_t)
-manage_files_pattern(named_t,named_log_t,named_log_t)
-logging_log_filetrans(named_t,named_log_t,{ file dir })
+manage_files_pattern(named_t, named_log_t, named_log_t)
+logging_log_filetrans(named_t, named_log_t, { file dir })
-manage_dirs_pattern(named_t,named_tmp_t,named_tmp_t)
-manage_files_pattern(named_t,named_tmp_t,named_tmp_t)
+manage_dirs_pattern(named_t, named_tmp_t, named_tmp_t)
+manage_files_pattern(named_t, named_tmp_t, named_tmp_t)
files_tmp_filetrans(named_t, named_tmp_t, { file dir })
-manage_files_pattern(named_t,named_var_run_t,named_var_run_t)
-manage_sock_files_pattern(named_t,named_var_run_t,named_var_run_t)
-files_pid_filetrans(named_t,named_var_run_t,{ file sock_file })
+manage_files_pattern(named_t, named_var_run_t, named_var_run_t)
+manage_sock_files_pattern(named_t, named_var_run_t, named_var_run_t)
+files_pid_filetrans(named_t, named_var_run_t, { file sock_file })
# read zone files
allow named_t named_zone_t:dir list_dir_perms;
-read_files_pattern(named_t,named_zone_t,named_zone_t)
-read_lnk_files_pattern(named_t,named_zone_t,named_zone_t)
+read_files_pattern(named_t, named_zone_t, named_zone_t)
+read_lnk_files_pattern(named_t, named_zone_t, named_zone_t)
kernel_read_kernel_sysctls(named_t)
kernel_read_system_state(named_t)
@@ -151,9 +151,9 @@ userdom_dontaudit_use_unpriv_user_fds(named_t)
sysadm_dontaudit_search_home_dirs(named_t)
tunable_policy(`named_write_master_zones',`
- manage_dirs_pattern(named_t,named_zone_t,named_zone_t)
- manage_files_pattern(named_t,named_zone_t,named_zone_t)
- manage_lnk_files_pattern(named_t,named_zone_t,named_zone_t)
+ manage_dirs_pattern(named_t, named_zone_t, named_zone_t)
+ manage_files_pattern(named_t, named_zone_t,named_zone_t)
+ manage_lnk_files_pattern(named_t, named_zone_t, named_zone_t)
')
optional_policy(`
@@ -161,7 +161,7 @@ optional_policy(`
sysnet_dbus_chat_dhcpc(named_t)
- dbus_system_bus_client_template(named,named_t)
+ dbus_system_bus_client_template(named, named_t)
dbus_connect_system_bus(named_t)
optional_policy(`
diff --git a/policy/modules/services/bluetooth.if b/policy/modules/services/bluetooth.if
index 9ce5b29..be4719e 100644
--- a/policy/modules/services/bluetooth.if
+++ b/policy/modules/services/bluetooth.if
@@ -35,8 +35,7 @@
template(`bluetooth_per_role_template',`
gen_require(`
attribute bluetooth_helper_domain;
- type bluetooth_helper_exec_t;
- type bluetooth_t;
+ type bluetooth_helper_exec_t, bluetooth_t;
')
type $1_bluetooth_t, bluetooth_helper_domain;
@@ -127,7 +126,7 @@ interface(`bluetooth_domtrans',`
type bluetooth_t, bluetooth_exec_t;
')
- domtrans_pattern($1,bluetooth_exec_t,bluetooth_t)
+ domtrans_pattern($1, bluetooth_exec_t, bluetooth_t)
')
########################################
diff --git a/policy/modules/services/bluetooth.te b/policy/modules/services/bluetooth.te
index 5a32b9f..daa5ae1 100644
--- a/policy/modules/services/bluetooth.te
+++ b/policy/modules/services/bluetooth.te
@@ -7,7 +7,7 @@ policy_module(bluetooth, 2.2.0)
#
type bluetooth_t;
type bluetooth_exec_t;
-init_daemon_domain(bluetooth_t,bluetooth_exec_t)
+init_daemon_domain(bluetooth_t, bluetooth_exec_t)
type bluetooth_conf_t;
files_type(bluetooth_conf_t)
@@ -48,30 +48,30 @@ allow bluetooth_t self:unix_stream_socket create_stream_socket_perms;
allow bluetooth_t self:tcp_socket create_stream_socket_perms;
allow bluetooth_t self:udp_socket create_socket_perms;
-read_files_pattern(bluetooth_t,bluetooth_conf_t,bluetooth_conf_t)
+read_files_pattern(bluetooth_t, bluetooth_conf_t, bluetooth_conf_t)
-manage_dirs_pattern(bluetooth_t,bluetooth_conf_t,bluetooth_conf_rw_t)
-manage_files_pattern(bluetooth_t,bluetooth_conf_t,bluetooth_conf_rw_t)
-manage_lnk_files_pattern(bluetooth_t,bluetooth_conf_t,bluetooth_conf_rw_t)
-manage_fifo_files_pattern(bluetooth_t,bluetooth_conf_t,bluetooth_conf_rw_t)
-manage_sock_files_pattern(bluetooth_t,bluetooth_conf_t,bluetooth_conf_rw_t)
-filetrans_pattern(bluetooth_t,bluetooth_conf_t,bluetooth_conf_rw_t,{ dir file lnk_file sock_file fifo_file })
+manage_dirs_pattern(bluetooth_t, bluetooth_conf_t, bluetooth_conf_rw_t)
+manage_files_pattern(bluetooth_t, bluetooth_conf_t, bluetooth_conf_rw_t)
+manage_lnk_files_pattern(bluetooth_t, bluetooth_conf_t, bluetooth_conf_rw_t)
+manage_fifo_files_pattern(bluetooth_t, bluetooth_conf_t, bluetooth_conf_rw_t)
+manage_sock_files_pattern(bluetooth_t, bluetooth_conf_t, bluetooth_conf_rw_t)
+filetrans_pattern(bluetooth_t, bluetooth_conf_t, bluetooth_conf_rw_t, { dir file lnk_file sock_file fifo_file })
can_exec(bluetooth_t, bluetooth_helper_exec_t)
allow bluetooth_t bluetooth_lock_t:file manage_file_perms;
files_lock_filetrans(bluetooth_t,bluetooth_lock_t,file)
-manage_dirs_pattern(bluetooth_t,bluetooth_tmp_t,bluetooth_tmp_t)
-manage_files_pattern(bluetooth_t,bluetooth_tmp_t,bluetooth_tmp_t)
+manage_dirs_pattern(bluetooth_t, bluetooth_tmp_t, bluetooth_tmp_t)
+manage_files_pattern(bluetooth_t, bluetooth_tmp_t, bluetooth_tmp_t)
files_tmp_filetrans(bluetooth_t, bluetooth_tmp_t, { file dir })
-manage_dirs_pattern(bluetooth_t,bluetooth_var_lib_t,bluetooth_var_lib_t)
-manage_files_pattern(bluetooth_t,bluetooth_var_lib_t,bluetooth_var_lib_t)
-files_var_lib_filetrans(bluetooth_t,bluetooth_var_lib_t,{ dir file } )
+manage_dirs_pattern(bluetooth_t, bluetooth_var_lib_t, bluetooth_var_lib_t)
+manage_files_pattern(bluetooth_t, bluetooth_var_lib_t, bluetooth_var_lib_t)
+files_var_lib_filetrans(bluetooth_t, bluetooth_var_lib_t, { dir file } )
-manage_files_pattern(bluetooth_t,bluetooth_var_run_t,bluetooth_var_run_t)
-manage_sock_files_pattern(bluetooth_t,bluetooth_var_run_t,bluetooth_var_run_t)
+manage_files_pattern(bluetooth_t, bluetooth_var_run_t, bluetooth_var_run_t)
+manage_sock_files_pattern(bluetooth_t, bluetooth_var_run_t, bluetooth_var_run_t)
files_pid_filetrans(bluetooth_t, bluetooth_var_run_t, { file sock_file })
kernel_read_kernel_sysctls(bluetooth_t)
@@ -126,7 +126,7 @@ sysadm_dontaudit_use_ptys(bluetooth_t)
sysadm_dontaudit_search_home_dirs(bluetooth_t)
optional_policy(`
- dbus_system_bus_client_template(bluetooth,bluetooth_t)
+ dbus_system_bus_client_template(bluetooth, bluetooth_t)
dbus_connect_system_bus(bluetooth_t)
')
diff --git a/policy/modules/services/canna.if b/policy/modules/services/canna.if
index 5fc24e5..2517e99 100644
--- a/policy/modules/services/canna.if
+++ b/policy/modules/services/canna.if
@@ -16,5 +16,5 @@ interface(`canna_stream_connect',`
')
files_search_pids($1)
- stream_connect_pattern($1,canna_var_run_t,canna_var_run_t,canna_t)
+ stream_connect_pattern($1, canna_var_run_t, canna_var_run_t,canna_t)
')
diff --git a/policy/modules/services/canna.te b/policy/modules/services/canna.te
index f28b0dd..030d785 100644
--- a/policy/modules/services/canna.te
+++ b/policy/modules/services/canna.te
@@ -8,7 +8,7 @@ policy_module(canna, 1.7.0)
type canna_t;
type canna_exec_t;
-init_daemon_domain(canna_t,canna_exec_t)
+init_daemon_domain(canna_t, canna_exec_t)
type canna_log_t;
logging_log_file(canna_log_t)
@@ -31,17 +31,17 @@ allow canna_t self:unix_stream_socket { connectto create_stream_socket_perms};
allow canna_t self:unix_dgram_socket create_stream_socket_perms;
allow canna_t self:tcp_socket create_stream_socket_perms;
-manage_files_pattern(canna_t,canna_log_t,canna_log_t)
+manage_files_pattern(canna_t, canna_log_t, canna_log_t)
allow canna_t canna_log_t:dir setattr;
-logging_log_filetrans(canna_t,canna_log_t,{ file dir })
+logging_log_filetrans(canna_t, canna_log_t, { file dir })
-manage_dirs_pattern(canna_t,canna_var_lib_t,canna_var_lib_t)
-manage_files_pattern(canna_t,canna_var_lib_t,canna_var_lib_t)
-manage_lnk_files_pattern(canna_t,canna_var_lib_t,canna_var_lib_t)
-files_var_lib_filetrans(canna_t,canna_var_lib_t,file)
+manage_dirs_pattern(canna_t, canna_var_lib_t, canna_var_lib_t)
+manage_files_pattern(canna_t, canna_var_lib_t, canna_var_lib_t)
+manage_lnk_files_pattern(canna_t, canna_var_lib_t, canna_var_lib_t)
+files_var_lib_filetrans(canna_t, canna_var_lib_t, file)
-manage_files_pattern(canna_t,canna_var_run_t,canna_var_run_t)
-manage_sock_files_pattern(canna_t,canna_var_run_t,canna_var_run_t)
+manage_files_pattern(canna_t, canna_var_run_t, canna_var_run_t)
+manage_sock_files_pattern(canna_t, canna_var_run_t, canna_var_run_t)
files_pid_filetrans(canna_t, canna_var_run_t, { file sock_file })
kernel_read_kernel_sysctls(canna_t)
diff --git a/policy/modules/services/ccs.if b/policy/modules/services/ccs.if
index 5259f46..6ee2cc8 100644
--- a/policy/modules/services/ccs.if
+++ b/policy/modules/services/ccs.if
@@ -15,7 +15,7 @@ interface(`ccs_domtrans',`
type ccs_t, ccs_exec_t;
')
- domtrans_pattern($1,ccs_exec_t,ccs_t)
+ domtrans_pattern($1, ccs_exec_t, ccs_t)
')
########################################
@@ -34,7 +34,7 @@ interface(`ccs_stream_connect',`
')
files_search_pids($1)
- stream_connect_pattern($1,ccs_var_run_t,ccs_var_run_t,ccs_t)
+ stream_connect_pattern($1, ccs_var_run_t, ccs_var_run_t, ccs_t)
')
########################################
@@ -52,7 +52,7 @@ interface(`ccs_read_config',`
type cluster_conf_t;
')
- read_files_pattern($1,cluster_conf_t,cluster_conf_t)
+ read_files_pattern($1, cluster_conf_t, cluster_conf_t)
')
########################################
@@ -70,6 +70,6 @@ interface(`ccs_manage_config',`
type cluster_conf_t;
')
- manage_dirs_pattern($1,cluster_conf_t,cluster_conf_t)
- manage_files_pattern($1,cluster_conf_t,cluster_conf_t)
+ manage_dirs_pattern($1, cluster_conf_t, cluster_conf_t)
+ manage_files_pattern($1, cluster_conf_t, cluster_conf_t)
')
diff --git a/policy/modules/services/ccs.te b/policy/modules/services/ccs.te
index 4bcb9ff..0dbde41 100644
--- a/policy/modules/services/ccs.te
+++ b/policy/modules/services/ccs.te
@@ -1,5 +1,5 @@
-policy_module(ccs,1.3.0)
+policy_module(ccs, 1.3.0)
########################################
#
@@ -47,30 +47,30 @@ allow ccs_t self:udp_socket { create_socket_perms listen recv_msg send_msg };
# cjp: this needs to be fixed to be specific
allow ccs_t self:socket create_socket_perms;
-manage_files_pattern(ccs_t,cluster_conf_t,cluster_conf_t)
+manage_files_pattern(ccs_t, cluster_conf_t, cluster_conf_t)
# tmp file
allow ccs_t ccs_tmp_t:dir manage_dir_perms;
-manage_dirs_pattern(ccs_t,ccs_tmp_t,ccs_tmp_t)
-manage_files_pattern(ccs_t,ccs_tmp_t,ccs_tmp_t)
+manage_dirs_pattern(ccs_t, ccs_tmp_t, ccs_tmp_t)
+manage_files_pattern(ccs_t, ccs_tmp_t, ccs_tmp_t)
files_tmp_filetrans(ccs_t, ccs_tmp_t, { file dir })
# log files
-manage_files_pattern(ccs_t,ccs_var_log_t,ccs_var_log_t)
-manage_sock_files_pattern(ccs_t,ccs_var_log_t,ccs_var_log_t)
+manage_files_pattern(ccs_t, ccs_var_log_t, ccs_var_log_t)
+manage_sock_files_pattern(ccs_t, ccs_var_log_t, ccs_var_log_t)
allow ccs_t ccs_var_log_t:dir setattr;
-logging_log_filetrans(ccs_t,ccs_var_log_t,{ sock_file file dir })
+logging_log_filetrans(ccs_t, ccs_var_log_t, { sock_file file dir })
# var lib files
-manage_dirs_pattern(ccs_t,ccs_var_lib_t,ccs_var_lib_t)
-manage_files_pattern(ccs_t,ccs_var_lib_t,ccs_var_lib_t)
-files_var_lib_filetrans(ccs_t,ccs_var_lib_t,{ file dir })
+manage_dirs_pattern(ccs_t, ccs_var_lib_t, ccs_var_lib_t)
+manage_files_pattern(ccs_t, ccs_var_lib_t, ccs_var_lib_t)
+files_var_lib_filetrans(ccs_t, ccs_var_lib_t, { file dir })
# pid file
-manage_dirs_pattern(ccs_t,ccs_var_run_t,ccs_var_run_t)
-manage_files_pattern(ccs_t,ccs_var_run_t,ccs_var_run_t)
-manage_sock_files_pattern(ccs_t,ccs_var_run_t,ccs_var_run_t)
-files_pid_filetrans(ccs_t,ccs_var_run_t, { dir file sock_file })
+manage_dirs_pattern(ccs_t, ccs_var_run_t, ccs_var_run_t)
+manage_files_pattern(ccs_t, ccs_var_run_t, ccs_var_run_t)
+manage_sock_files_pattern(ccs_t, ccs_var_run_t, ccs_var_run_t)
+files_pid_filetrans(ccs_t, ccs_var_run_t, { dir file sock_file })
kernel_read_kernel_sysctls(ccs_t)
diff --git a/policy/modules/services/cipe.te b/policy/modules/services/cipe.te
index d54a026..e809543 100644
--- a/policy/modules/services/cipe.te
+++ b/policy/modules/services/cipe.te
@@ -1,5 +1,5 @@
-policy_module(cipe,1.4.0)
+policy_module(cipe, 1.4.0)
########################################
#
@@ -8,7 +8,7 @@ policy_module(cipe,1.4.0)
type ciped_t;
type ciped_exec_t;
-init_daemon_domain(ciped_t,ciped_exec_t)
+init_daemon_domain(ciped_t, ciped_exec_t)
########################################
#
diff --git a/policy/modules/services/clamav.if b/policy/modules/services/clamav.if
index c7694b7..e1ab69e 100644
--- a/policy/modules/services/clamav.if
+++ b/policy/modules/services/clamav.if
@@ -15,7 +15,7 @@ interface(`clamav_domtrans',`
type clamd_t, clamd_exec_t;
')
- domtrans_pattern($1,clamd_exec_t,clamd_t)
+ domtrans_pattern($1, clamd_exec_t, clamd_t)
')
########################################
@@ -33,7 +33,7 @@ interface(`clamav_stream_connect',`
type clamd_t, clamd_var_run_t;
')
- stream_connect_pattern($1,clamd_var_run_t,clamd_var_run_t,clamd_t)
+ stream_connect_pattern($1, clamd_var_run_t, clamd_var_run_t, clamd_t)
')
########################################
@@ -89,5 +89,5 @@ interface(`clamav_domtrans_clamscan',`
type clamscan_t, clamscan_exec_t;
')
- domtrans_pattern($1,clamscan_exec_t,clamscan_t)
+ domtrans_pattern($1, clamscan_exec_t, clamscan_t)
')
diff --git a/policy/modules/services/clamav.te b/policy/modules/services/clamav.te
index 30740d1..a73375c 100644
--- a/policy/modules/services/clamav.te
+++ b/policy/modules/services/clamav.te
@@ -1,5 +1,5 @@
-policy_module(clamav,1.6.0)
+policy_module(clamav, 1.6.0)
########################################
#
@@ -61,28 +61,28 @@ allow clamd_t self:tcp_socket { listen accept };
# configuration files
allow clamd_t clamd_etc_t:dir list_dir_perms;
-read_files_pattern(clamd_t,clamd_etc_t,clamd_etc_t)
-read_lnk_files_pattern(clamd_t,clamd_etc_t,clamd_etc_t)
+read_files_pattern(clamd_t, clamd_etc_t, clamd_etc_t)
+read_lnk_files_pattern(clamd_t, clamd_etc_t, clamd_etc_t)
# tmp files
-manage_dirs_pattern(clamd_t,clamd_tmp_t,clamd_tmp_t)
-manage_files_pattern(clamd_t,clamd_tmp_t,clamd_tmp_t)
-files_tmp_filetrans(clamd_t,clamd_tmp_t,{ file dir })
+manage_dirs_pattern(clamd_t, clamd_tmp_t, clamd_tmp_t)
+manage_files_pattern(clamd_t, clamd_tmp_t, clamd_tmp_t)
+files_tmp_filetrans(clamd_t, clamd_tmp_t, { file dir })
# var/lib files for clamd
-manage_dirs_pattern(clamd_t,clamd_var_lib_t,clamd_var_lib_t)
-manage_files_pattern(clamd_t,clamd_var_lib_t,clamd_var_lib_t)
+manage_dirs_pattern(clamd_t, clamd_var_lib_t, clamd_var_lib_t)
+manage_files_pattern(clamd_t, clamd_var_lib_t, clamd_var_lib_t)
# log files
-manage_dirs_pattern(clamd_t,clamd_var_log_t,clamd_var_log_t)
-manage_files_pattern(clamd_t,clamd_var_log_t,clamd_var_log_t)
-logging_log_filetrans(clamd_t,clamd_var_log_t,{ dir file })
+manage_dirs_pattern(clamd_t, clamd_var_log_t, clamd_var_log_t)
+manage_files_pattern(clamd_t, clamd_var_log_t, clamd_var_log_t)
+logging_log_filetrans(clamd_t, clamd_var_log_t, { dir file })
# pid file
-manage_dirs_pattern(clamd_t,clamd_var_log_t,clamd_var_log_t)
-manage_files_pattern(clamd_t,clamd_var_run_t,clamd_var_run_t)
-manage_sock_files_pattern(clamd_t,clamd_var_run_t,clamd_var_run_t)
-files_pid_filetrans(clamd_t,clamd_var_run_t,{ file dir })
+manage_dirs_pattern(clamd_t, clamd_var_log_t, clamd_var_log_t)
+manage_files_pattern(clamd_t, clamd_var_run_t, clamd_var_run_t)
+manage_sock_files_pattern(clamd_t, clamd_var_run_t, clamd_var_run_t)
+files_pid_filetrans(clamd_t, clamd_var_run_t, { file dir })
kernel_dontaudit_list_proc(clamd_t)
kernel_read_sysctl(clamd_t)
@@ -140,23 +140,23 @@ allow freshclam_t self:tcp_socket { listen accept };
# configuration files
allow freshclam_t clamd_etc_t:dir list_dir_perms;
-read_files_pattern(freshclam_t,clamd_etc_t,clamd_etc_t)
-read_lnk_files_pattern(freshclam_t,clamd_etc_t,clamd_etc_t)
+read_files_pattern(freshclam_t, clamd_etc_t, clamd_etc_t)
+read_lnk_files_pattern(freshclam_t, clamd_etc_t, clamd_etc_t)
# var/lib files together with clamd
-manage_dirs_pattern(freshclam_t,clamd_var_lib_t,clamd_var_lib_t)
-manage_files_pattern(freshclam_t,clamd_var_lib_t,clamd_var_lib_t)
+manage_dirs_pattern(freshclam_t, clamd_var_lib_t, clamd_var_lib_t)
+manage_files_pattern(freshclam_t, clamd_var_lib_t, clamd_var_lib_t)
# pidfiles- var/run together with clamd
-manage_files_pattern(freshclam_t,clamd_var_run_t,clamd_var_run_t)
-manage_sock_files_pattern(freshclam_t,clamd_var_run_t,clamd_var_run_t)
-files_pid_filetrans(freshclam_t,clamd_var_run_t,file)
+manage_files_pattern(freshclam_t, clamd_var_run_t, clamd_var_run_t)
+manage_sock_files_pattern(freshclam_t, clamd_var_run_t, clamd_var_run_t)
+files_pid_filetrans(freshclam_t, clamd_var_run_t, file)
# log files (own logfiles only)
-manage_files_pattern(freshclam_t,freshclam_var_log_t,freshclam_var_log_t)
+manage_files_pattern(freshclam_t, freshclam_var_log_t, freshclam_var_log_t)
allow freshclam_t freshclam_var_log_t:dir setattr;
allow freshclam_t clamd_var_log_t:dir search_dir_perms;
-logging_log_filetrans(freshclam_t,freshclam_var_log_t,file)
+logging_log_filetrans(freshclam_t, freshclam_var_log_t, file)
corenet_all_recvfrom_unlabeled(freshclam_t)
corenet_all_recvfrom_netlabel(freshclam_t)
@@ -201,16 +201,16 @@ allow clamscan_t self:tcp_socket { listen accept };
# configuration files
allow clamscan_t clamd_etc_t:dir list_dir_perms;
-read_files_pattern(clamscan_t,clamd_etc_t,clamd_etc_t)
-read_lnk_files_pattern(clamscan_t,clamd_etc_t,clamd_etc_t)
+read_files_pattern(clamscan_t, clamd_etc_t, clamd_etc_t)
+read_lnk_files_pattern(clamscan_t, clamd_etc_t, clamd_etc_t)
# tmp files
-manage_dirs_pattern(clamscan_t,clamscan_tmp_t,clamscan_tmp_t)
-manage_files_pattern(clamscan_t,clamscan_tmp_t,clamscan_tmp_t)
-files_tmp_filetrans(clamscan_t,clamscan_tmp_t,{ file dir })
+manage_dirs_pattern(clamscan_t, clamscan_tmp_t, clamscan_tmp_t)
+manage_files_pattern(clamscan_t, clamscan_tmp_t, clamscan_tmp_t)
+files_tmp_filetrans(clamscan_t, clamscan_tmp_t, { file dir })
# var/lib files together with clamd
-manage_files_pattern(clamscan_t,clamd_var_lib_t,clamd_var_lib_t)
+manage_files_pattern(clamscan_t, clamd_var_lib_t, clamd_var_lib_t)
allow clamscan_t clamd_var_lib_t:dir list_dir_perms;
kernel_read_kernel_sysctls(clamscan_t)
diff --git a/policy/modules/services/clockspeed.te b/policy/modules/services/clockspeed.te
index cad1656..f4ff7b1 100644
--- a/policy/modules/services/clockspeed.te
+++ b/policy/modules/services/clockspeed.te
@@ -1,5 +1,5 @@
-policy_module(clockspeed,1.3.0)
+policy_module(clockspeed, 1.3.0)
########################################
#
@@ -8,7 +8,7 @@ policy_module(clockspeed,1.3.0)
type clockspeed_cli_t;
type clockspeed_cli_exec_t;
-application_domain(clockspeed_cli_t,clockspeed_cli_exec_t)
+application_domain(clockspeed_cli_t, clockspeed_cli_exec_t)
type clockspeed_srv_t;
type clockspeed_srv_exec_t;
@@ -25,7 +25,7 @@ files_type(clockspeed_var_lib_t)
allow clockspeed_cli_t self:capability sys_time;
allow clockspeed_cli_t self:udp_socket create_socket_perms;
-read_files_pattern(clockspeed_cli_t,clockspeed_var_lib_t,clockspeed_var_lib_t)
+read_files_pattern(clockspeed_cli_t, clockspeed_var_lib_t, clockspeed_var_lib_t)
corenet_all_recvfrom_unlabeled(clockspeed_cli_t)
corenet_all_recvfrom_netlabel(clockspeed_cli_t)
@@ -52,8 +52,8 @@ allow clockspeed_srv_t self:udp_socket create_socket_perms;
allow clockspeed_srv_t self:unix_dgram_socket create_socket_perms;
allow clockspeed_srv_t self:unix_stream_socket create_socket_perms;
-manage_files_pattern(clockspeed_srv_t,clockspeed_var_lib_t,clockspeed_var_lib_t)
-manage_fifo_files_pattern(clockspeed_srv_t,clockspeed_var_lib_t,clockspeed_var_lib_t)
+manage_files_pattern(clockspeed_srv_t, clockspeed_var_lib_t, clockspeed_var_lib_t)
+manage_fifo_files_pattern(clockspeed_srv_t, clockspeed_var_lib_t, clockspeed_var_lib_t)
corenet_all_recvfrom_unlabeled(clockspeed_srv_t)
corenet_all_recvfrom_netlabel(clockspeed_srv_t)
@@ -73,5 +73,5 @@ libs_use_shared_libs(clockspeed_srv_t)
miscfiles_read_localization(clockspeed_srv_t)
optional_policy(`
- daemontools_service_domain(clockspeed_srv_t,clockspeed_srv_exec_t)
+ daemontools_service_domain(clockspeed_srv_t, clockspeed_srv_exec_t)
')
diff --git a/policy/modules/services/comsat.te b/policy/modules/services/comsat.te
index 77bbe8c..534ec19 100644
--- a/policy/modules/services/comsat.te
+++ b/policy/modules/services/comsat.te
@@ -8,7 +8,7 @@ policy_module(comsat, 1.5.0)
type comsat_t;
type comsat_exec_t;
-inetd_udp_service_domain(comsat_t,comsat_exec_t)
+inetd_udp_service_domain(comsat_t, comsat_exec_t)
role system_r types comsat_t;
type comsat_tmp_t;
@@ -29,12 +29,12 @@ allow comsat_t self:netlink_tcpdiag_socket r_netlink_socket_perms;
allow comsat_t self:tcp_socket connected_stream_socket_perms;
allow comsat_t self:udp_socket create_socket_perms;
-manage_dirs_pattern(comsat_t,comsat_tmp_t,comsat_tmp_t)
-manage_files_pattern(comsat_t,comsat_tmp_t,comsat_tmp_t)
+manage_dirs_pattern(comsat_t, comsat_tmp_t, comsat_tmp_t)
+manage_files_pattern(comsat_t, comsat_tmp_t, comsat_tmp_t)
files_tmp_filetrans(comsat_t, comsat_tmp_t, { file dir })
-manage_files_pattern(comsat_t,comsat_var_run_t,comsat_var_run_t)
-files_pid_filetrans(comsat_t,comsat_var_run_t,file)
+manage_files_pattern(comsat_t, comsat_var_run_t, comsat_var_run_t)
+files_pid_filetrans(comsat_t, comsat_var_run_t, file)
kernel_read_kernel_sysctls(comsat_t)
kernel_read_network_state(comsat_t)
diff --git a/policy/modules/services/consolekit.if b/policy/modules/services/consolekit.if
index 0c123a3..bb4ae1c 100644
--- a/policy/modules/services/consolekit.if
+++ b/policy/modules/services/consolekit.if
@@ -15,7 +15,7 @@ interface(`consolekit_domtrans',`
type consolekit_t, consolekit_exec_t;
')
- domtrans_pattern($1,consolekit_exec_t,consolekit_t)
+ domtrans_pattern($1, consolekit_exec_t, consolekit_t)
')
########################################
diff --git a/policy/modules/services/consolekit.te b/policy/modules/services/consolekit.te
index 70ebdd8..5ab16bf 100644
--- a/policy/modules/services/consolekit.te
+++ b/policy/modules/services/consolekit.te
@@ -1,5 +1,5 @@
-policy_module(consolekit,1.3.0)
+policy_module(consolekit, 1.3.0)
########################################
#
@@ -24,8 +24,8 @@ allow consolekit_t self:fifo_file rw_fifo_file_perms;
allow consolekit_t self:unix_stream_socket create_stream_socket_perms;
allow consolekit_t self:unix_dgram_socket create_socket_perms;
-manage_files_pattern(consolekit_t,consolekit_var_run_t,consolekit_var_run_t)
-files_pid_filetrans(consolekit_t,consolekit_var_run_t, file)
+manage_files_pattern(consolekit_t, consolekit_var_run_t, consolekit_var_run_t)
+files_pid_filetrans(consolekit_t, consolekit_var_run_t, file)
kernel_read_system_state(consolekit_t)
diff --git a/policy/modules/services/courier.if b/policy/modules/services/courier.if
index 354edf6..18ca6f9 100644
--- a/policy/modules/services/courier.if
+++ b/policy/modules/services/courier.if
@@ -19,7 +19,7 @@ template(`courier_domain_template',`
type courier_$1_t;
type courier_$1_exec_t;
- init_daemon_domain(courier_$1_t,courier_$1_exec_t)
+ init_daemon_domain(courier_$1_t, courier_$1_exec_t)
##############################
#
@@ -38,9 +38,9 @@ template(`courier_domain_template',`
read_files_pattern(courier_$1_t,courier_etc_t,courier_etc_t)
allow courier_$1_t courier_etc_t:dir list_dir_perms;
- manage_files_pattern(courier_$1_t,courier_var_run_t,courier_var_run_t)
- manage_lnk_files_pattern(courier_$1_t,courier_var_run_t,courier_var_run_t)
- manage_sock_files_pattern(courier_$1_t,courier_var_run_t,courier_var_run_t)
+ manage_files_pattern(courier_$1_t, courier_var_run_t, courier_var_run_t)
+ manage_lnk_files_pattern(courier_$1_t, courier_var_run_t, courier_var_run_t)
+ manage_sock_files_pattern(courier_$1_t, courier_var_run_t, courier_var_run_t)
files_search_pids(courier_$1_t)
kernel_read_system_state(courier_$1_t)
diff --git a/policy/modules/services/courier.te b/policy/modules/services/courier.te
index 016a6c5..664c227 100644
--- a/policy/modules/services/courier.te
+++ b/policy/modules/services/courier.te
@@ -113,8 +113,8 @@ allow courier_tcpd_t self:capability kill;
can_exec(courier_tcpd_t, courier_exec_t)
-manage_files_pattern(courier_tcpd_t,courier_var_lib_t,courier_var_lib_t)
-manage_lnk_files_pattern(courier_tcpd_t,courier_var_lib_t,courier_var_lib_t)
+manage_files_pattern(courier_tcpd_t, courier_var_lib_t, courier_var_lib_t)
+manage_lnk_files_pattern(courier_tcpd_t, courier_var_lib_t, courier_var_lib_t)
files_search_var_lib(courier_tcpd_t)
corecmd_search_bin(courier_tcpd_t)
@@ -139,5 +139,5 @@ courier_domtrans_pop(courier_tcpd_t)
kernel_read_kernel_sysctls(courier_sqwebmail_t)
optional_policy(`
- cron_system_entry(courier_sqwebmail_t,courier_sqwebmail_exec_t)
+ cron_system_entry(courier_sqwebmail_t, courier_sqwebmail_exec_t)
')
diff --git a/policy/modules/services/cpucontrol.te b/policy/modules/services/cpucontrol.te
index 04f1d9b..bc750a4 100644
--- a/policy/modules/services/cpucontrol.te
+++ b/policy/modules/services/cpucontrol.te
@@ -1,5 +1,5 @@
-policy_module(cpucontrol,1.3.0)
+policy_module(cpucontrol, 1.3.0)
########################################
#
@@ -8,14 +8,14 @@ policy_module(cpucontrol,1.3.0)
type cpucontrol_t;
type cpucontrol_exec_t;
-init_system_domain(cpucontrol_t,cpucontrol_exec_t)
+init_system_domain(cpucontrol_t, cpucontrol_exec_t)
type cpucontrol_conf_t;
files_type(cpucontrol_conf_t)
type cpuspeed_t;
type cpuspeed_exec_t;
-init_system_domain(cpuspeed_t,cpuspeed_exec_t)
+init_system_domain(cpuspeed_t, cpuspeed_exec_t)
type cpuspeed_var_run_t;
files_pid_file(cpuspeed_var_run_t)
@@ -30,8 +30,8 @@ dontaudit cpucontrol_t self:capability sys_tty_config;
allow cpucontrol_t self:process signal_perms;
allow cpucontrol_t cpucontrol_conf_t:dir list_dir_perms;
-read_files_pattern(cpucontrol_t,cpucontrol_conf_t,cpucontrol_conf_t)
-read_lnk_files_pattern(cpucontrol_t,cpucontrol_conf_t,cpucontrol_conf_t)
+read_files_pattern(cpucontrol_t, cpucontrol_conf_t, cpucontrol_conf_t)
+read_lnk_files_pattern(cpucontrol_t, cpucontrol_conf_t, cpucontrol_conf_t)
kernel_list_proc(cpucontrol_t)
kernel_read_proc_symlinks(cpucontrol_t)
@@ -84,7 +84,7 @@ allow cpuspeed_t self:process { signal_perms setsched };
allow cpuspeed_t self:unix_dgram_socket create_socket_perms;
allow cpuspeed_t cpuspeed_var_run_t:file manage_file_perms;
-files_pid_filetrans(cpuspeed_t,cpuspeed_var_run_t,file)
+files_pid_filetrans(cpuspeed_t, cpuspeed_var_run_t, file)
kernel_read_system_state(cpuspeed_t)
kernel_read_kernel_sysctls(cpuspeed_t)
diff --git a/policy/modules/services/cron.if b/policy/modules/services/cron.if
index 057234f..c01a2fa 100644
--- a/policy/modules/services/cron.if
+++ b/policy/modules/services/cron.if
@@ -51,7 +51,7 @@ template(`cron_per_role_template',`
role $3 types $1_crond_t;
type $1_crontab_t;
- application_domain($1_crontab_t,crontab_exec_t)
+ application_domain($1_crontab_t, crontab_exec_t)
role $3 types $1_crontab_t;
type $1_crontab_tmp_t;
@@ -135,18 +135,18 @@ template(`cron_per_role_template',`
miscfiles_read_localization($1_crond_t)
- userdom_manage_user_tmp_files($1,$1_crond_t)
- userdom_manage_user_tmp_symlinks($1,$1_crond_t)
- userdom_manage_user_tmp_pipes($1,$1_crond_t)
- userdom_manage_user_tmp_sockets($1,$1_crond_t)
+ userdom_manage_user_tmp_files($1, $1_crond_t)
+ userdom_manage_user_tmp_symlinks($1, $1_crond_t)
+ userdom_manage_user_tmp_pipes($1, $1_crond_t)
+ userdom_manage_user_tmp_sockets($1, $1_crond_t)
# Run scripts in user home directory and access shared libs.
- userdom_exec_user_home_content_files($1,$1_crond_t)
+ userdom_exec_user_home_content_files($1, $1_crond_t)
# Access user files and dirs.
# userdom_manage_user_home_subdir_dirs($1,$1_crond_t)
- userdom_manage_user_home_content_files($1,$1_crond_t)
- userdom_manage_user_home_content_symlinks($1,$1_crond_t)
- userdom_manage_user_home_content_pipes($1,$1_crond_t)
- userdom_manage_user_home_content_sockets($1,$1_crond_t)
+ userdom_manage_user_home_content_files($1, $1_crond_t)
+ userdom_manage_user_home_content_symlinks($1, $1_crond_t)
+ userdom_manage_user_home_content_pipes($1, $1_crond_t)
+ userdom_manage_user_home_content_sockets($1, $1_crond_t)
# userdom_user_home_dir_filetrans_user_home_content($1,$1_crond_t,notdevfile_class_set)
tunable_policy(`fcron_crond', `
@@ -198,7 +198,7 @@ template(`cron_per_role_template',`
domtrans_pattern($2, crontab_exec_t, $1_crontab_t)
# crontab shows up in user ps
- ps_process_pattern($2,$1_crontab_t)
+ ps_process_pattern($2, $1_crontab_t)
# for ^Z
allow $2 $1_crontab_t:process signal;
@@ -207,11 +207,11 @@ template(`cron_per_role_template',`
allow crond_t $1_cron_spool_t:file manage_file_perms;
allow $1_crontab_t $1_crontab_tmp_t:file manage_file_perms;
- files_tmp_filetrans($1_crontab_t,$1_crontab_tmp_t,file)
+ files_tmp_filetrans($1_crontab_t, $1_crontab_tmp_t, file)
# create files in /var/spool/cron
- manage_files_pattern($1_crontab_t,cron_spool_t,$1_cron_spool_t)
- filetrans_pattern($1_crontab_t,cron_spool_t,$1_cron_spool_t,file)
+ manage_files_pattern($1_crontab_t, cron_spool_t, $1_cron_spool_t)
+ filetrans_pattern($1_crontab_t, cron_spool_t, $1_cron_spool_t,file)
files_search_spool($1_crontab_t)
# crontab signals crond by updating the mtime on the spooldir
@@ -225,8 +225,8 @@ template(`cron_per_role_template',`
fs_getattr_xattr_fs($1_crontab_t)
# Run helper programs as the user domain
- corecmd_bin_domtrans($1_crontab_t,$2)
- corecmd_shell_domtrans($1_crontab_t,$2)
+ corecmd_bin_domtrans($1_crontab_t, $2)
+ corecmd_shell_domtrans($1_crontab_t, $2)
domain_use_interactive_fds($1_crontab_t)
@@ -242,12 +242,12 @@ template(`cron_per_role_template',`
seutil_read_config($1_crontab_t)
- userdom_manage_user_tmp_dirs($1,$1_crontab_t)
- userdom_manage_user_tmp_files($1,$1_crontab_t)
+ userdom_manage_user_tmp_dirs($1, $1_crontab_t)
+ userdom_manage_user_tmp_files($1, $1_crontab_t)
# Access terminals.
- userdom_use_user_terminals($1,$1_crontab_t)
+ userdom_use_user_terminals($1, $1_crontab_t)
# Read user crontabs
- userdom_read_user_home_content_files($1,$1_crontab_t)
+ userdom_read_user_home_content_files($1, $1_crontab_t)
tunable_policy(`fcron_crond',`
# fcron wants an instant update of a crontab change for the administrator
@@ -489,7 +489,7 @@ interface(`cron_anacron_domtrans_system_job',`
type system_crond_t, anacron_exec_t;
')
- domtrans_pattern($1,anacron_exec_t,system_crond_t)
+ domtrans_pattern($1, anacron_exec_t, system_crond_t)
')
########################################
diff --git a/policy/modules/services/cron.te b/policy/modules/services/cron.te
index 3e0f200..2277800 100644
--- a/policy/modules/services/cron.te
+++ b/policy/modules/services/cron.te
@@ -1,5 +1,5 @@
-policy_module(cron,1.9.0)
+policy_module(cron, 1.9.0)
gen_require(`
class passwd rootok;
@@ -16,7 +16,7 @@ gen_require(`
## for restoring file contexts.
##
##
-gen_tunable(cron_can_relabel,false)
+gen_tunable(cron_can_relabel, false)
##
##
@@ -24,7 +24,7 @@ gen_tunable(cron_can_relabel,false)
## to support fcron.
##
##
-gen_tunable(fcron_crond,false)
+gen_tunable(fcron_crond, false)
attribute cron_spool_type;
@@ -44,7 +44,7 @@ logging_log_file(cron_log_t)
type crond_t;
type crond_exec_t;
-init_daemon_domain(crond_t,crond_exec_t)
+init_daemon_domain(crond_t, crond_exec_t)
domain_interactive_fd(crond_t)
domain_cron_exemption_source(crond_t)
@@ -61,7 +61,7 @@ type system_cron_spool_t, cron_spool_type;
files_type(system_cron_spool_t)
type system_crond_t;
-init_daemon_domain(system_crond_t,anacron_exec_t)
+init_daemon_domain(system_crond_t, anacron_exec_t)
corecmd_shell_entry_type(system_crond_t)
role system_r types system_crond_t;
@@ -102,9 +102,9 @@ files_pid_filetrans(crond_t,crond_var_run_t,file)
allow crond_t cron_spool_t:dir rw_dir_perms;
allow crond_t cron_spool_t:file read_file_perms;
-manage_dirs_pattern(crond_t,crond_tmp_t,crond_tmp_t)
-manage_files_pattern(crond_t,crond_tmp_t,crond_tmp_t)
-files_tmp_filetrans(crond_t,crond_tmp_t,{ file dir })
+manage_dirs_pattern(crond_t, crond_tmp_t, crond_tmp_t)
+manage_files_pattern(crond_t, crond_tmp_t, crond_tmp_t)
+files_tmp_filetrans(crond_t, crond_tmp_t, { file dir })
allow crond_t system_cron_spool_t:dir list_dir_perms;
allow crond_t system_cron_spool_t:file read_file_perms;
@@ -229,12 +229,12 @@ allow system_crond_t self:passwd rootok;
# This is to handle creation of files in /var/log directory.
# Used currently by rpm script log files
allow system_crond_t cron_log_t:file manage_file_perms;
-logging_log_filetrans(system_crond_t,cron_log_t,file)
+logging_log_filetrans(system_crond_t, cron_log_t, file)
# This is to handle /var/lib/misc directory. Used currently
# by prelink var/lib files for cron
allow system_crond_t cron_var_lib_t:file manage_file_perms;
-files_var_lib_filetrans(system_crond_t,cron_var_lib_t,file)
+files_var_lib_filetrans(system_crond_t, cron_var_lib_t, file)
allow system_crond_t system_cron_spool_t:file read_file_perms;
# The entrypoint interface is not used as this is not
@@ -262,10 +262,10 @@ allow system_crond_t system_crond_lock_t:file manage_file_perms;
files_lock_filetrans(system_crond_t,system_crond_lock_t,file)
# write temporary files
-manage_files_pattern(system_crond_t,crond_tmp_t,system_crond_tmp_t)
-manage_lnk_files_pattern(system_crond_t,crond_tmp_t,system_crond_tmp_t)
-filetrans_pattern(system_crond_t,crond_tmp_t,system_crond_tmp_t,{ file lnk_file })
-files_tmp_filetrans(system_crond_t,system_crond_tmp_t,file)
+manage_files_pattern(system_crond_t, crond_tmp_t, system_crond_tmp_t)
+manage_lnk_files_pattern(system_crond_t,crond_tmp_t, system_crond_tmp_t)
+filetrans_pattern(system_crond_t, crond_tmp_t, system_crond_tmp_t, { file lnk_file })
+files_tmp_filetrans(system_crond_t, system_crond_tmp_t, file)
# Read from /var/spool/cron.
allow system_crond_t cron_spool_t:dir list_dir_perms;
diff --git a/policy/modules/services/cups.if b/policy/modules/services/cups.if
index 00da561..8d6b4af 100644
--- a/policy/modules/services/cups.if
+++ b/policy/modules/services/cups.if
@@ -15,7 +15,7 @@ interface(`cups_domtrans',`
type cupsd_t, cupsd_exec_t;
')
- domtrans_pattern($1,cupsd_exec_t,cupsd_t)
+ domtrans_pattern($1, cupsd_exec_t, cupsd_t)
')
########################################
@@ -34,7 +34,7 @@ interface(`cups_stream_connect',`
')
files_search_pids($1)
- stream_connect_pattern($1,cupsd_var_run_t,cupsd_var_run_t,cupsd_t)
+ stream_connect_pattern($1, cupsd_var_run_t, cupsd_var_run_t, cupsd_t)
')
########################################
@@ -106,7 +106,7 @@ interface(`cups_domtrans_config',`
type cupsd_config_t, cupsd_config_exec_t;
')
- domtrans_pattern($1,cupsd_config_exec_t,cupsd_config_t)
+ domtrans_pattern($1, cupsd_config_exec_t, cupsd_config_t)
')
########################################
@@ -166,8 +166,8 @@ interface(`cups_read_config',`
')
files_search_etc($1)
- read_files_pattern($1,cupsd_etc_t,cupsd_etc_t)
- read_files_pattern($1,cupsd_etc_t,cupsd_rw_etc_t)
+ read_files_pattern($1, cupsd_etc_t, cupsd_etc_t)
+ read_files_pattern($1, cupsd_etc_t, cupsd_rw_etc_t)
')
########################################
@@ -187,7 +187,7 @@ interface(`cups_read_rw_config',`
')
files_search_etc($1)
- read_files_pattern($1,cupsd_etc_t,cupsd_rw_etc_t)
+ read_files_pattern($1, cupsd_etc_t, cupsd_rw_etc_t)
')
########################################
@@ -245,5 +245,5 @@ interface(`cups_stream_connect_ptal',`
')
files_search_pids($1)
- stream_connect_pattern($1,ptal_var_run_t,ptal_var_run_t,ptal_t)
+ stream_connect_pattern($1, ptal_var_run_t, ptal_var_run_t, ptal_t)
')
diff --git a/policy/modules/services/cups.te b/policy/modules/services/cups.te
index f068286..6612fc0 100644
--- a/policy/modules/services/cups.te
+++ b/policy/modules/services/cups.te
@@ -8,14 +8,14 @@ policy_module(cups, 1.10.0)
type cupsd_config_t;
type cupsd_config_exec_t;
-init_daemon_domain(cupsd_config_t,cupsd_config_exec_t)
+init_daemon_domain(cupsd_config_t, cupsd_config_exec_t)
type cupsd_config_var_run_t;
files_pid_file(cupsd_config_var_run_t)
type cupsd_t;
type cupsd_exec_t;
-init_daemon_domain(cupsd_t,cupsd_exec_t)
+init_daemon_domain(cupsd_t, cupsd_exec_t)
type cupsd_etc_t;
files_config_file(cupsd_etc_t)
@@ -29,7 +29,7 @@ logging_log_file(cupsd_log_t)
type cupsd_lpd_t;
type cupsd_lpd_exec_t;
domain_type(cupsd_lpd_t)
-domain_entry_file(cupsd_lpd_t,cupsd_lpd_exec_t)
+domain_entry_file(cupsd_lpd_t, cupsd_lpd_exec_t)
role system_r types cupsd_lpd_t;
type cupsd_lpd_tmp_t;
@@ -47,7 +47,7 @@ mls_trusted_object(cupsd_var_run_t)
type hplip_t;
type hplip_exec_t;
-init_daemon_domain(hplip_t,hplip_exec_t)
+init_daemon_domain(hplip_t, hplip_exec_t)
type hplip_etc_t;
files_config_file(hplip_etc_t)
@@ -57,7 +57,7 @@ files_pid_file(hplip_var_run_t)
type ptal_t;
type ptal_exec_t;
-init_daemon_domain(ptal_t,ptal_exec_t)
+init_daemon_domain(ptal_t, ptal_exec_t)
type ptal_etc_t;
files_config_file(ptal_etc_t)
@@ -93,39 +93,39 @@ allow cupsd_t self:appletalk_socket create_socket_perms;
allow cupsd_t self:socket create_socket_perms;
allow cupsd_t cupsd_etc_t:{ dir file } setattr;
-read_files_pattern(cupsd_t,cupsd_etc_t,cupsd_etc_t)
-read_lnk_files_pattern(cupsd_t,cupsd_etc_t,cupsd_etc_t)
+read_files_pattern(cupsd_t, cupsd_etc_t, cupsd_etc_t)
+read_lnk_files_pattern(cupsd_t, cupsd_etc_t, cupsd_etc_t)
files_search_etc(cupsd_t)
-manage_dirs_pattern(cupsd_t,cupsd_etc_t,cupsd_rw_etc_t)
-manage_files_pattern(cupsd_t,cupsd_etc_t,cupsd_rw_etc_t)
-filetrans_pattern(cupsd_t,cupsd_etc_t,cupsd_rw_etc_t,file)
-files_var_filetrans(cupsd_t,cupsd_rw_etc_t,{ dir file })
+manage_dirs_pattern(cupsd_t, cupsd_etc_t, cupsd_rw_etc_t)
+manage_files_pattern(cupsd_t, cupsd_etc_t, cupsd_rw_etc_t)
+filetrans_pattern(cupsd_t, cupsd_etc_t, cupsd_rw_etc_t, file)
+files_var_filetrans(cupsd_t, cupsd_rw_etc_t, { dir file })
# allow cups to execute its backend scripts
can_exec(cupsd_t, cupsd_exec_t)
allow cupsd_t cupsd_exec_t:dir search;
allow cupsd_t cupsd_exec_t:lnk_file read;
-manage_files_pattern(cupsd_t,cupsd_log_t,cupsd_log_t)
+manage_files_pattern(cupsd_t, cupsd_log_t, cupsd_log_t)
allow cupsd_t cupsd_log_t:dir setattr;
-logging_log_filetrans(cupsd_t,cupsd_log_t,{ file dir })
+logging_log_filetrans(cupsd_t, cupsd_log_t, { file dir })
-manage_dirs_pattern(cupsd_t,cupsd_tmp_t,cupsd_tmp_t)
-manage_files_pattern(cupsd_t,cupsd_tmp_t,cupsd_tmp_t)
-manage_fifo_files_pattern(cupsd_t,cupsd_tmp_t,cupsd_tmp_t)
+manage_dirs_pattern(cupsd_t, cupsd_tmp_t, cupsd_tmp_t)
+manage_files_pattern(cupsd_t, cupsd_tmp_t, cupsd_tmp_t)
+manage_fifo_files_pattern(cupsd_t, cupsd_tmp_t, cupsd_tmp_t)
files_tmp_filetrans(cupsd_t, cupsd_tmp_t, { file dir fifo_file })
allow cupsd_t cupsd_var_run_t:dir setattr;
-manage_files_pattern(cupsd_t,cupsd_var_run_t,cupsd_var_run_t)
-manage_sock_files_pattern(cupsd_t,cupsd_var_run_t,cupsd_var_run_t)
-files_pid_filetrans(cupsd_t,cupsd_var_run_t,file)
+manage_files_pattern(cupsd_t, cupsd_var_run_t, cupsd_var_run_t)
+manage_sock_files_pattern(cupsd_t, cupsd_var_run_t, cupsd_var_run_t)
+files_pid_filetrans(cupsd_t, cupsd_var_run_t, file)
-read_files_pattern(cupsd_t,hplip_etc_t,hplip_etc_t)
+read_files_pattern(cupsd_t, hplip_etc_t, hplip_etc_t)
allow cupsd_t hplip_var_run_t:file { read getattr };
-stream_connect_pattern(cupsd_t,ptal_var_run_t,ptal_var_run_t,ptal_t)
+stream_connect_pattern(cupsd_t, ptal_var_run_t, ptal_var_run_t, ptal_t)
allow cupsd_t ptal_var_run_t : sock_file setattr;
kernel_read_system_state(cupsd_t)
@@ -241,7 +241,7 @@ optional_policy(`
')
optional_policy(`
- dbus_system_bus_client_template(cupsd,cupsd_t)
+ dbus_system_bus_client_template(cupsd, cupsd_t)
userdom_dbus_send_all_users(cupsd_t)
@@ -290,15 +290,15 @@ allow cupsd_config_t self:unix_dgram_socket create_socket_perms;
allow cupsd_config_t self:tcp_socket create_stream_socket_perms;
allow cupsd_config_t cupsd_t:process signal;
-ps_process_pattern(cupsd_config_t,cupsd_t)
+ps_process_pattern(cupsd_config_t, cupsd_t)
-manage_files_pattern(cupsd_config_t,cupsd_etc_t,cupsd_etc_t)
-manage_lnk_files_pattern(cupsd_config_t,cupsd_etc_t,cupsd_etc_t)
-filetrans_pattern(cupsd_config_t,cupsd_etc_t,cupsd_rw_etc_t,file)
+manage_files_pattern(cupsd_config_t, cupsd_etc_t, cupsd_etc_t)
+manage_lnk_files_pattern(cupsd_config_t, cupsd_etc_t, cupsd_etc_t)
+filetrans_pattern(cupsd_config_t, cupsd_etc_t, cupsd_rw_etc_t, file)
-manage_files_pattern(cupsd_config_t,cupsd_rw_etc_t,cupsd_rw_etc_t)
-manage_lnk_files_pattern(cupsd_config_t,cupsd_rw_etc_t,cupsd_rw_etc_t)
-files_var_filetrans(cupsd_config_t,cupsd_rw_etc_t,file)
+manage_files_pattern(cupsd_config_t, cupsd_rw_etc_t, cupsd_rw_etc_t)
+manage_lnk_files_pattern(cupsd_config_t, cupsd_rw_etc_t, cupsd_rw_etc_t)
+files_var_filetrans(cupsd_config_t, cupsd_rw_etc_t, file)
can_exec(cupsd_config_t, cupsd_config_exec_t)
@@ -309,8 +309,8 @@ files_tmp_filetrans(cupsd_config_t, cupsd_tmp_t, { file dir })
allow cupsd_config_t cupsd_var_run_t:file { getattr read };
-manage_files_pattern(cupsd_config_t,cupsd_config_var_run_t,cupsd_config_var_run_t)
-files_pid_filetrans(cupsd_config_t,cupsd_config_var_run_t,file)
+manage_files_pattern(cupsd_config_t, cupsd_config_var_run_t, cupsd_config_var_run_t)
+files_pid_filetrans(cupsd_config_t, cupsd_config_var_run_t, file)
kernel_read_system_state(cupsd_config_t)
kernel_read_kernel_sysctls(cupsd_config_t)
@@ -377,7 +377,7 @@ optional_policy(`
')
optional_policy(`
- dbus_system_bus_client_template(cupsd_config,cupsd_config_t)
+ dbus_system_bus_client_template(cupsd_config, cupsd_config_t)
dbus_connect_system_bus(cupsd_config_t)
optional_policy(`
@@ -431,19 +431,19 @@ optional_policy(`
#end for identd
allow cupsd_lpd_t cupsd_etc_t:dir list_dir_perms;
-read_files_pattern(cupsd_lpd_t,cupsd_etc_t,cupsd_etc_t)
-read_lnk_files_pattern(cupsd_lpd_t,cupsd_etc_t,cupsd_etc_t)
+read_files_pattern(cupsd_lpd_t, cupsd_etc_t, cupsd_etc_t)
+read_lnk_files_pattern(cupsd_lpd_t, cupsd_etc_t, cupsd_etc_t)
allow cupsd_lpd_t cupsd_rw_etc_t:dir list_dir_perms;
-read_files_pattern(cupsd_lpd_t,cupsd_rw_etc_t,cupsd_rw_etc_t)
-read_lnk_files_pattern(cupsd_lpd_t,cupsd_rw_etc_t,cupsd_rw_etc_t)
+read_files_pattern(cupsd_lpd_t, cupsd_rw_etc_t, cupsd_rw_etc_t)
+read_lnk_files_pattern(cupsd_lpd_t, cupsd_rw_etc_t, cupsd_rw_etc_t)
-manage_dirs_pattern(cupsd_lpd_t,cupsd_lpd_tmp_t,cupsd_lpd_tmp_t)
-manage_files_pattern(cupsd_lpd_t,cupsd_lpd_tmp_t,cupsd_lpd_tmp_t)
+manage_dirs_pattern(cupsd_lpd_t, cupsd_lpd_tmp_t, cupsd_lpd_tmp_t)
+manage_files_pattern(cupsd_lpd_t, cupsd_lpd_tmp_t, cupsd_lpd_tmp_t)
files_tmp_filetrans(cupsd_lpd_t, cupsd_lpd_tmp_t, { file dir })
-manage_files_pattern(cupsd_lpd_t,cupsd_lpd_var_run_t,cupsd_lpd_var_run_t)
-files_pid_filetrans(cupsd_lpd_t,cupsd_lpd_var_run_t,file)
+manage_files_pattern(cupsd_lpd_t, cupsd_lpd_var_run_t, cupsd_lpd_var_run_t)
+files_pid_filetrans(cupsd_lpd_t, cupsd_lpd_var_run_t, file)
kernel_read_kernel_sysctls(cupsd_lpd_t)
kernel_read_system_state(cupsd_lpd_t)
@@ -480,7 +480,7 @@ miscfiles_read_localization(cupsd_lpd_t)
cups_stream_connect(cupsd_lpd_t)
optional_policy(`
- inetd_service_domain(cupsd_lpd_t,cupsd_lpd_exec_t)
+ inetd_service_domain(cupsd_lpd_t, cupsd_lpd_exec_t)
')
########################################
@@ -505,12 +505,12 @@ allow hplip_t cupsd_etc_t:dir search;
cups_stream_connect(hplip_t)
allow hplip_t hplip_etc_t:dir list_dir_perms;
-read_files_pattern(hplip_t,hplip_etc_t,hplip_etc_t)
-read_lnk_files_pattern(hplip_t,hplip_etc_t,hplip_etc_t)
+read_files_pattern(hplip_t, hplip_etc_t, hplip_etc_t)
+read_lnk_files_pattern(hplip_t, hplip_etc_t, hplip_etc_t)
files_search_etc(hplip_t)
-manage_files_pattern(hplip_t,hplip_var_run_t,hplip_var_run_t)
-files_pid_filetrans(hplip_t,hplip_var_run_t,file)
+manage_files_pattern(hplip_t, hplip_var_run_t, hplip_var_run_t)
+files_pid_filetrans(hplip_t, hplip_var_run_t, file)
kernel_read_system_state(hplip_t)
kernel_read_kernel_sysctls(hplip_t)
@@ -593,16 +593,16 @@ allow ptal_t self:unix_stream_socket create_stream_socket_perms;
allow ptal_t self:tcp_socket create_stream_socket_perms;
allow ptal_t ptal_etc_t:dir list_dir_perms;
-read_files_pattern(ptal_t,ptal_etc_t,ptal_etc_t)
-read_lnk_files_pattern(ptal_t,ptal_etc_t,ptal_etc_t)
+read_files_pattern(ptal_t, ptal_etc_t, ptal_etc_t)
+read_lnk_files_pattern(ptal_t, ptal_etc_t, ptal_etc_t)
files_search_etc(ptal_t)
-manage_dirs_pattern(ptal_t,ptal_var_run_t,ptal_var_run_t)
-manage_files_pattern(ptal_t,ptal_var_run_t,ptal_var_run_t)
-manage_lnk_files_pattern(ptal_t,ptal_var_run_t,ptal_var_run_t)
-manage_fifo_files_pattern(ptal_t,ptal_var_run_t,ptal_var_run_t)
-manage_sock_files_pattern(ptal_t,ptal_var_run_t,ptal_var_run_t)
-files_pid_filetrans(ptal_t,ptal_var_run_t,{ dir file lnk_file sock_file fifo_file })
+manage_dirs_pattern(ptal_t, ptal_var_run_t, ptal_var_run_t)
+manage_files_pattern(ptal_t, ptal_var_run_t, ptal_var_run_t)
+manage_lnk_files_pattern(ptal_t, ptal_var_run_t, ptal_var_run_t)
+manage_fifo_files_pattern(ptal_t, ptal_var_run_t, ptal_var_run_t)
+manage_sock_files_pattern(ptal_t, ptal_var_run_t, ptal_var_run_t)
+files_pid_filetrans(ptal_t, ptal_var_run_t, { dir file lnk_file sock_file fifo_file })
kernel_read_kernel_sysctls(ptal_t)
kernel_list_proc(ptal_t)
diff --git a/policy/modules/services/cvs.if b/policy/modules/services/cvs.if
index 5d2de39..a1baa07 100644
--- a/policy/modules/services/cvs.if
+++ b/policy/modules/services/cvs.if
@@ -34,5 +34,5 @@ interface(`cvs_exec',`
type cvs_exec_t;
')
- can_exec($1,cvs_exec_t)
+ can_exec($1, cvs_exec_t)
')
diff --git a/policy/modules/services/cvs.te b/policy/modules/services/cvs.te
index 2320feb..e20c0b8 100644
--- a/policy/modules/services/cvs.te
+++ b/policy/modules/services/cvs.te
@@ -1,5 +1,5 @@
-policy_module(cvs,1.6.0)
+policy_module(cvs, 1.6.0)
########################################
#
@@ -11,11 +11,11 @@ policy_module(cvs,1.6.0)
## Allow cvs daemon to read shadow
##
##
-gen_tunable(allow_cvs_read_shadow,false)
+gen_tunable(allow_cvs_read_shadow, false)
type cvs_t;
type cvs_exec_t;
-inetd_tcp_service_domain(cvs_t,cvs_exec_t)
+inetd_tcp_service_domain(cvs_t, cvs_exec_t)
application_executable_file(cvs_exec_t)
role system_r types cvs_t;
@@ -40,16 +40,16 @@ allow cvs_t self:tcp_socket connected_stream_socket_perms;
allow cvs_t self:netlink_tcpdiag_socket r_netlink_socket_perms;
allow cvs_t self:capability { setuid setgid };
-manage_dirs_pattern(cvs_t,cvs_data_t,cvs_data_t)
-manage_files_pattern(cvs_t,cvs_data_t,cvs_data_t)
-manage_lnk_files_pattern(cvs_t,cvs_data_t,cvs_data_t)
+manage_dirs_pattern(cvs_t, cvs_data_t, cvs_data_t)
+manage_files_pattern(cvs_t, cvs_data_t, cvs_data_t)
+manage_lnk_files_pattern(cvs_t, cvs_data_t, cvs_data_t)
-manage_dirs_pattern(cvs_t,cvs_tmp_t,cvs_tmp_t)
-manage_files_pattern(cvs_t,cvs_tmp_t,cvs_tmp_t)
+manage_dirs_pattern(cvs_t, cvs_tmp_t, cvs_tmp_t)
+manage_files_pattern(cvs_t, cvs_tmp_t, cvs_tmp_t)
files_tmp_filetrans(cvs_t, cvs_tmp_t, { file dir })
-manage_files_pattern(cvs_t,cvs_var_run_t,cvs_var_run_t)
-files_pid_filetrans(cvs_t,cvs_var_run_t,file)
+manage_files_pattern(cvs_t, cvs_var_run_t, cvs_var_run_t)
+files_pid_filetrans(cvs_t, cvs_var_run_t, file)
kernel_read_kernel_sysctls(cvs_t)
kernel_read_system_state(cvs_t)
diff --git a/policy/modules/services/cyrus.if b/policy/modules/services/cyrus.if
index c7e26a8..2d80a28 100644
--- a/policy/modules/services/cyrus.if
+++ b/policy/modules/services/cyrus.if
@@ -17,7 +17,7 @@ interface(`cyrus_manage_data',`
')
files_search_var_lib($1)
- manage_files_pattern($1,cyrus_var_lib_t,cyrus_var_lib_t)
+ manage_files_pattern($1, cyrus_var_lib_t, cyrus_var_lib_t)
')
@@ -37,5 +37,5 @@ interface(`cyrus_stream_connect',`
')
files_search_var_lib($1)
- stream_connect_pattern($1,cyrus_var_lib_t,cyrus_var_lib_t,cyrus_t)
+ stream_connect_pattern($1, cyrus_var_lib_t, cyrus_var_lib_t, cyrus_t)
')
diff --git a/policy/modules/services/cyrus.te b/policy/modules/services/cyrus.te
index 8434319..566944f 100644
--- a/policy/modules/services/cyrus.te
+++ b/policy/modules/services/cyrus.te
@@ -8,7 +8,7 @@ policy_module(cyrus, 1.6.0)
type cyrus_t;
type cyrus_exec_t;
-init_daemon_domain(cyrus_t,cyrus_exec_t)
+init_daemon_domain(cyrus_t, cyrus_exec_t)
type cyrus_tmp_t;
files_tmp_file(cyrus_tmp_t)
@@ -42,19 +42,19 @@ allow cyrus_t self:unix_stream_socket connectto;
allow cyrus_t self:tcp_socket create_stream_socket_perms;
allow cyrus_t self:udp_socket create_socket_perms;
-manage_dirs_pattern(cyrus_t,cyrus_tmp_t,cyrus_tmp_t)
-manage_files_pattern(cyrus_t,cyrus_tmp_t,cyrus_tmp_t)
+manage_dirs_pattern(cyrus_t, cyrus_tmp_t, cyrus_tmp_t)
+manage_files_pattern(cyrus_t, cyrus_tmp_t, cyrus_tmp_t)
files_tmp_filetrans(cyrus_t, cyrus_tmp_t, { file dir })
-manage_dirs_pattern(cyrus_t,cyrus_var_lib_t,cyrus_var_lib_t)
-manage_files_pattern(cyrus_t,cyrus_var_lib_t,cyrus_var_lib_t)
-manage_lnk_files_pattern(cyrus_t,cyrus_var_lib_t,cyrus_var_lib_t)
-manage_sock_files_pattern(cyrus_t,cyrus_var_lib_t,cyrus_var_lib_t)
-files_pid_filetrans(cyrus_t,cyrus_var_run_t,file)
+manage_dirs_pattern(cyrus_t, cyrus_var_lib_t, cyrus_var_lib_t)
+manage_files_pattern(cyrus_t, cyrus_var_lib_t, cyrus_var_lib_t)
+manage_lnk_files_pattern(cyrus_t, cyrus_var_lib_t, cyrus_var_lib_t)
+manage_sock_files_pattern(cyrus_t, cyrus_var_lib_t, cyrus_var_lib_t)
+files_pid_filetrans(cyrus_t, cyrus_var_run_t, file)
-manage_files_pattern(cyrus_t,cyrus_var_run_t,cyrus_var_run_t)
-manage_sock_files_pattern(cyrus_t,cyrus_var_run_t,cyrus_var_run_t)
-files_pid_filetrans(cyrus_t,cyrus_var_run_t,{ file sock_file })
+manage_files_pattern(cyrus_t, cyrus_var_run_t, cyrus_var_run_t)
+manage_sock_files_pattern(cyrus_t, cyrus_var_run_t, cyrus_var_run_t)
+files_pid_filetrans(cyrus_t, cyrus_var_run_t, { file sock_file })
kernel_read_kernel_sysctls(cyrus_t)
kernel_read_system_state(cyrus_t)
@@ -116,7 +116,7 @@ mta_send_mail(cyrus_t)
sysadm_dontaudit_search_home_dirs(cyrus_t)
optional_policy(`
- cron_system_entry(cyrus_t,cyrus_exec_t)
+ cron_system_entry(cyrus_t, cyrus_exec_t)
')
optional_policy(`
diff --git a/policy/modules/services/dante.te b/policy/modules/services/dante.te
index 1d8a485..e59c8ac 100644
--- a/policy/modules/services/dante.te
+++ b/policy/modules/services/dante.te
@@ -8,7 +8,7 @@ policy_module(dante, 1.5.0)
type dante_t;
type dante_exec_t;
-init_daemon_domain(dante_t,dante_exec_t)
+init_daemon_domain(dante_t, dante_exec_t)
type dante_conf_t;
files_type(dante_conf_t)
@@ -31,8 +31,8 @@ allow dante_t self:udp_socket create_socket_perms;
allow dante_t dante_conf_t:dir list_dir_perms;
allow dante_t dante_conf_t:file read_file_perms;
-manage_files_pattern(dante_t,dante_var_run_t,dante_var_run_t)
-files_pid_filetrans(dante_t,dante_var_run_t,file)
+manage_files_pattern(dante_t, dante_var_run_t, dante_var_run_t)
+files_pid_filetrans(dante_t, dante_var_run_t, file)
kernel_read_kernel_sysctls(dante_t)
kernel_list_proc(dante_t)
diff --git a/policy/modules/services/dbskk.te b/policy/modules/services/dbskk.te
index d690f5f..81293f8 100644
--- a/policy/modules/services/dbskk.te
+++ b/policy/modules/services/dbskk.te
@@ -1,5 +1,5 @@
-policy_module(dbskk,1.4.0)
+policy_module(dbskk, 1.4.0)
########################################
#
@@ -8,7 +8,7 @@ policy_module(dbskk,1.4.0)
type dbskkd_t;
type dbskkd_exec_t;
-inetd_service_domain(dbskkd_t,dbskkd_exec_t)
+inetd_service_domain(dbskkd_t, dbskkd_exec_t)
role system_r types dbskkd_t;
type dbskkd_tmp_t;
@@ -37,12 +37,12 @@ optional_policy(`
')
#end for identd
-manage_dirs_pattern(dbskkd_t,dbskkd_tmp_t,dbskkd_tmp_t)
-manage_files_pattern(dbskkd_t,dbskkd_tmp_t,dbskkd_tmp_t)
+manage_dirs_pattern(dbskkd_t, dbskkd_tmp_t, dbskkd_tmp_t)
+manage_files_pattern(dbskkd_t, dbskkd_tmp_t, dbskkd_tmp_t)
files_tmp_filetrans(dbskkd_t, dbskkd_tmp_t, { file dir })
-manage_files_pattern(dbskkd_t,dbskkd_var_run_t,dbskkd_var_run_t)
-files_pid_filetrans(dbskkd_t,dbskkd_var_run_t,file)
+manage_files_pattern(dbskkd_t, dbskkd_var_run_t, dbskkd_var_run_t)
+files_pid_filetrans(dbskkd_t, dbskkd_var_run_t, file)
kernel_read_kernel_sysctls(dbskkd_t)
kernel_read_system_state(dbskkd_t)
diff --git a/policy/modules/services/dbus.if b/policy/modules/services/dbus.if
index 1436615..3569877 100644
--- a/policy/modules/services/dbus.if
+++ b/policy/modules/services/dbus.if
@@ -61,7 +61,7 @@ template(`dbus_per_role_template',`
#
type $1_dbusd_t;
domain_type($1_dbusd_t)
- domain_entry_file($1_dbusd_t,system_dbusd_exec_t)
+ domain_entry_file($1_dbusd_t, system_dbusd_exec_t)
role $3 types $1_dbusd_t;
type $1_dbusd_$1_t;
@@ -94,11 +94,11 @@ template(`dbus_per_role_template',`
allow $1_t system_dbusd_t:dbus { send_msg acquire_svc };
allow $1_dbusd_t dbusd_etc_t:dir list_dir_perms;
- read_files_pattern($1_dbusd_t,dbusd_etc_t,dbusd_etc_t)
- read_lnk_files_pattern($1_dbusd_t,dbusd_etc_t,dbusd_etc_t)
+ read_files_pattern($1_dbusd_t, dbusd_etc_t, dbusd_etc_t)
+ read_lnk_files_pattern($1_dbusd_t, dbusd_etc_t, dbusd_etc_t)
- manage_dirs_pattern($1_dbusd_t,$1_dbusd_tmp_t,$1_dbusd_tmp_t)
- manage_files_pattern($1_dbusd_t,$1_dbusd_tmp_t,$1_dbusd_tmp_t)
+ manage_dirs_pattern($1_dbusd_t, $1_dbusd_tmp_t, $1_dbusd_tmp_t)
+ manage_files_pattern($1_dbusd_t, $1_dbusd_tmp_t, $1_dbusd_tmp_t)
files_tmp_filetrans($1_dbusd_t, $1_dbusd_tmp_t, { file dir })
domtrans_pattern($2, system_dbusd_exec_t, $1_dbusd_t)
@@ -221,7 +221,7 @@ template(`dbus_system_bus_client_template',`
# For connecting to the bus
files_search_pids($2)
- stream_connect_pattern($2,system_dbusd_var_run_t,system_dbusd_var_run_t,system_dbusd_t)
+ stream_connect_pattern($2, system_dbusd_var_run_t, system_dbusd_var_run_t, system_dbusd_t)
dbus_read_config($2)
')
diff --git a/policy/modules/services/dbus.te b/policy/modules/services/dbus.te
index d373d52..2e8dc2e 100644
--- a/policy/modules/services/dbus.te
+++ b/policy/modules/services/dbus.te
@@ -15,7 +15,7 @@ files_type(dbusd_etc_t)
type system_dbusd_t alias dbusd_t;
type system_dbusd_exec_t;
-init_system_domain(system_dbusd_t,system_dbusd_exec_t)
+init_system_domain(system_dbusd_t, system_dbusd_exec_t)
type system_dbusd_tmp_t;
files_tmp_file(system_dbusd_tmp_t)
@@ -44,18 +44,18 @@ allow system_dbusd_t self:unix_dgram_socket create_socket_perms;
allow system_dbusd_t self:netlink_selinux_socket { create bind read };
allow system_dbusd_t dbusd_etc_t:dir list_dir_perms;
-read_files_pattern(system_dbusd_t,dbusd_etc_t,dbusd_etc_t)
-read_lnk_files_pattern(system_dbusd_t,dbusd_etc_t,dbusd_etc_t)
+read_files_pattern(system_dbusd_t, dbusd_etc_t, dbusd_etc_t)
+read_lnk_files_pattern(system_dbusd_t, dbusd_etc_t, dbusd_etc_t)
-manage_dirs_pattern(system_dbusd_t,system_dbusd_tmp_t,system_dbusd_tmp_t)
-manage_files_pattern(system_dbusd_t,system_dbusd_tmp_t,system_dbusd_tmp_t)
+manage_dirs_pattern(system_dbusd_t, system_dbusd_tmp_t, system_dbusd_tmp_t)
+manage_files_pattern(system_dbusd_t, system_dbusd_tmp_t, system_dbusd_tmp_t)
files_tmp_filetrans(system_dbusd_t, system_dbusd_tmp_t, { file dir })
read_files_pattern(system_dbusd_t, system_dbusd_var_lib_t, system_dbusd_var_lib_t)
-manage_files_pattern(system_dbusd_t,system_dbusd_var_run_t,system_dbusd_var_run_t)
-manage_sock_files_pattern(system_dbusd_t,system_dbusd_var_run_t,system_dbusd_var_run_t)
-files_pid_filetrans(system_dbusd_t,system_dbusd_var_run_t,file)
+manage_files_pattern(system_dbusd_t, system_dbusd_var_run_t, system_dbusd_var_run_t)
+manage_sock_files_pattern(system_dbusd_t, system_dbusd_var_run_t, system_dbusd_var_run_t)
+files_pid_filetrans(system_dbusd_t, system_dbusd_var_run_t, file)
kernel_read_system_state(system_dbusd_t)
kernel_read_kernel_sysctls(system_dbusd_t)
diff --git a/policy/modules/services/dcc.if b/policy/modules/services/dcc.if
index 1717921..320c670 100644
--- a/policy/modules/services/dcc.if
+++ b/policy/modules/services/dcc.if
@@ -16,7 +16,7 @@ interface(`dcc_domtrans_cdcc',`
')
corecmd_search_bin($1)
- domtrans_pattern($1,cdcc_exec_t,cdcc_t)
+ domtrans_pattern($1, cdcc_exec_t, cdcc_t)
')
########################################
@@ -67,7 +67,7 @@ interface(`dcc_domtrans_client',`
')
corecmd_search_bin($1)
- domtrans_pattern($1,dcc_client_exec_t,dcc_client_t)
+ domtrans_pattern($1, dcc_client_exec_t, dcc_client_t)
')
########################################
@@ -118,7 +118,7 @@ interface(`dcc_domtrans_dbclean',`
')
corecmd_search_bin($1)
- domtrans_pattern($1,dcc_dbclean_exec_t,dcc_dbclean_t)
+ domtrans_pattern($1, dcc_dbclean_exec_t, dcc_dbclean_t)
')
########################################
@@ -169,5 +169,5 @@ interface(`dcc_stream_connect_dccifd',`
')
files_search_var($1)
- stream_connect_pattern($1,dcc_var_t,dccifd_var_run_t,dccifd_t)
+ stream_connect_pattern($1, dcc_var_t, dccifd_var_run_t, dccifd_t)
')
diff --git a/policy/modules/services/dcc.te b/policy/modules/services/dcc.te
index d19a070..6d7a82b 100644
--- a/policy/modules/services/dcc.te
+++ b/policy/modules/services/dcc.te
@@ -8,7 +8,7 @@ policy_module(dcc, 1.6.0)
type cdcc_t;
type cdcc_exec_t;
-application_domain(cdcc_t,cdcc_exec_t)
+application_domain(cdcc_t, cdcc_exec_t)
role system_r types cdcc_t;
type cdcc_tmp_t;
@@ -16,7 +16,7 @@ files_tmp_file(cdcc_tmp_t)
type dcc_client_t;
type dcc_client_exec_t;
-application_domain(dcc_client_t,dcc_client_exec_t)
+application_domain(dcc_client_t, dcc_client_exec_t)
role system_r types dcc_client_t;
type dcc_client_map_t;
@@ -27,7 +27,7 @@ files_tmp_file(dcc_client_tmp_t)
type dcc_dbclean_t;
type dcc_dbclean_exec_t;
-application_domain(dcc_dbclean_t,dcc_dbclean_exec_t)
+application_domain(dcc_dbclean_t, dcc_dbclean_exec_t)
role system_r types dcc_dbclean_t;
type dcc_dbclean_tmp_t;
@@ -41,7 +41,7 @@ files_type(dcc_var_run_t)
type dccd_t;
type dccd_exec_t;
-init_daemon_domain(dccd_t,dccd_exec_t)
+init_daemon_domain(dccd_t, dccd_exec_t)
type dccd_tmp_t;
files_tmp_file(dccd_tmp_t)
@@ -51,7 +51,7 @@ files_pid_file(dccd_var_run_t)
type dccifd_t;
type dccifd_exec_t;
-init_daemon_domain(dccifd_t,dccifd_exec_t)
+init_daemon_domain(dccifd_t, dccifd_exec_t)
type dccifd_tmp_t;
files_tmp_file(dccifd_tmp_t)
@@ -61,7 +61,7 @@ files_pid_file(dccifd_var_run_t)
type dccm_t;
type dccm_exec_t;
-init_daemon_domain(dccm_t,dccm_exec_t)
+init_daemon_domain(dccm_t, dccm_exec_t)
type dccm_tmp_t;
files_tmp_file(dccm_tmp_t)
@@ -85,16 +85,16 @@ allow cdcc_t self:capability setuid;
allow cdcc_t self:unix_dgram_socket create_socket_perms;
allow cdcc_t self:udp_socket create_socket_perms;
-manage_dirs_pattern(cdcc_t,cdcc_tmp_t,cdcc_tmp_t)
-manage_files_pattern(cdcc_t,cdcc_tmp_t,cdcc_tmp_t)
+manage_dirs_pattern(cdcc_t, cdcc_tmp_t, cdcc_tmp_t)
+manage_files_pattern(cdcc_t, cdcc_tmp_t, cdcc_tmp_t)
files_tmp_filetrans(cdcc_t, cdcc_tmp_t, { file dir })
allow cdcc_t dcc_client_map_t:file rw_file_perms;
# Access files in /var/dcc. The map file can be updated
allow cdcc_t dcc_var_t:dir list_dir_perms;
-read_files_pattern(cdcc_t,dcc_var_t,dcc_var_t)
-read_lnk_files_pattern(cdcc_t,dcc_var_t,dcc_var_t)
+read_files_pattern(cdcc_t, dcc_var_t, dcc_var_t)
+read_lnk_files_pattern(cdcc_t, dcc_var_t, dcc_var_t)
corenet_all_recvfrom_unlabeled(cdcc_t)
corenet_all_recvfrom_netlabel(cdcc_t)
@@ -130,14 +130,14 @@ allow dcc_client_t self:udp_socket create_socket_perms;
allow dcc_client_t dcc_client_map_t:file rw_file_perms;
-manage_dirs_pattern(dcc_client_t,dcc_client_tmp_t,dcc_client_tmp_t)
-manage_files_pattern(dcc_client_t,dcc_client_tmp_t,dcc_client_tmp_t)
+manage_dirs_pattern(dcc_client_t, dcc_client_tmp_t, dcc_client_tmp_t)
+manage_files_pattern(dcc_client_t, dcc_client_tmp_t, dcc_client_tmp_t)
files_tmp_filetrans(dcc_client_t, dcc_client_tmp_t, { file dir })
# Access files in /var/dcc. The map file can be updated
allow dcc_client_t dcc_var_t:dir list_dir_perms;
-read_files_pattern(dcc_client_t,dcc_var_t,dcc_var_t)
-read_lnk_files_pattern(dcc_client_t,dcc_var_t,dcc_var_t)
+read_files_pattern(dcc_client_t, dcc_var_t, dcc_var_t)
+read_lnk_files_pattern(dcc_client_t, dcc_var_t, dcc_var_t)
corenet_all_recvfrom_unlabeled(dcc_client_t)
corenet_all_recvfrom_netlabel(dcc_client_t)
@@ -172,13 +172,13 @@ allow dcc_dbclean_t self:udp_socket create_socket_perms;
allow dcc_dbclean_t dcc_client_map_t:file rw_file_perms;
-manage_dirs_pattern(dcc_dbclean_t,dcc_dbclean_tmp_t,dcc_dbclean_tmp_t)
-manage_files_pattern(dcc_dbclean_t,dcc_dbclean_tmp_t,dcc_dbclean_tmp_t)
+manage_dirs_pattern(dcc_dbclean_t, dcc_dbclean_tmp_t, dcc_dbclean_tmp_t)
+manage_files_pattern(dcc_dbclean_t, dcc_dbclean_tmp_t, dcc_dbclean_tmp_t)
files_tmp_filetrans(dcc_dbclean_t, dcc_dbclean_tmp_t, { file dir })
-manage_dirs_pattern(dcc_dbclean_t,dcc_var_t,dcc_var_t)
-manage_files_pattern(dcc_dbclean_t,dcc_var_t,dcc_var_t)
-manage_lnk_files_pattern(dcc_dbclean_t,dcc_var_t,dcc_var_t)
+manage_dirs_pattern(dcc_dbclean_t, dcc_var_t, dcc_var_t)
+manage_files_pattern(dcc_dbclean_t, dcc_var_t, dcc_var_t)
+manage_lnk_files_pattern(dcc_dbclean_t, dcc_var_t, dcc_var_t)
kernel_read_system_state(dcc_dbclean_t)
@@ -221,24 +221,24 @@ allow dccd_t dcc_client_map_t:file rw_file_perms;
# Access files in /var/dcc. The map file can be updated
allow dccd_t dcc_var_t:dir list_dir_perms;
-read_files_pattern(dccd_t,dcc_var_t,dcc_var_t)
-read_lnk_files_pattern(dccd_t,dcc_var_t,dcc_var_t)
+read_files_pattern(dccd_t, dcc_var_t, dcc_var_t)
+read_lnk_files_pattern(dccd_t, dcc_var_t, dcc_var_t)
# Runs the dbclean program
domtrans_pattern(dccd_t, dcc_dbclean_exec_t, dcc_dbclean_t)
corecmd_search_bin(dccd_t)
# Updating dcc_db, flod, ...
-manage_dirs_pattern(dccd_t,dcc_var_t,dcc_var_t)
-manage_files_pattern(dccd_t,dcc_var_t,dcc_var_t)
-manage_lnk_files_pattern(dccd_t,dcc_var_t,dcc_var_t)
+manage_dirs_pattern(dccd_t, dcc_var_t, dcc_var_t)
+manage_files_pattern(dccd_t, dcc_var_t, dcc_var_t)
+manage_lnk_files_pattern(dccd_t, dcc_var_t, dcc_var_t)
-manage_dirs_pattern(dccd_t,dccd_tmp_t,dccd_tmp_t)
-manage_files_pattern(dccd_t,dccd_tmp_t,dccd_tmp_t)
+manage_dirs_pattern(dccd_t, dccd_tmp_t, dccd_tmp_t)
+manage_files_pattern(dccd_t, dccd_tmp_t, dccd_tmp_t)
files_tmp_filetrans(dccd_t, dccd_tmp_t, { file dir })
-manage_files_pattern(dccd_t,dccd_var_run_t,dccd_var_run_t)
-files_pid_filetrans(dccd_t,dccd_var_run_t,file)
+manage_files_pattern(dccd_t, dccd_var_run_t, dccd_var_run_t)
+files_pid_filetrans(dccd_t, dccd_var_run_t, file)
kernel_read_system_state(dccd_t)
kernel_read_kernel_sysctls(dccd_t)
@@ -302,20 +302,20 @@ allow dccifd_t self:udp_socket create_socket_perms;
allow dccifd_t dcc_client_map_t:file rw_file_perms;
# Updating dcc_db, flod, ...
-manage_dirs_pattern(dccifd_t,dcc_var_t,dcc_var_t)
-manage_files_pattern(dccifd_t,dcc_var_t,dcc_var_t)
-manage_lnk_files_pattern(dccifd_t,dcc_var_t,dcc_var_t)
-manage_fifo_files_pattern(dccifd_t,dcc_var_t,dcc_var_t)
-manage_sock_files_pattern(dccifd_t,dcc_var_t,dcc_var_t)
-
-manage_dirs_pattern(dccifd_t,dccifd_tmp_t,dccifd_tmp_t)
-manage_files_pattern(dccifd_t,dccifd_tmp_t,dccifd_tmp_t)
+manage_dirs_pattern(dccifd_t, dcc_var_t, dcc_var_t)
+manage_files_pattern(dccifd_t, dcc_var_t, dcc_var_t)
+manage_lnk_files_pattern(dccifd_t, dcc_var_t, dcc_var_t)
+manage_fifo_files_pattern(dccifd_t, dcc_var_t, dcc_var_t)
+manage_sock_files_pattern(dccifd_t, dcc_var_t, dcc_var_t)
+
+manage_dirs_pattern(dccifd_t, dccifd_tmp_t, dccifd_tmp_t)
+manage_files_pattern(dccifd_t, dccifd_tmp_t, dccifd_tmp_t)
files_tmp_filetrans(dccifd_t, dccifd_tmp_t, { file dir })
-manage_files_pattern(dccifd_t,dccifd_var_run_t,dccifd_var_run_t)
-manage_sock_files_pattern(dccifd_t,dccifd_var_run_t,dccifd_var_run_t)
-filetrans_pattern(dccifd_t,dcc_var_t,dccifd_var_run_t,{ file sock_file })
-files_pid_filetrans(dccifd_t,dccifd_var_run_t,file)
+manage_files_pattern(dccifd_t, dccifd_var_run_t, dccifd_var_run_t)
+manage_sock_files_pattern(dccifd_t, dccifd_var_run_t, dccifd_var_run_t)
+filetrans_pattern(dccifd_t, dcc_var_t, dccifd_var_run_t, { file sock_file })
+files_pid_filetrans(dccifd_t, dccifd_var_run_t, file)
kernel_read_system_state(dccifd_t)
kernel_read_kernel_sysctls(dccifd_t)
@@ -375,20 +375,20 @@ allow dccm_t self:udp_socket create_socket_perms;
allow dccm_t dcc_client_map_t:file rw_file_perms;
-manage_dirs_pattern(dccm_t,dcc_var_t,dcc_var_t)
-manage_files_pattern(dccm_t,dcc_var_t,dcc_var_t)
-manage_lnk_files_pattern(dccm_t,dcc_var_t,dcc_var_t)
-manage_fifo_files_pattern(dccm_t,dcc_var_t,dcc_var_t)
-manage_sock_files_pattern(dccm_t,dcc_var_t,dcc_var_t)
+manage_dirs_pattern(dccm_t, dcc_var_t, dcc_var_t)
+manage_files_pattern(dccm_t, dcc_var_t, dcc_var_t)
+manage_lnk_files_pattern(dccm_t, dcc_var_t, dcc_var_t)
+manage_fifo_files_pattern(dccm_t, dcc_var_t, dcc_var_t)
+manage_sock_files_pattern(dccm_t, dcc_var_t, dcc_var_t)
-manage_dirs_pattern(dccm_t,dccm_tmp_t,dccm_tmp_t)
-manage_files_pattern(dccm_t,dccm_tmp_t,dccm_tmp_t)
+manage_dirs_pattern(dccm_t, dccm_tmp_t, dccm_tmp_t)
+manage_files_pattern(dccm_t, dccm_tmp_t, dccm_tmp_t)
files_tmp_filetrans(dccm_t, dccm_tmp_t, { file dir })
-manage_files_pattern(dccm_t,dccm_var_run_t,dccm_var_run_t)
-manage_sock_files_pattern(dccm_t,dccm_var_run_t,dccm_var_run_t)
-filetrans_pattern(dccm_t,dcc_var_run_t,dccm_var_run_t,{ file sock_file })
-files_pid_filetrans(dccm_t,dccm_var_run_t,file)
+manage_files_pattern(dccm_t, dccm_var_run_t, dccm_var_run_t)
+manage_sock_files_pattern(dccm_t, dccm_var_run_t, dccm_var_run_t)
+filetrans_pattern(dccm_t, dcc_var_run_t, dccm_var_run_t, { file sock_file })
+files_pid_filetrans(dccm_t, dccm_var_run_t, file)
kernel_read_system_state(dccm_t)
kernel_read_kernel_sysctls(dccm_t)
diff --git a/policy/modules/services/ddclient.te b/policy/modules/services/ddclient.te
index 9e41e97..fc73399 100644
--- a/policy/modules/services/ddclient.te
+++ b/policy/modules/services/ddclient.te
@@ -8,7 +8,7 @@ policy_module(ddclient, 1.5.0)
type ddclient_t;
type ddclient_exec_t;
-init_daemon_domain(ddclient_t,ddclient_exec_t)
+init_daemon_domain(ddclient_t, ddclient_exec_t)
type ddclient_etc_t;
files_type(ddclient_etc_t)
@@ -41,18 +41,18 @@ allow ddclient_t ddclient_etc_t:file read_file_perms;
allow ddclient_t ddclient_log_t:file manage_file_perms;
logging_log_filetrans(ddclient_t,ddclient_log_t,file)
-manage_dirs_pattern(ddclient_t,ddclient_var_t,ddclient_var_t)
-manage_files_pattern(ddclient_t,ddclient_var_t,ddclient_var_t)
-manage_lnk_files_pattern(ddclient_t,ddclient_var_t,ddclient_var_t)
-manage_fifo_files_pattern(ddclient_t,ddclient_var_t,ddclient_var_t)
-manage_sock_files_pattern(ddclient_t,ddclient_var_t,ddclient_var_t)
-files_var_filetrans(ddclient_t,ddclient_var_t,{ file lnk_file sock_file fifo_file })
+manage_dirs_pattern(ddclient_t, ddclient_var_t, ddclient_var_t)
+manage_files_pattern(ddclient_t, ddclient_var_t, ddclient_var_t)
+manage_lnk_files_pattern(ddclient_t, ddclient_var_t, ddclient_var_t)
+manage_fifo_files_pattern(ddclient_t, ddclient_var_t, ddclient_var_t)
+manage_sock_files_pattern(ddclient_t, ddclient_var_t, ddclient_var_t)
+files_var_filetrans(ddclient_t, ddclient_var_t, { file lnk_file sock_file fifo_file })
-manage_files_pattern(ddclient_t,ddclient_var_lib_t,ddclient_var_lib_t)
-files_var_lib_filetrans(ddclient_t,ddclient_var_lib_t,file)
+manage_files_pattern(ddclient_t, ddclient_var_lib_t, ddclient_var_lib_t)
+files_var_lib_filetrans(ddclient_t, ddclient_var_lib_t, file)
-manage_files_pattern(ddclient_t,ddclient_var_run_t,ddclient_var_run_t)
-files_pid_filetrans(ddclient_t,ddclient_var_run_t,file)
+manage_files_pattern(ddclient_t, ddclient_var_run_t, ddclient_var_run_t)
+files_pid_filetrans(ddclient_t, ddclient_var_run_t, file)
kernel_read_system_state(ddclient_t)
kernel_read_network_state(ddclient_t)
diff --git a/policy/modules/services/dhcp.te b/policy/modules/services/dhcp.te
index b0fab76..d8b0e5a 100644
--- a/policy/modules/services/dhcp.te
+++ b/policy/modules/services/dhcp.te
@@ -8,7 +8,7 @@ policy_module(dhcp, 1.6.0)
type dhcpd_t;
type dhcpd_exec_t;
-init_daemon_domain(dhcpd_t,dhcpd_exec_t)
+init_daemon_domain(dhcpd_t, dhcpd_exec_t)
type dhcpd_state_t;
files_type(dhcpd_state_t)
@@ -37,17 +37,17 @@ allow dhcpd_t self:udp_socket create_socket_perms;
allow dhcpd_t self:packet_socket create_socket_perms;
allow dhcpd_t self:rawip_socket create_socket_perms;
-can_exec(dhcpd_t,dhcpd_exec_t)
+can_exec(dhcpd_t, dhcpd_exec_t)
-manage_files_pattern(dhcpd_t,dhcpd_state_t,dhcpd_state_t)
-sysnet_dhcp_state_filetrans(dhcpd_t,dhcpd_state_t,file)
+manage_files_pattern(dhcpd_t, dhcpd_state_t, dhcpd_state_t)
+sysnet_dhcp_state_filetrans(dhcpd_t, dhcpd_state_t, file)
-manage_dirs_pattern(dhcpd_t,dhcpd_tmp_t,dhcpd_tmp_t)
-manage_files_pattern(dhcpd_t,dhcpd_tmp_t,dhcpd_tmp_t)
+manage_dirs_pattern(dhcpd_t, dhcpd_tmp_t, dhcpd_tmp_t)
+manage_files_pattern(dhcpd_t, dhcpd_tmp_t, dhcpd_tmp_t)
files_tmp_filetrans(dhcpd_t, dhcpd_tmp_t, { file dir })
-manage_files_pattern(dhcpd_t,dhcpd_var_run_t,dhcpd_var_run_t)
-files_pid_filetrans(dhcpd_t,dhcpd_var_run_t,file)
+manage_files_pattern(dhcpd_t, dhcpd_var_run_t, dhcpd_var_run_t)
+files_pid_filetrans(dhcpd_t, dhcpd_var_run_t, file)
kernel_read_system_state(dhcpd_t)
kernel_read_kernel_sysctls(dhcpd_t)
@@ -112,7 +112,7 @@ optional_policy(`
')
optional_policy(`
- dbus_system_bus_client_template(dhcpd,dhcpd_t)
+ dbus_system_bus_client_template(dhcpd, dhcpd_t)
dbus_connect_system_bus(dhcpd_t)
')
diff --git a/policy/modules/services/dictd.te b/policy/modules/services/dictd.te
index e34156f..b9e3ca2 100644
--- a/policy/modules/services/dictd.te
+++ b/policy/modules/services/dictd.te
@@ -1,5 +1,5 @@
-policy_module(dictd,1.5.0)
+policy_module(dictd, 1.5.0)
########################################
#
@@ -8,7 +8,7 @@ policy_module(dictd,1.5.0)
type dictd_t;
type dictd_exec_t;
-init_daemon_domain(dictd_t,dictd_exec_t)
+init_daemon_domain(dictd_t, dictd_exec_t)
type dictd_etc_t;
files_config_file(dictd_etc_t)
diff --git a/policy/modules/services/distcc.te b/policy/modules/services/distcc.te
index d99e5d0..610d083 100644
--- a/policy/modules/services/distcc.te
+++ b/policy/modules/services/distcc.te
@@ -8,7 +8,7 @@ policy_module(distcc, 1.6.0)
type distccd_t;
type distccd_exec_t;
-init_daemon_domain(distccd_t,distccd_exec_t)
+init_daemon_domain(distccd_t, distccd_exec_t)
type distccd_log_t;
logging_log_file(distccd_log_t)
@@ -33,14 +33,14 @@ allow distccd_t self:tcp_socket create_stream_socket_perms;
allow distccd_t self:udp_socket create_socket_perms;
allow distccd_t distccd_log_t:file manage_file_perms;
-logging_log_filetrans(distccd_t,distccd_log_t,file)
+logging_log_filetrans(distccd_t, distccd_log_t, file)
-manage_dirs_pattern(distccd_t,distccd_tmp_t,distccd_tmp_t)
-manage_files_pattern(distccd_t,distccd_tmp_t,distccd_tmp_t)
+manage_dirs_pattern(distccd_t, distccd_tmp_t, distccd_tmp_t)
+manage_files_pattern(distccd_t, distccd_tmp_t, distccd_tmp_t)
files_tmp_filetrans(distccd_t, distccd_tmp_t, { file dir })
-manage_files_pattern(distccd_t,distccd_var_run_t,distccd_var_run_t)
-files_pid_filetrans(distccd_t,distccd_var_run_t,file)
+manage_files_pattern(distccd_t, distccd_var_run_t, distccd_var_run_t)
+files_pid_filetrans(distccd_t, distccd_var_run_t, file)
kernel_read_system_state(distccd_t)
kernel_read_kernel_sysctls(distccd_t)
diff --git a/policy/modules/services/djbdns.if b/policy/modules/services/djbdns.if
index 7dd7b83..ca7d45f 100644
--- a/policy/modules/services/djbdns.if
+++ b/policy/modules/services/djbdns.if
@@ -19,7 +19,7 @@ template(`djbdns_daemontools_domain_template',`
files_config_file(djbdns_$1_conf_t)
domain_type(djbdns_$1_t)
- domain_entry_file(djbdns_$1_t,djbdns_$1_exec_t)
+ domain_entry_file(djbdns_$1_t, djbdns_$1_exec_t)
role system_r types djbdns_$1_t;
daemontools_service_domain(djbdns_$1_t, djbdns_$1_exec_t)
diff --git a/policy/modules/services/djbdns.te b/policy/modules/services/djbdns.te
index 51c3f8d..4fce93a 100644
--- a/policy/modules/services/djbdns.te
+++ b/policy/modules/services/djbdns.te
@@ -1,5 +1,5 @@
-policy_module(djbdns,1.2.0)
+policy_module(djbdns, 1.2.0)
########################################
#
@@ -10,7 +10,7 @@ type djbdns_axfrdns_t;
type djbdns_axfrdns_exec_t;
type djbdns_axfrdns_conf_t;
domain_type(djbdns_axfrdns_t)
-domain_entry_file(djbdns_axfrdns_t,djbdns_axfrdns_exec_t)
+domain_entry_file(djbdns_axfrdns_t, djbdns_axfrdns_exec_t)
role system_r types djbdns_axfrdns_t;
files_config_file(djbdns_axfrdns_conf_t)
diff --git a/policy/modules/services/dnsmasq.te b/policy/modules/services/dnsmasq.te
index 75eeb76..ed88fff 100644
--- a/policy/modules/services/dnsmasq.te
+++ b/policy/modules/services/dnsmasq.te
@@ -8,7 +8,7 @@ policy_module(dnsmasq, 1.6.0)
type dnsmasq_t;
type dnsmasq_exec_t;
-init_daemon_domain(dnsmasq_t,dnsmasq_exec_t)
+init_daemon_domain(dnsmasq_t, dnsmasq_exec_t)
type dnsmasq_lease_t;
files_type(dnsmasq_lease_t)
@@ -35,8 +35,8 @@ allow dnsmasq_t self:rawip_socket create_socket_perms;
allow dnsmasq_t dnsmasq_lease_t:file manage_file_perms;
files_var_lib_filetrans(dnsmasq_t,dnsmasq_lease_t,file)
-manage_files_pattern(dnsmasq_t,dnsmasq_var_run_t,dnsmasq_var_run_t)
-files_pid_filetrans(dnsmasq_t,dnsmasq_var_run_t,file)
+manage_files_pattern(dnsmasq_t, dnsmasq_var_run_t, dnsmasq_var_run_t)
+files_pid_filetrans(dnsmasq_t, dnsmasq_var_run_t, file)
kernel_read_kernel_sysctls(dnsmasq_t)
kernel_list_proc(dnsmasq_t)
diff --git a/policy/modules/services/dovecot.if b/policy/modules/services/dovecot.if
index 25c188f..4341ce1 100644
--- a/policy/modules/services/dovecot.if
+++ b/policy/modules/services/dovecot.if
@@ -15,8 +15,8 @@ interface(`dovecot_manage_spool',`
type dovecot_spool_t;
')
- manage_files_pattern($1,dovecot_spool_t,dovecot_spool_t)
- manage_lnk_files_pattern($1,dovecot_spool_t,dovecot_spool_t)
+ manage_files_pattern($1, dovecot_spool_t, dovecot_spool_t)
+ manage_lnk_files_pattern($1, dovecot_spool_t, dovecot_spool_t)
')
########################################
diff --git a/policy/modules/services/dovecot.te b/policy/modules/services/dovecot.te
index 4253051..3d4b1ff 100644
--- a/policy/modules/services/dovecot.te
+++ b/policy/modules/services/dovecot.te
@@ -7,12 +7,12 @@ policy_module(dovecot, 1.9.0)
#
type dovecot_t;
type dovecot_exec_t;
-init_daemon_domain(dovecot_t,dovecot_exec_t)
+init_daemon_domain(dovecot_t, dovecot_exec_t)
type dovecot_auth_t;
type dovecot_auth_exec_t;
domain_type(dovecot_auth_t)
-domain_entry_file(dovecot_auth_t,dovecot_auth_exec_t)
+domain_entry_file(dovecot_auth_t, dovecot_auth_exec_t)
role system_r types dovecot_auth_t;
type dovecot_cert_t;
@@ -50,21 +50,21 @@ allow dovecot_t self:unix_stream_socket { create_stream_socket_perms connectto }
domtrans_pattern(dovecot_t, dovecot_auth_exec_t, dovecot_auth_t)
allow dovecot_t dovecot_cert_t:dir list_dir_perms;
-read_files_pattern(dovecot_t,dovecot_cert_t,dovecot_cert_t)
-read_lnk_files_pattern(dovecot_t,dovecot_cert_t,dovecot_cert_t)
+read_files_pattern(dovecot_t, dovecot_cert_t, dovecot_cert_t)
+read_lnk_files_pattern(dovecot_t, dovecot_cert_t, dovecot_cert_t)
allow dovecot_t dovecot_etc_t:file read_file_perms;
files_search_etc(dovecot_t)
can_exec(dovecot_t, dovecot_exec_t)
-manage_dirs_pattern(dovecot_t,dovecot_spool_t,dovecot_spool_t)
-manage_files_pattern(dovecot_t,dovecot_spool_t,dovecot_spool_t)
-manage_lnk_files_pattern(dovecot_t,dovecot_spool_t,dovecot_spool_t)
+manage_dirs_pattern(dovecot_t, dovecot_spool_t, dovecot_spool_t)
+manage_files_pattern(dovecot_t, dovecot_spool_t, dovecot_spool_t)
+manage_lnk_files_pattern(dovecot_t, dovecot_spool_t, dovecot_spool_t)
-manage_files_pattern(dovecot_t,dovecot_var_run_t,dovecot_var_run_t)
-manage_sock_files_pattern(dovecot_t,dovecot_var_run_t,dovecot_var_run_t)
-files_pid_filetrans(dovecot_t,dovecot_var_run_t,file)
+manage_files_pattern(dovecot_t, dovecot_var_run_t, dovecot_var_run_t)
+manage_sock_files_pattern(dovecot_t, dovecot_var_run_t, dovecot_var_run_t)
+files_pid_filetrans(dovecot_t, dovecot_var_run_t, file)
kernel_read_kernel_sysctls(dovecot_t)
kernel_read_system_state(dovecot_t)
@@ -151,7 +151,7 @@ allow dovecot_auth_t dovecot_t:unix_stream_socket { getattr accept read write io
allow dovecot_auth_t dovecot_passwd_t:file { getattr read };
# Allow dovecot to create and read SSL parameters file
-manage_files_pattern(dovecot_t,dovecot_var_lib_t,dovecot_var_lib_t)
+manage_files_pattern(dovecot_t, dovecot_var_lib_t, dovecot_var_lib_t)
files_search_var_lib(dovecot_t)
allow dovecot_auth_t dovecot_var_run_t:dir list_dir_perms;
diff --git a/policy/modules/services/exim.te b/policy/modules/services/exim.te
index bd2b1e2..e74ccd5 100644
--- a/policy/modules/services/exim.te
+++ b/policy/modules/services/exim.te
@@ -11,7 +11,7 @@ policy_module(exim, 1.2.0)
## Allow exim to read unprivileged user files.
##
##
-gen_tunable(exim_read_user_files,false)
+gen_tunable(exim_read_user_files, false)
##
##
@@ -19,7 +19,7 @@ gen_tunable(exim_read_user_files,false)
## unprivileged user files.
##
##
-gen_tunable(exim_manage_user_files,false)
+gen_tunable(exim_manage_user_files, false)
type exim_t;
type exim_exec_t;
@@ -55,7 +55,7 @@ logging_log_filetrans(exim_t, exim_log_t, { file dir })
manage_dirs_pattern(exim_t, exim_spool_t, exim_spool_t)
manage_files_pattern(exim_t, exim_spool_t, exim_spool_t)
manage_sock_files_pattern(exim_t, exim_spool_t, exim_spool_t)
-files_spool_filetrans(exim_t,exim_spool_t, { file dir sock_file })
+files_spool_filetrans(exim_t, exim_spool_t, { file dir sock_file })
manage_dirs_pattern(exim_t, exim_tmp_t, exim_tmp_t)
manage_files_pattern(exim_t, exim_tmp_t, exim_tmp_t)
diff --git a/policy/modules/services/fail2ban.if b/policy/modules/services/fail2ban.if
index 01dab0d..d78cb8f 100644
--- a/policy/modules/services/fail2ban.if
+++ b/policy/modules/services/fail2ban.if
@@ -15,7 +15,7 @@ interface(`fail2ban_domtrans',`
type fail2ban_t, fail2ban_exec_t;
')
- domtrans_pattern($1,fail2ban_exec_t,fail2ban_t)
+ domtrans_pattern($1, fail2ban_exec_t, fail2ban_t)
')
########################################
diff --git a/policy/modules/services/fail2ban.te b/policy/modules/services/fail2ban.te
index 32a8a4e..2f3e8c4 100644
--- a/policy/modules/services/fail2ban.te
+++ b/policy/modules/services/fail2ban.te
@@ -1,5 +1,5 @@
-policy_module(fail2ban,1.1.0)
+policy_module(fail2ban, 1.1.0)
########################################
#
@@ -29,12 +29,12 @@ allow fail2ban_t self:unix_stream_socket create_stream_socket_perms;
# log files
allow fail2ban_t fail2ban_log_t:dir setattr;
-manage_files_pattern(fail2ban_t,fail2ban_log_t,fail2ban_log_t)
-logging_log_filetrans(fail2ban_t,fail2ban_log_t,file)
+manage_files_pattern(fail2ban_t, fail2ban_log_t, fail2ban_log_t)
+logging_log_filetrans(fail2ban_t, fail2ban_log_t, file)
# pid file
-manage_files_pattern(fail2ban_t,fail2ban_var_run_t,fail2ban_var_run_t)
-files_pid_filetrans(fail2ban_t,fail2ban_var_run_t, file)
+manage_files_pattern(fail2ban_t, fail2ban_var_run_t, fail2ban_var_run_t)
+files_pid_filetrans(fail2ban_t, fail2ban_var_run_t, file)
kernel_read_system_state(fail2ban_t)
diff --git a/policy/modules/services/fetchmail.if b/policy/modules/services/fetchmail.if
index ac888be..bee8324 100644
--- a/policy/modules/services/fetchmail.if
+++ b/policy/modules/services/fetchmail.if
@@ -14,8 +14,8 @@
#
interface(`fetchmail_admin',`
gen_require(`
- type fetchmail_t, fetchmail_etc_t;
- type fetchmail_uidl_cache_t, fetchmail_var_run_t;
+ type fetchmail_t, fetchmail_etc_t, fetchmail_uidl_cache_t;
+ type fetchmail_var_run_t;
')
ps_process_pattern($1, fetchmail_t)
diff --git a/policy/modules/services/fetchmail.te b/policy/modules/services/fetchmail.te
index 1856a3c..b534aca 100644
--- a/policy/modules/services/fetchmail.te
+++ b/policy/modules/services/fetchmail.te
@@ -8,7 +8,7 @@ policy_module(fetchmail, 1.6.0)
type fetchmail_t;
type fetchmail_exec_t;
-init_daemon_domain(fetchmail_t,fetchmail_exec_t)
+init_daemon_domain(fetchmail_t, fetchmail_exec_t)
type fetchmail_var_run_t;
files_pid_file(fetchmail_var_run_t)
@@ -35,10 +35,10 @@ allow fetchmail_t self:udp_socket create_socket_perms;
allow fetchmail_t fetchmail_etc_t:file read_file_perms;
allow fetchmail_t fetchmail_uidl_cache_t:file manage_file_perms;
-mta_spool_filetrans(fetchmail_t,fetchmail_uidl_cache_t,file)
+mta_spool_filetrans(fetchmail_t, fetchmail_uidl_cache_t, file)
-manage_files_pattern(fetchmail_t,fetchmail_var_run_t,fetchmail_var_run_t)
-files_pid_filetrans(fetchmail_t,fetchmail_var_run_t,file)
+manage_files_pattern(fetchmail_t, fetchmail_var_run_t, fetchmail_var_run_t)
+files_pid_filetrans(fetchmail_t, fetchmail_var_run_t, file)
kernel_read_kernel_sysctls(fetchmail_t)
kernel_list_proc(fetchmail_t)
diff --git a/policy/modules/services/finger.if b/policy/modules/services/finger.if
index 7bdd5cc..c8d9798 100644
--- a/policy/modules/services/finger.if
+++ b/policy/modules/services/finger.if
@@ -15,7 +15,7 @@ interface(`finger_domtrans',`
type fingerd_t, fingerd_exec_t;
')
- domtrans_pattern($1,fingerd_exec_t,fingerd_t)
+ domtrans_pattern($1, fingerd_exec_t, fingerd_t)
')
########################################
diff --git a/policy/modules/services/ftp.if b/policy/modules/services/ftp.if
index 6f73e15..5383ed1 100644
--- a/policy/modules/services/ftp.if
+++ b/policy/modules/services/ftp.if
@@ -28,11 +28,11 @@ template(`ftp_per_role_template',`
type ftpd_t;
')
- userdom_manage_user_home_content_files($1,ftpd_t)
- userdom_manage_user_home_content_symlinks($1,ftpd_t)
- userdom_manage_user_home_content_sockets($1,ftpd_t)
- userdom_manage_user_home_content_pipes($1,ftpd_t)
- userdom_user_home_dir_filetrans_user_home_content($1,ftpd_t,{ dir file lnk_file sock_file fifo_file })
+ userdom_manage_user_home_content_files($1, ftpd_t)
+ userdom_manage_user_home_content_symlinks($1, ftpd_t)
+ userdom_manage_user_home_content_sockets($1, ftpd_t)
+ userdom_manage_user_home_content_pipes($1, ftpd_t)
+ userdom_user_home_dir_filetrans_user_home_content($1, ftpd_t, { dir file lnk_file sock_file fifo_file })
')
########################################
diff --git a/policy/modules/services/ftp.te b/policy/modules/services/ftp.te
index 2e329fc..7d08ac3 100644
--- a/policy/modules/services/ftp.te
+++ b/policy/modules/services/ftp.te
@@ -13,7 +13,7 @@ policy_module(ftp, 1.8.0)
## public_content_rw_t.
##
##
-gen_tunable(allow_ftpd_anon_write,false)
+gen_tunable(allow_ftpd_anon_write, false)
##
##
@@ -21,7 +21,7 @@ gen_tunable(allow_ftpd_anon_write,false)
## read/write all files on the system, governed by DAC.
##
##
-gen_tunable(allow_ftpd_full_access,false)
+gen_tunable(allow_ftpd_full_access, false)
##
##
@@ -29,7 +29,7 @@ gen_tunable(allow_ftpd_full_access,false)
## used for public file transfer services.
##
##
-gen_tunable(allow_ftpd_use_cifs,false)
+gen_tunable(allow_ftpd_use_cifs, false)
##
##
@@ -37,18 +37,18 @@ gen_tunable(allow_ftpd_use_cifs,false)
## used for public file transfer services.
##
##
-gen_tunable(allow_ftpd_use_nfs,false)
+gen_tunable(allow_ftpd_use_nfs, false)
##
##
## Allow ftp to read and write files in the user home directories
##
##
-gen_tunable(ftp_home_dir,false)
+gen_tunable(ftp_home_dir, false)
type ftpd_t;
type ftpd_exec_t;
-init_daemon_domain(ftpd_t,ftpd_exec_t)
+init_daemon_domain(ftpd_t, ftpd_exec_t)
type ftpd_etc_t;
files_config_file(ftpd_etc_t)
@@ -67,7 +67,7 @@ files_pid_file(ftpd_var_run_t)
type ftpdctl_t;
type ftpdctl_exec_t;
-init_system_domain(ftpdctl_t,ftpdctl_exec_t)
+init_system_domain(ftpdctl_t, ftpdctl_exec_t)
type ftpdctl_tmp_t;
files_tmp_file(ftpdctl_tmp_t)
@@ -93,22 +93,22 @@ allow ftpd_t self:udp_socket create_socket_perms;
allow ftpd_t ftpd_etc_t:file read_file_perms;
allow ftpd_t ftpd_lock_t:file manage_file_perms;
-files_lock_filetrans(ftpd_t,ftpd_lock_t,file)
+files_lock_filetrans(ftpd_t, ftpd_lock_t, file)
-manage_dirs_pattern(ftpd_t,ftpd_tmp_t,ftpd_tmp_t)
-manage_files_pattern(ftpd_t,ftpd_tmp_t,ftpd_tmp_t)
+manage_dirs_pattern(ftpd_t, ftpd_tmp_t, ftpd_tmp_t)
+manage_files_pattern(ftpd_t, ftpd_tmp_t, ftpd_tmp_t)
files_tmp_filetrans(ftpd_t, ftpd_tmp_t, { file dir })
-manage_dirs_pattern(ftpd_t,ftpd_tmpfs_t,ftpd_tmpfs_t)
-manage_files_pattern(ftpd_t,ftpd_tmpfs_t,ftpd_tmpfs_t)
-manage_lnk_files_pattern(ftpd_t,ftpd_tmpfs_t,ftpd_tmpfs_t)
-manage_fifo_files_pattern(ftpd_t,ftpd_tmpfs_t,ftpd_tmpfs_t)
-manage_sock_files_pattern(ftpd_t,ftpd_tmpfs_t,ftpd_tmpfs_t)
-fs_tmpfs_filetrans(ftpd_t,ftpd_tmpfs_t,{ dir file lnk_file sock_file fifo_file })
+manage_dirs_pattern(ftpd_t, ftpd_tmpfs_t, ftpd_tmpfs_t)
+manage_files_pattern(ftpd_t, ftpd_tmpfs_t, ftpd_tmpfs_t)
+manage_lnk_files_pattern(ftpd_t, ftpd_tmpfs_t, ftpd_tmpfs_t)
+manage_fifo_files_pattern(ftpd_t, ftpd_tmpfs_t, ftpd_tmpfs_t)
+manage_sock_files_pattern(ftpd_t, ftpd_tmpfs_t, ftpd_tmpfs_t)
+fs_tmpfs_filetrans(ftpd_t, ftpd_tmpfs_t, { dir file lnk_file sock_file fifo_file })
-manage_files_pattern(ftpd_t,ftpd_var_run_t,ftpd_var_run_t)
-manage_sock_files_pattern(ftpd_t,ftpd_var_run_t,ftpd_var_run_t)
-files_pid_filetrans(ftpd_t,ftpd_var_run_t,file)
+manage_files_pattern(ftpd_t, ftpd_var_run_t, ftpd_var_run_t)
+manage_sock_files_pattern(ftpd_t, ftpd_var_run_t, ftpd_var_run_t)
+files_pid_filetrans(ftpd_t, ftpd_var_run_t, file)
# proftpd requires the client side to bind a socket so that
# it can stat the socket to perform access control decisions,
@@ -119,7 +119,7 @@ allow ftpd_t ftpdctl_tmp_t:sock_file { getattr unlink };
# Create and modify /var/log/xferlog.
allow ftpd_t xferlog_t:dir search_dir_perms;
allow ftpd_t xferlog_t:file manage_file_perms;
-logging_log_filetrans(ftpd_t,xferlog_t,file)
+logging_log_filetrans(ftpd_t, xferlog_t, file)
kernel_read_kernel_sysctls(ftpd_t)
kernel_read_system_state(ftpd_t)
@@ -258,7 +258,7 @@ optional_policy(`
')
optional_policy(`
- inetd_tcp_service_domain(ftpd_t,ftpd_exec_t)
+ inetd_tcp_service_domain(ftpd_t, ftpd_exec_t)
optional_policy(`
tcpd_domtrans(tcpd_t)
@@ -279,7 +279,7 @@ optional_policy(`
#
# Allow ftpdctl to talk to ftpd over a socket connection
-stream_connect_pattern(ftpdctl_t,ftpd_var_run_t,ftpd_var_run_t,ftpd_t)
+stream_connect_pattern(ftpdctl_t, ftpd_var_run_t, ftpd_var_run_t, ftpd_t)
# ftpdctl creates a socket so that the daemon can perform
# access control decisions (see comments in ftpd_t rules above)
diff --git a/policy/modules/services/gatekeeper.te b/policy/modules/services/gatekeeper.te
index 16bc5b6..9de0edc 100644
--- a/policy/modules/services/gatekeeper.te
+++ b/policy/modules/services/gatekeeper.te
@@ -8,7 +8,7 @@ policy_module(gatekeeper, 1.5.0)
type gatekeeper_t;
type gatekeeper_exec_t;
-init_daemon_domain(gatekeeper_t,gatekeeper_exec_t)
+init_daemon_domain(gatekeeper_t, gatekeeper_exec_t)
type gatekeeper_etc_t;
files_config_file(gatekeeper_etc_t)
@@ -38,15 +38,15 @@ allow gatekeeper_t gatekeeper_etc_t:lnk_file { getattr read };
allow gatekeeper_t gatekeeper_etc_t:file { getattr read };
files_search_etc(gatekeeper_t)
-manage_files_pattern(gatekeeper_t,gatekeeper_log_t,gatekeeper_log_t)
-logging_log_filetrans(gatekeeper_t,gatekeeper_log_t,{ file dir })
+manage_files_pattern(gatekeeper_t, gatekeeper_log_t, gatekeeper_log_t)
+logging_log_filetrans(gatekeeper_t, gatekeeper_log_t, { file dir })
-manage_dirs_pattern(gatekeeper_t,gatekeeper_tmp_t,gatekeeper_tmp_t)
-manage_files_pattern(gatekeeper_t,gatekeeper_tmp_t,gatekeeper_tmp_t)
+manage_dirs_pattern(gatekeeper_t, gatekeeper_tmp_t, gatekeeper_tmp_t)
+manage_files_pattern(gatekeeper_t, gatekeeper_tmp_t, gatekeeper_tmp_t)
files_tmp_filetrans(gatekeeper_t, gatekeeper_tmp_t, { file dir })
-manage_files_pattern(gatekeeper_t,gatekeeper_var_run_t,gatekeeper_var_run_t)
-files_pid_filetrans(gatekeeper_t,gatekeeper_var_run_t,file)
+manage_files_pattern(gatekeeper_t, gatekeeper_var_run_t, gatekeeper_var_run_t)
+files_pid_filetrans(gatekeeper_t, gatekeeper_var_run_t, file)
kernel_read_system_state(gatekeeper_t)
kernel_read_kernel_sysctls(gatekeeper_t)
diff --git a/policy/modules/services/gpm.te b/policy/modules/services/gpm.te
index f830f51..c666074 100644
--- a/policy/modules/services/gpm.te
+++ b/policy/modules/services/gpm.te
@@ -8,7 +8,7 @@ policy_module(gpm, 1.5.0)
type gpm_t;
type gpm_exec_t;
-init_daemon_domain(gpm_t,gpm_exec_t)
+init_daemon_domain(gpm_t, gpm_exec_t)
type gpm_conf_t;
files_type(gpm_conf_t)
@@ -31,11 +31,11 @@ allow gpm_t self:capability { setuid dac_override sys_admin sys_tty_config };
allow gpm_t self:unix_stream_socket create_stream_socket_perms;
allow gpm_t gpm_conf_t:dir list_dir_perms;
-read_files_pattern(gpm_t,gpm_conf_t,gpm_conf_t)
-read_lnk_files_pattern(gpm_t,gpm_conf_t,gpm_conf_t)
+read_files_pattern(gpm_t, gpm_conf_t, gpm_conf_t)
+read_lnk_files_pattern(gpm_t, gpm_conf_t, gpm_conf_t)
-manage_dirs_pattern(gpm_t,gpm_tmp_t,gpm_tmp_t)
-manage_files_pattern(gpm_t,gpm_tmp_t,gpm_tmp_t)
+manage_dirs_pattern(gpm_t, gpm_tmp_t, gpm_tmp_t)
+manage_files_pattern(gpm_t, gpm_tmp_t, gpm_tmp_t)
files_tmp_filetrans(gpm_t, gpm_tmp_t, { file dir })
allow gpm_t gpm_var_run_t:file manage_file_perms;
@@ -43,7 +43,7 @@ files_pid_filetrans(gpm_t,gpm_var_run_t,file)
allow gpm_t gpmctl_t:sock_file manage_sock_file_perms;
allow gpm_t gpmctl_t:fifo_file manage_fifo_file_perms;
-dev_filetrans(gpm_t,gpmctl_t,{ sock_file fifo_file })
+dev_filetrans(gpm_t, gpmctl_t, { sock_file fifo_file })
kernel_read_kernel_sysctls(gpm_t)
kernel_list_proc(gpm_t)
diff --git a/policy/modules/services/hal.if b/policy/modules/services/hal.if
index ea79233..be8f7e2 100644
--- a/policy/modules/services/hal.if
+++ b/policy/modules/services/hal.if
@@ -15,7 +15,7 @@ interface(`hal_domtrans',`
type hald_t, hald_exec_t;
')
- domtrans_pattern($1,hald_exec_t,hald_t)
+ domtrans_pattern($1, hald_exec_t, hald_t)
')
########################################
diff --git a/policy/modules/services/hal.te b/policy/modules/services/hal.te
index afd91b9..3ad7b73 100644
--- a/policy/modules/services/hal.te
+++ b/policy/modules/services/hal.te
@@ -8,12 +8,12 @@ policy_module(hal, 1.10.0)
type hald_t;
type hald_exec_t;
-init_daemon_domain(hald_t,hald_exec_t)
+init_daemon_domain(hald_t, hald_exec_t)
type hald_acl_t;
type hald_acl_exec_t;
domain_type(hald_acl_t)
-domain_entry_file(hald_acl_t,hald_acl_exec_t)
+domain_entry_file(hald_acl_t, hald_acl_exec_t)
role system_r types hald_acl_t;
type hald_cache_t;
@@ -22,7 +22,7 @@ files_pid_file(hald_cache_t)
type hald_keymap_t;
type hald_keymap_exec_t;
domain_type(hald_keymap_t)
-domain_entry_file(hald_keymap_t,hald_keymap_exec_t)
+domain_entry_file(hald_keymap_t, hald_keymap_exec_t)
role system_r types hald_keymap_t;
type hald_log_t;
@@ -31,13 +31,13 @@ logging_log_file(hald_log_t)
type hald_mac_t;
type hald_mac_exec_t;
domain_type(hald_mac_t)
-domain_entry_file(hald_mac_t,hald_mac_exec_t)
+domain_entry_file(hald_mac_t, hald_mac_exec_t)
role system_r types hald_mac_t;
type hald_sonypic_t;
type hald_sonypic_exec_t;
domain_type(hald_sonypic_t)
-domain_entry_file(hald_sonypic_t,hald_sonypic_exec_t)
+domain_entry_file(hald_sonypic_t, hald_sonypic_exec_t)
role system_r types hald_sonypic_t;
type hald_tmp_t;
@@ -67,23 +67,23 @@ allow hald_t self:udp_socket create_socket_perms;
# For backwards compatibility with older kernels
allow hald_t self:netlink_socket create_socket_perms;
-manage_files_pattern(hald_t,hald_cache_t,hald_cache_t)
+manage_files_pattern(hald_t, hald_cache_t, hald_cache_t)
# log files for hald
manage_files_pattern(hald_t, hald_log_t, hald_log_t)
-logging_log_filetrans(hald_t,hald_log_t,file)
+logging_log_filetrans(hald_t, hald_log_t, file)
-manage_dirs_pattern(hald_t,hald_tmp_t,hald_tmp_t)
-manage_files_pattern(hald_t,hald_tmp_t,hald_tmp_t)
+manage_dirs_pattern(hald_t, hald_tmp_t, hald_tmp_t)
+manage_files_pattern(hald_t, hald_tmp_t, hald_tmp_t)
files_tmp_filetrans(hald_t, hald_tmp_t, { file dir })
# var/lib files for hald
-manage_dirs_pattern(hald_t,hald_var_lib_t,hald_var_lib_t)
-manage_files_pattern(hald_t,hald_var_lib_t,hald_var_lib_t)
-manage_sock_files_pattern(hald_t,hald_var_lib_t,hald_var_lib_t)
+manage_dirs_pattern(hald_t, hald_var_lib_t, hald_var_lib_t)
+manage_files_pattern(hald_t, hald_var_lib_t, hald_var_lib_t)
+manage_sock_files_pattern(hald_t, hald_var_lib_t, hald_var_lib_t)
manage_dirs_pattern(hald_t, hald_var_run_t, hald_var_run_t)
-manage_files_pattern(hald_t,hald_var_run_t,hald_var_run_t)
+manage_files_pattern(hald_t, hald_var_run_t, hald_var_run_t)
files_pid_filetrans(hald_t, hald_var_run_t, { dir file })
kernel_read_system_state(hald_t)
@@ -235,7 +235,7 @@ optional_policy(`
')
optional_policy(`
- dbus_system_bus_client_template(hald,hald_t)
+ dbus_system_bus_client_template(hald, hald_t)
dbus_connect_system_bus(hald_t)
init_dbus_chat_script(hald_t)
@@ -313,8 +313,8 @@ domtrans_pattern(hald_t, hald_acl_exec_t, hald_acl_t)
allow hald_t hald_acl_t:process signal;
allow hald_acl_t hald_t:unix_stream_socket connectto;
-manage_dirs_pattern(hald_acl_t,hald_var_lib_t,hald_var_lib_t)
-manage_files_pattern(hald_acl_t,hald_var_lib_t,hald_var_lib_t)
+manage_dirs_pattern(hald_acl_t, hald_var_lib_t, hald_var_lib_t)
+manage_files_pattern(hald_acl_t, hald_var_lib_t, hald_var_lib_t)
files_search_var_lib(hald_acl_t)
manage_dirs_pattern(hald_acl_t, hald_var_run_t, hald_var_run_t)
@@ -355,8 +355,8 @@ domtrans_pattern(hald_t, hald_mac_exec_t, hald_mac_t)
allow hald_t hald_mac_t:process signal;
allow hald_mac_t hald_t:unix_stream_socket connectto;
-manage_dirs_pattern(hald_mac_t,hald_var_lib_t,hald_var_lib_t)
-manage_files_pattern(hald_mac_t,hald_var_lib_t,hald_var_lib_t)
+manage_dirs_pattern(hald_mac_t, hald_var_lib_t, hald_var_lib_t)
+manage_files_pattern(hald_mac_t, hald_var_lib_t, hald_var_lib_t)
files_search_var_lib(hald_mac_t)
kernel_read_system_state(hald_mac_t)
@@ -384,8 +384,8 @@ allow hald_sonypic_t hald_t:unix_stream_socket connectto;
dev_read_video_dev(hald_sonypic_t)
dev_write_video_dev(hald_sonypic_t)
-manage_dirs_pattern(hald_sonypic_t,hald_var_lib_t,hald_var_lib_t)
-manage_files_pattern(hald_sonypic_t,hald_var_lib_t,hald_var_lib_t)
+manage_dirs_pattern(hald_sonypic_t, hald_var_lib_t, hald_var_lib_t)
+manage_files_pattern(hald_sonypic_t, hald_var_lib_t, hald_var_lib_t)
files_search_var_lib(hald_sonypic_t)
files_read_usr_files(hald_sonypic_t)
@@ -404,8 +404,8 @@ domtrans_pattern(hald_t, hald_keymap_exec_t, hald_keymap_t)
allow hald_t hald_keymap_t:process signal;
allow hald_keymap_t hald_t:unix_stream_socket connectto;
-manage_dirs_pattern(hald_keymap_t,hald_var_lib_t,hald_var_lib_t)
-manage_files_pattern(hald_keymap_t,hald_var_lib_t,hald_var_lib_t)
+manage_dirs_pattern(hald_keymap_t, hald_var_lib_t, hald_var_lib_t)
+manage_files_pattern(hald_keymap_t, hald_var_lib_t, hald_var_lib_t)
files_search_var_lib(hald_keymap_t)
dev_rw_input_dev(hald_keymap_t)
diff --git a/policy/modules/services/howl.te b/policy/modules/services/howl.te
index f96daa0..91ab1a8 100644
--- a/policy/modules/services/howl.te
+++ b/policy/modules/services/howl.te
@@ -8,7 +8,7 @@ policy_module(howl, 1.6.0)
type howl_t;
type howl_exec_t;
-init_daemon_domain(howl_t,howl_exec_t)
+init_daemon_domain(howl_t, howl_exec_t)
type howl_var_run_t;
files_pid_file(howl_var_run_t)
@@ -25,8 +25,8 @@ allow howl_t self:fifo_file rw_fifo_file_perms;
allow howl_t self:tcp_socket create_stream_socket_perms;
allow howl_t self:udp_socket create_socket_perms;
-manage_files_pattern(howl_t,howl_var_run_t,howl_var_run_t)
-files_pid_filetrans(howl_t,howl_var_run_t,file)
+manage_files_pattern(howl_t, howl_var_run_t, howl_var_run_t)
+files_pid_filetrans(howl_t, howl_var_run_t, file)
kernel_read_network_state(howl_t)
kernel_read_kernel_sysctls(howl_t)
diff --git a/policy/modules/services/i18n_input.te b/policy/modules/services/i18n_input.te
index 51a7034..eef4f21 100644
--- a/policy/modules/services/i18n_input.te
+++ b/policy/modules/services/i18n_input.te
@@ -8,7 +8,7 @@ policy_module(i18n_input, 1.6.0)
type i18n_input_t;
type i18n_input_exec_t;
-init_daemon_domain(i18n_input_t,i18n_input_exec_t)
+init_daemon_domain(i18n_input_t, i18n_input_exec_t)
type i18n_input_var_run_t;
files_pid_file(i18n_input_var_run_t)
@@ -27,10 +27,10 @@ allow i18n_input_t self:unix_stream_socket create_stream_socket_perms;
allow i18n_input_t self:tcp_socket create_stream_socket_perms;
allow i18n_input_t self:udp_socket create_socket_perms;
-manage_dirs_pattern(i18n_input_t,i18n_input_var_run_t,i18n_input_var_run_t)
-manage_files_pattern(i18n_input_t,i18n_input_var_run_t,i18n_input_var_run_t)
-manage_sock_files_pattern(i18n_input_t,i18n_input_var_run_t,i18n_input_var_run_t)
-files_pid_filetrans(i18n_input_t,i18n_input_var_run_t,file)
+manage_dirs_pattern(i18n_input_t, i18n_input_var_run_t, i18n_input_var_run_t)
+manage_files_pattern(i18n_input_t, i18n_input_var_run_t, i18n_input_var_run_t)
+manage_sock_files_pattern(i18n_input_t, i18n_input_var_run_t, i18n_input_var_run_t)
+files_pid_filetrans(i18n_input_t, i18n_input_var_run_t, file)
can_exec(i18n_input_t, i18n_input_exec_t)
diff --git a/policy/modules/services/imaze.te b/policy/modules/services/imaze.te
index 573190b..6ecb759 100644
--- a/policy/modules/services/imaze.te
+++ b/policy/modules/services/imaze.te
@@ -8,7 +8,7 @@ policy_module(imaze, 1.5.0)
type imazesrv_t;
type imazesrv_exec_t;
-init_daemon_domain(imazesrv_t,imazesrv_exec_t)
+init_daemon_domain(imazesrv_t, imazesrv_exec_t)
type imazesrv_data_t;
files_type(imazesrv_data_t)
@@ -41,15 +41,15 @@ allow imazesrv_t self:tcp_socket create_stream_socket_perms;
allow imazesrv_t self:udp_socket create_socket_perms;
allow imazesrv_t imazesrv_data_t:dir list_dir_perms;
-read_files_pattern(imazesrv_t,imazesrv_data_t,imazesrv_data_t)
-read_lnk_files_pattern(imazesrv_t,imazesrv_data_t,imazesrv_data_t)
+read_files_pattern(imazesrv_t, imazesrv_data_t, imazesrv_data_t)
+read_lnk_files_pattern(imazesrv_t, imazesrv_data_t, imazesrv_data_t)
allow imazesrv_t imazesrv_log_t:file manage_file_perms;
allow imazesrv_t imazesrv_log_t:dir add_entry_dir_perms;
-logging_log_filetrans(imazesrv_t,imazesrv_log_t,file)
+logging_log_filetrans(imazesrv_t, imazesrv_log_t, file)
-manage_files_pattern(imazesrv_t,imazesrv_var_run_t,imazesrv_var_run_t)
-files_pid_filetrans(imazesrv_t,imazesrv_var_run_t,file)
+manage_files_pattern(imazesrv_t, imazesrv_var_run_t, imazesrv_var_run_t)
+files_pid_filetrans(imazesrv_t, imazesrv_var_run_t, file)
kernel_read_kernel_sysctls(imazesrv_t)
kernel_list_proc(imazesrv_t)
diff --git a/policy/modules/services/inetd.if b/policy/modules/services/inetd.if
index 1353392..7719a5a 100644
--- a/policy/modules/services/inetd.if
+++ b/policy/modules/services/inetd.if
@@ -31,11 +31,11 @@ interface(`inetd_core_service_domain',`
')
domain_type($1)
- domain_entry_file($1,$2)
+ domain_entry_file($1, $2)
role system_r types $1;
- domtrans_pattern(inetd_t,$2,$1)
+ domtrans_pattern(inetd_t, $2, $1)
allow inetd_t $1:process sigkill;
')
@@ -61,7 +61,7 @@ interface(`inetd_tcp_service_domain',`
type inetd_t;
')
- inetd_core_service_domain($1,$2)
+ inetd_core_service_domain($1, $2)
allow $1 inetd_t:tcp_socket rw_stream_socket_perms;
')
@@ -86,7 +86,7 @@ interface(`inetd_udp_service_domain',`
type inetd_t;
')
- inetd_core_service_domain($1,$2)
+ inetd_core_service_domain($1, $2)
allow $1 inetd_t:udp_socket rw_socket_perms;
')
@@ -111,7 +111,7 @@ interface(`inetd_service_domain',`
type inetd_t;
')
- inetd_core_service_domain($1,$2)
+ inetd_core_service_domain($1, $2)
allow $1 inetd_t:tcp_socket rw_stream_socket_perms;
allow $1 inetd_t:udp_socket rw_socket_perms;
@@ -165,7 +165,7 @@ interface(`inetd_domtrans_child',`
')
corecmd_search_bin($1)
- domtrans_pattern($1,inetd_child_exec_t,inetd_child_t)
+ domtrans_pattern($1, inetd_child_exec_t, inetd_child_t)
')
########################################
diff --git a/policy/modules/services/inetd.te b/policy/modules/services/inetd.te
index 3c81597..32d8d07 100644
--- a/policy/modules/services/inetd.te
+++ b/policy/modules/services/inetd.te
@@ -8,7 +8,7 @@ policy_module(inetd, 1.7.0)
type inetd_t;
type inetd_exec_t;
-init_daemon_domain(inetd_t,inetd_exec_t)
+init_daemon_domain(inetd_t, inetd_exec_t)
type inetd_log_t;
logging_log_file(inetd_log_t)
@@ -21,7 +21,7 @@ files_pid_file(inetd_var_run_t)
type inetd_child_t;
type inetd_child_exec_t;
-inetd_service_domain(inetd_child_t,inetd_child_exec_t)
+inetd_service_domain(inetd_child_t, inetd_child_exec_t)
role system_r types inetd_child_t;
type inetd_child_tmp_t;
@@ -44,14 +44,14 @@ allow inetd_t self:udp_socket create_socket_perms;
allow inetd_t self:fd use;
allow inetd_t inetd_log_t:file manage_file_perms;
-logging_log_filetrans(inetd_t,inetd_log_t,file)
+logging_log_filetrans(inetd_t, inetd_log_t, file)
-manage_dirs_pattern(inetd_t,inetd_tmp_t,inetd_tmp_t)
-manage_files_pattern(inetd_t,inetd_tmp_t,inetd_tmp_t)
+manage_dirs_pattern(inetd_t, inetd_tmp_t, inetd_tmp_t)
+manage_files_pattern(inetd_t, inetd_tmp_t, inetd_tmp_t)
files_tmp_filetrans(inetd_t, inetd_tmp_t, { file dir })
allow inetd_t inetd_var_run_t:file manage_file_perms;
-files_pid_filetrans(inetd_t,inetd_var_run_t,file)
+files_pid_filetrans(inetd_t, inetd_var_run_t, file)
kernel_read_kernel_sysctls(inetd_t)
kernel_list_proc(inetd_t)
@@ -183,12 +183,12 @@ allow inetd_child_t self:netlink_tcpdiag_socket r_netlink_socket_perms;
allow inetd_child_t self:capability { setuid setgid };
files_search_home(inetd_child_t)
-manage_dirs_pattern(inetd_child_t,inetd_child_tmp_t,inetd_child_tmp_t)
-manage_files_pattern(inetd_child_t,inetd_child_tmp_t,inetd_child_tmp_t)
+manage_dirs_pattern(inetd_child_t, inetd_child_tmp_t, inetd_child_tmp_t)
+manage_files_pattern(inetd_child_t, inetd_child_tmp_t, inetd_child_tmp_t)
files_tmp_filetrans(inetd_child_t, inetd_child_tmp_t, { file dir })
-manage_files_pattern(inetd_child_t,inetd_child_var_run_t,inetd_child_var_run_t)
-files_pid_filetrans(inetd_child_t,inetd_child_var_run_t,file)
+manage_files_pattern(inetd_child_t, inetd_child_var_run_t, inetd_child_var_run_t)
+files_pid_filetrans(inetd_child_t, inetd_child_var_run_t, file)
kernel_read_kernel_sysctls(inetd_child_t)
kernel_read_system_state(inetd_child_t)
diff --git a/policy/modules/services/inn.if b/policy/modules/services/inn.if
index a2c89d6..55ff9e4 100644
--- a/policy/modules/services/inn.if
+++ b/policy/modules/services/inn.if
@@ -16,7 +16,7 @@ interface(`inn_exec',`
type innd_t;
')
- can_exec($1,innd_exec_t)
+ can_exec($1, innd_exec_t)
')
########################################
@@ -35,7 +35,7 @@ interface(`inn_exec_config',`
type innd_etc_t;
')
- can_exec($1,innd_etc_t)
+ can_exec($1, innd_etc_t)
')
########################################
@@ -74,8 +74,8 @@ interface(`inn_manage_pid',`
')
files_search_pids($1)
- manage_files_pattern($1,innd_var_run_t,innd_var_run_t)
- manage_lnk_files_pattern($1,innd_var_run_t,innd_var_run_t)
+ manage_files_pattern($1, innd_var_run_t, innd_var_run_t)
+ manage_lnk_files_pattern($1, innd_var_run_t, innd_var_run_t)
')
########################################
@@ -174,5 +174,5 @@ interface(`inn_domtrans',`
')
corecmd_search_bin($1)
- domtrans_pattern($1,innd_exec_t,innd_t)
+ domtrans_pattern($1, innd_exec_t, innd_t)
')
diff --git a/policy/modules/services/inn.te b/policy/modules/services/inn.te
index 13a76a3..8cdce84 100644
--- a/policy/modules/services/inn.te
+++ b/policy/modules/services/inn.te
@@ -7,7 +7,7 @@ policy_module(inn, 1.6.0)
#
type innd_t;
type innd_exec_t;
-init_daemon_domain(innd_t,innd_exec_t)
+init_daemon_domain(innd_t, innd_exec_t)
type innd_etc_t;
files_config_file(innd_etc_t)
@@ -38,27 +38,27 @@ allow innd_t self:tcp_socket create_stream_socket_perms;
allow innd_t self:udp_socket create_socket_perms;
allow innd_t self:netlink_route_socket r_netlink_socket_perms;
-read_files_pattern(innd_t,innd_etc_t,innd_etc_t)
-read_lnk_files_pattern(innd_t,innd_etc_t,innd_etc_t)
+read_files_pattern(innd_t, innd_etc_t, innd_etc_t)
+read_lnk_files_pattern(innd_t, innd_etc_t, innd_etc_t)
can_exec(innd_t, innd_exec_t)
-manage_files_pattern(innd_t,innd_log_t,innd_log_t)
+manage_files_pattern(innd_t, innd_log_t, innd_log_t)
allow innd_t innd_log_t:dir setattr;
-logging_log_filetrans(innd_t,innd_log_t,file)
+logging_log_filetrans(innd_t, innd_log_t, file)
-manage_dirs_pattern(innd_t,innd_var_lib_t,innd_var_lib_t)
-manage_files_pattern(innd_t,innd_var_lib_t,innd_var_lib_t)
-files_var_lib_filetrans(innd_t,innd_var_lib_t,file)
+manage_dirs_pattern(innd_t, innd_var_lib_t, innd_var_lib_t)
+manage_files_pattern(innd_t, innd_var_lib_t, innd_var_lib_t)
+files_var_lib_filetrans(innd_t, innd_var_lib_t, file)
-manage_dirs_pattern(innd_t,innd_var_run_t,innd_var_run_t)
-manage_files_pattern(innd_t,innd_var_run_t,innd_var_run_t)
-manage_sock_files_pattern(innd_t,innd_var_run_t,innd_var_run_t)
-files_pid_filetrans(innd_t,innd_var_run_t,file)
+manage_dirs_pattern(innd_t, innd_var_run_t, innd_var_run_t)
+manage_files_pattern(innd_t, innd_var_run_t, innd_var_run_t)
+manage_sock_files_pattern(innd_t, innd_var_run_t, innd_var_run_t)
+files_pid_filetrans(innd_t, innd_var_run_t, file)
-manage_dirs_pattern(innd_t,news_spool_t,news_spool_t)
-manage_files_pattern(innd_t,news_spool_t,news_spool_t)
-manage_lnk_files_pattern(innd_t,news_spool_t,news_spool_t)
+manage_dirs_pattern(innd_t, news_spool_t, news_spool_t)
+manage_files_pattern(innd_t, news_spool_t, news_spool_t)
+manage_lnk_files_pattern(innd_t, news_spool_t, news_spool_t)
kernel_read_kernel_sysctls(innd_t)
kernel_read_system_state(innd_t)
diff --git a/policy/modules/services/ircd.te b/policy/modules/services/ircd.te
index 776619e..9cc6fef 100644
--- a/policy/modules/services/ircd.te
+++ b/policy/modules/services/ircd.te
@@ -8,7 +8,7 @@ policy_module(ircd, 1.5.0)
type ircd_t;
type ircd_exec_t;
-init_daemon_domain(ircd_t,ircd_exec_t)
+init_daemon_domain(ircd_t, ircd_exec_t)
type ircd_etc_t;
files_config_file(ircd_etc_t)
@@ -32,18 +32,18 @@ allow ircd_t self:process signal_perms;
allow ircd_t self:tcp_socket create_stream_socket_perms;
allow ircd_t self:udp_socket create_socket_perms;
-read_files_pattern(ircd_t,ircd_etc_t,ircd_etc_t)
-read_lnk_files_pattern(ircd_t,ircd_etc_t,ircd_etc_t)
+read_files_pattern(ircd_t, ircd_etc_t, ircd_etc_t)
+read_lnk_files_pattern(ircd_t, ircd_etc_t, ircd_etc_t)
files_search_etc(ircd_t)
-manage_files_pattern(ircd_t,ircd_log_t,ircd_log_t)
-logging_log_filetrans(ircd_t,ircd_log_t,{ file dir })
+manage_files_pattern(ircd_t, ircd_log_t, ircd_log_t)
+logging_log_filetrans(ircd_t, ircd_log_t, { file dir })
-manage_files_pattern(ircd_t,ircd_var_lib_t,ircd_var_lib_t)
-files_var_lib_filetrans(ircd_t,ircd_var_lib_t,file)
+manage_files_pattern(ircd_t, ircd_var_lib_t, ircd_var_lib_t)
+files_var_lib_filetrans(ircd_t, ircd_var_lib_t, file)
-manage_files_pattern(ircd_t,ircd_var_run_t,ircd_var_run_t)
-files_pid_filetrans(ircd_t,ircd_var_run_t,file)
+manage_files_pattern(ircd_t, ircd_var_run_t, ircd_var_run_t)
+files_pid_filetrans(ircd_t, ircd_var_run_t, file)
kernel_read_system_state(ircd_t)
kernel_read_kernel_sysctls(ircd_t)
diff --git a/policy/modules/services/irqbalance.te b/policy/modules/services/irqbalance.te
index e2218a3..625cb8c 100644
--- a/policy/modules/services/irqbalance.te
+++ b/policy/modules/services/irqbalance.te
@@ -8,7 +8,7 @@ policy_module(irqbalance, 1.3.0)
type irqbalance_t;
type irqbalance_exec_t;
-init_daemon_domain(irqbalance_t,irqbalance_exec_t)
+init_daemon_domain(irqbalance_t, irqbalance_exec_t)
type irqbalance_var_run_t;
files_pid_file(irqbalance_var_run_t)
@@ -24,8 +24,8 @@ allow irqbalance_t self:udp_socket create_socket_perms;
dontaudit irqbalance_t self:capability sys_tty_config;
allow irqbalance_t self:process signal_perms;
-manage_files_pattern(irqbalance_t,irqbalance_var_run_t,irqbalance_var_run_t)
-files_pid_filetrans(irqbalance_t,irqbalance_var_run_t,file)
+manage_files_pattern(irqbalance_t, irqbalance_var_run_t, irqbalance_var_run_t)
+files_pid_filetrans(irqbalance_t, irqbalance_var_run_t, file)
kernel_read_network_state(irqbalance_t)
kernel_read_system_state(irqbalance_t)
diff --git a/policy/modules/services/jabber.te b/policy/modules/services/jabber.te
index 06c59f6..e152dbc 100644
--- a/policy/modules/services/jabber.te
+++ b/policy/modules/services/jabber.te
@@ -8,7 +8,7 @@ policy_module(jabber, 1.5.0)
type jabberd_t;
type jabberd_exec_t;
-init_daemon_domain(jabberd_t,jabberd_exec_t)
+init_daemon_domain(jabberd_t, jabberd_exec_t)
type jabberd_log_t;
logging_log_file(jabberd_log_t)
@@ -31,14 +31,14 @@ allow jabberd_t self:fifo_file { read write getattr };
allow jabberd_t self:tcp_socket create_stream_socket_perms;
allow jabberd_t self:udp_socket create_socket_perms;
-manage_files_pattern(jabberd_t,jabberd_var_lib_t,jabberd_var_lib_t)
-files_var_lib_filetrans(jabberd_t,jabberd_var_lib_t,file)
+manage_files_pattern(jabberd_t, jabberd_var_lib_t, jabberd_var_lib_t)
+files_var_lib_filetrans(jabberd_t, jabberd_var_lib_t, file)
-manage_files_pattern(jabberd_t,jabberd_log_t,jabberd_log_t)
-logging_log_filetrans(jabberd_t,jabberd_log_t,{ file dir })
+manage_files_pattern(jabberd_t, jabberd_log_t, jabberd_log_t)
+logging_log_filetrans(jabberd_t, jabberd_log_t, { file dir })
-manage_files_pattern(jabberd_t,jabberd_var_run_t,jabberd_var_run_t)
-files_pid_filetrans(jabberd_t,jabberd_var_run_t,file)
+manage_files_pattern(jabberd_t, jabberd_var_run_t, jabberd_var_run_t)
+files_pid_filetrans(jabberd_t, jabberd_var_run_t, file)
kernel_read_kernel_sysctls(jabberd_t)
kernel_list_proc(jabberd_t)
diff --git a/policy/modules/services/kerberos.if b/policy/modules/services/kerberos.if
index 4d0fce5..8f11718 100644
--- a/policy/modules/services/kerberos.if
+++ b/policy/modules/services/kerberos.if
@@ -33,8 +33,7 @@
#
interface(`kerberos_use',`
gen_require(`
- type krb5_conf_t;
- type krb5kdc_conf_t;
+ type krb5_conf_t, krb5kdc_conf_t;
')
files_search_etc($1)
diff --git a/policy/modules/services/kerberos.te b/policy/modules/services/kerberos.te
index aea7afa..9f5725f 100644
--- a/policy/modules/services/kerberos.te
+++ b/policy/modules/services/kerberos.te
@@ -11,11 +11,11 @@ policy_module(kerberos, 1.7.0)
## Allow confined applications to run with kerberos.
##
##
-gen_tunable(allow_kerberos,false)
+gen_tunable(allow_kerberos, false)
type kadmind_t;
type kadmind_exec_t;
-init_daemon_domain(kadmind_t,kadmind_exec_t)
+init_daemon_domain(kadmind_t, kadmind_exec_t)
type kadmind_log_t;
logging_log_file(kadmind_log_t)
@@ -43,7 +43,7 @@ files_type(krb5kdc_principal_t)
type krb5kdc_t;
type krb5kdc_exec_t;
-init_daemon_domain(krb5kdc_t,krb5kdc_exec_t)
+init_daemon_domain(krb5kdc_t, krb5kdc_exec_t)
type krb5kdc_log_t;
logging_log_file(krb5kdc_log_t)
@@ -74,19 +74,19 @@ logging_log_filetrans(kadmind_t,kadmind_log_t,file)
allow kadmind_t krb5_conf_t:file read_file_perms;
dontaudit kadmind_t krb5_conf_t:file write;
-read_files_pattern(kadmind_t,krb5kdc_conf_t,krb5kdc_conf_t)
+read_files_pattern(kadmind_t, krb5kdc_conf_t, krb5kdc_conf_t)
dontaudit kadmind_t krb5kdc_conf_t:file { write setattr };
allow kadmind_t krb5kdc_principal_t:file { getattr lock read write setattr };
can_exec(kadmind_t, kadmind_exec_t)
-manage_dirs_pattern(kadmind_t,kadmind_tmp_t,kadmind_tmp_t)
-manage_files_pattern(kadmind_t,kadmind_tmp_t,kadmind_tmp_t)
+manage_dirs_pattern(kadmind_t, kadmind_tmp_t, kadmind_tmp_t)
+manage_files_pattern(kadmind_t, kadmind_tmp_t, kadmind_tmp_t)
files_tmp_filetrans(kadmind_t, kadmind_tmp_t, { file dir })
-manage_files_pattern(kadmind_t,kadmind_var_run_t,kadmind_var_run_t)
-files_pid_filetrans(kadmind_t,kadmind_var_run_t,file)
+manage_files_pattern(kadmind_t, kadmind_var_run_t, kadmind_var_run_t)
+files_pid_filetrans(kadmind_t, kadmind_var_run_t, file)
kernel_read_kernel_sysctls(kadmind_t)
kernel_list_proc(kadmind_t)
@@ -163,21 +163,21 @@ dontaudit krb5kdc_t krb5_conf_t:file write;
can_exec(krb5kdc_t, krb5kdc_exec_t)
-read_files_pattern(krb5kdc_t,krb5kdc_conf_t,krb5kdc_conf_t)
+read_files_pattern(krb5kdc_t, krb5kdc_conf_t, krb5kdc_conf_t)
dontaudit krb5kdc_t krb5kdc_conf_t:file write;
allow krb5kdc_t krb5kdc_log_t:file manage_file_perms;
-logging_log_filetrans(krb5kdc_t,krb5kdc_log_t,file)
+logging_log_filetrans(krb5kdc_t, krb5kdc_log_t, file)
allow krb5kdc_t krb5kdc_principal_t:file read_file_perms;
dontaudit krb5kdc_t krb5kdc_principal_t:file write;
-manage_dirs_pattern(krb5kdc_t,krb5kdc_tmp_t,krb5kdc_tmp_t)
-manage_files_pattern(krb5kdc_t,krb5kdc_tmp_t,krb5kdc_tmp_t)
+manage_dirs_pattern(krb5kdc_t, krb5kdc_tmp_t, krb5kdc_tmp_t)
+manage_files_pattern(krb5kdc_t, krb5kdc_tmp_t, krb5kdc_tmp_t)
files_tmp_filetrans(krb5kdc_t, krb5kdc_tmp_t, { file dir })
-manage_files_pattern(krb5kdc_t,krb5kdc_var_run_t,krb5kdc_var_run_t)
-files_pid_filetrans(krb5kdc_t,krb5kdc_var_run_t,file)
+manage_files_pattern(krb5kdc_t, krb5kdc_var_run_t, krb5kdc_var_run_t)
+files_pid_filetrans(krb5kdc_t, krb5kdc_var_run_t, file)
kernel_read_system_state(krb5kdc_t)
kernel_read_kernel_sysctls(krb5kdc_t)
diff --git a/policy/modules/services/ktalk.te b/policy/modules/services/ktalk.te
index 8594063..d4ac027 100644
--- a/policy/modules/services/ktalk.te
+++ b/policy/modules/services/ktalk.te
@@ -1,5 +1,5 @@
-policy_module(ktalk,1.6.0)
+policy_module(ktalk, 1.6.0)
########################################
#
@@ -8,7 +8,7 @@ policy_module(ktalk,1.6.0)
type ktalkd_t;
type ktalkd_exec_t;
-inetd_udp_service_domain(ktalkd_t,ktalkd_exec_t)
+inetd_udp_service_domain(ktalkd_t, ktalkd_exec_t)
role system_r types ktalkd_t;
type ktalkd_log_t;
@@ -40,14 +40,14 @@ optional_policy(`
#end for identd
allow ktalkd_t ktalkd_log_t:file manage_file_perms;
-logging_log_filetrans(ktalkd_t,ktalkd_log_t,file)
+logging_log_filetrans(ktalkd_t, ktalkd_log_t, file)
-manage_dirs_pattern(ktalkd_t,ktalkd_tmp_t,ktalkd_tmp_t)
-manage_files_pattern(ktalkd_t,ktalkd_tmp_t,ktalkd_tmp_t)
+manage_dirs_pattern(ktalkd_t, ktalkd_tmp_t, ktalkd_tmp_t)
+manage_files_pattern(ktalkd_t, ktalkd_tmp_t, ktalkd_tmp_t)
files_tmp_filetrans(ktalkd_t, ktalkd_tmp_t, { file dir })
-manage_files_pattern(ktalkd_t,ktalkd_var_run_t,ktalkd_var_run_t)
-files_pid_filetrans(ktalkd_t,ktalkd_var_run_t,file)
+manage_files_pattern(ktalkd_t, ktalkd_var_run_t, ktalkd_var_run_t)
+files_pid_filetrans(ktalkd_t, ktalkd_var_run_t, file)
kernel_read_kernel_sysctls(ktalkd_t)
kernel_read_system_state(ktalkd_t)
diff --git a/policy/modules/services/ldap.te b/policy/modules/services/ldap.te
index a7be74a..862d1f8 100644
--- a/policy/modules/services/ldap.te
+++ b/policy/modules/services/ldap.te
@@ -8,7 +8,7 @@ policy_module(ldap, 1.7.0)
type slapd_t;
type slapd_exec_t;
-init_daemon_domain(slapd_t,slapd_exec_t)
+init_daemon_domain(slapd_t, slapd_exec_t)
type slapd_cert_t;
files_type(slapd_cert_t)
@@ -47,13 +47,13 @@ allow slapd_t self:udp_socket create_socket_perms;
allow slapd_t self:tcp_socket create_stream_socket_perms;
allow slapd_t slapd_cert_t:dir list_dir_perms;
-read_files_pattern(slapd_t,slapd_cert_t,slapd_cert_t)
-read_lnk_files_pattern(slapd_t,slapd_cert_t,slapd_cert_t)
+read_files_pattern(slapd_t, slapd_cert_t, slapd_cert_t)
+read_lnk_files_pattern(slapd_t, slapd_cert_t, slapd_cert_t)
# Allow access to the slapd databases
-manage_dirs_pattern(slapd_t,slapd_db_t,slapd_db_t)
-manage_files_pattern(slapd_t,slapd_db_t,slapd_db_t)
-manage_lnk_files_pattern(slapd_t,slapd_db_t,slapd_db_t)
+manage_dirs_pattern(slapd_t, slapd_db_t, slapd_db_t)
+manage_files_pattern(slapd_t, slapd_db_t, slapd_db_t)
+manage_lnk_files_pattern(slapd_t, slapd_db_t, slapd_db_t)
allow slapd_t slapd_etc_t:file { getattr read };
@@ -61,17 +61,17 @@ allow slapd_t slapd_lock_t:file manage_file_perms;
files_lock_filetrans(slapd_t,slapd_lock_t,file)
# Allow access to write the replication log (should tighten this)
-manage_dirs_pattern(slapd_t,slapd_replog_t,slapd_replog_t)
-manage_files_pattern(slapd_t,slapd_replog_t,slapd_replog_t)
-manage_lnk_files_pattern(slapd_t,slapd_replog_t,slapd_replog_t)
+manage_dirs_pattern(slapd_t, slapd_replog_t, slapd_replog_t)
+manage_files_pattern(slapd_t, slapd_replog_t, slapd_replog_t)
+manage_lnk_files_pattern(slapd_t, slapd_replog_t, slapd_replog_t)
-manage_dirs_pattern(slapd_t,slapd_tmp_t,slapd_tmp_t)
-manage_files_pattern(slapd_t,slapd_tmp_t,slapd_tmp_t)
+manage_dirs_pattern(slapd_t, slapd_tmp_t, slapd_tmp_t)
+manage_files_pattern(slapd_t, slapd_tmp_t, slapd_tmp_t)
files_tmp_filetrans(slapd_t, slapd_tmp_t, { file dir })
-manage_files_pattern(slapd_t,slapd_var_run_t,slapd_var_run_t)
-manage_sock_files_pattern(slapd_t,slapd_var_run_t,slapd_var_run_t)
-files_pid_filetrans(slapd_t,slapd_var_run_t,{ file sock_file })
+manage_files_pattern(slapd_t, slapd_var_run_t, slapd_var_run_t)
+manage_sock_files_pattern(slapd_t, slapd_var_run_t, slapd_var_run_t)
+files_pid_filetrans(slapd_t, slapd_var_run_t, { file sock_file })
kernel_read_system_state(slapd_t)
kernel_read_kernel_sysctls(slapd_t)
diff --git a/policy/modules/services/lpd.if b/policy/modules/services/lpd.if
index 1d91026..5045eed 100644
--- a/policy/modules/services/lpd.if
+++ b/policy/modules/services/lpd.if
@@ -43,7 +43,7 @@ template(`lpd_per_role_template',`
#
# Derived domain based on the calling user domain and the program
type $1_lpr_t;
- application_domain($1_lpr_t,lpr_exec_t)
+ application_domain($1_lpr_t, lpr_exec_t)
role $3 types $1_lpr_t;
type $1_lpr_tmp_t;
@@ -77,24 +77,24 @@ template(`lpd_per_role_template',`
# Send SIGHUP to lpd.
allow $1_lpr_t lpd_t:process signal;
- manage_dirs_pattern($1_lpr_t,$1_lpr_tmp_t,$1_lpr_tmp_t)
- manage_files_pattern($1_lpr_t,$1_lpr_tmp_t,$1_lpr_tmp_t)
+ manage_dirs_pattern($1_lpr_t, $1_lpr_tmp_t, $1_lpr_tmp_t)
+ manage_files_pattern($1_lpr_t, $1_lpr_tmp_t, $1_lpr_tmp_t)
files_tmp_filetrans($1_lpr_t, $1_lpr_tmp_t, { file dir })
- manage_files_pattern($1_lpr_t,print_spool_t,$1_print_spool_t)
- filetrans_pattern($1_lpr_t,print_spool_t,$1_print_spool_t,file)
+ manage_files_pattern($1_lpr_t, print_spool_t, $1_print_spool_t)
+ filetrans_pattern($1_lpr_t, print_spool_t, $1_print_spool_t, file)
# Read and write shared files in the spool directory.
allow $1_lpr_t print_spool_t:file rw_file_perms;
allow $1_lpr_t printconf_t:dir list_dir_perms;
- read_files_pattern($1_lpr_t,printconf_t,printconf_t)
- read_lnk_files_pattern($1_lpr_t,printconf_t,printconf_t)
+ read_files_pattern($1_lpr_t, printconf_t, printconf_t)
+ read_lnk_files_pattern($1_lpr_t, printconf_t, printconf_t)
')
dontaudit $1_lpr_t $2:unix_stream_socket { read write };
# Transition from the user domain to the derived domain.
- domtrans_pattern($2,lpr_exec_t,$1_lpr_t)
+ domtrans_pattern($2, lpr_exec_t, $1_lpr_t)
allow $2 $1_lpr_t:process signull;
@@ -155,11 +155,11 @@ template(`lpd_per_role_template',`
tunable_policy(`read_untrusted_content',`
#list and read user specific untrusted content
- userdom_read_user_untrusted_content_files($1,$1_lpr_t)
+ userdom_read_user_untrusted_content_files($1, $1_lpr_t)
#list and read user specific temporary untrusted content
files_list_tmp($1_lpr_t)
- userdom_read_user_tmp_untrusted_content_files($1,$1_lpr_t)
+ userdom_read_user_tmp_untrusted_content_files($1, $1_lpr_t)
')
tunable_policy(`use_nfs_home_dirs',`
@@ -216,8 +216,7 @@ template(`lpd_per_role_template',`
#
template(`lpr_admin_template',`
gen_require(`
- type $1_lpr_t;
- type print_spool_t;
+ type $1_lpr_t, print_spool_t;
')
userdom_read_all_users_home_content_files($1_lpr_t)
@@ -247,7 +246,7 @@ interface(`lpd_domtrans_checkpc',`
type checkpc_t, checkpc_exec_t;
')
- domtrans_pattern($1,checkpc_exec_t,checkpc_t)
+ domtrans_pattern($1, checkpc_exec_t, checkpc_t)
')
########################################
@@ -317,7 +316,7 @@ interface(`lpd_read_spool',`
')
files_search_spool($1)
- read_files_pattern($1,print_spool_t,print_spool_t)
+ read_files_pattern($1, print_spool_t, print_spool_t)
')
########################################
@@ -376,7 +375,7 @@ interface(`lpd_read_config',`
')
allow $1 printconf_t:dir list_dir_perms;
- read_files_pattern($1,printconf_t,printconf_t)
+ read_files_pattern($1, printconf_t, printconf_t)
')
########################################
diff --git a/policy/modules/services/lpd.te b/policy/modules/services/lpd.te
index 77d209d..d44f211 100644
--- a/policy/modules/services/lpd.te
+++ b/policy/modules/services/lpd.te
@@ -11,11 +11,11 @@ policy_module(lpd, 1.10.0)
## Use lpd server instead of cups
##
##
-gen_tunable(use_lpd_server,false)
+gen_tunable(use_lpd_server, false)
type checkpc_t;
type checkpc_exec_t;
-init_system_domain(checkpc_t,checkpc_exec_t)
+init_system_domain(checkpc_t, checkpc_exec_t)
role system_r types checkpc_t;
type checkpc_log_t;
@@ -23,7 +23,7 @@ logging_log_file(checkpc_log_t)
type lpd_t;
type lpd_exec_t;
-init_daemon_domain(lpd_t,lpd_exec_t)
+init_daemon_domain(lpd_t, lpd_exec_t)
type lpd_tmp_t;
files_tmp_file(lpd_tmp_t)
@@ -58,13 +58,13 @@ allow checkpc_t self:tcp_socket create_socket_perms;
allow checkpc_t self:udp_socket create_socket_perms;
allow checkpc_t checkpc_log_t:file manage_file_perms;
-logging_log_filetrans(checkpc_t,checkpc_log_t,file)
+logging_log_filetrans(checkpc_t, checkpc_log_t, file)
allow checkpc_t lpd_var_run_t:dir search_dir_perms;
files_search_pids(checkpc_t)
-rw_files_pattern(checkpc_t,print_spool_t,print_spool_t)
-delete_files_pattern(checkpc_t,print_spool_t,print_spool_t)
+rw_files_pattern(checkpc_t, print_spool_t, print_spool_t)
+delete_files_pattern(checkpc_t, print_spool_t, print_spool_t)
files_search_spool(checkpc_t)
allow checkpc_t printconf_t:file getattr;
@@ -104,7 +104,7 @@ libs_use_shared_libs(checkpc_t)
sysnet_read_config(checkpc_t)
optional_policy(`
- cron_system_entry(checkpc_t,checkpc_exec_t)
+ cron_system_entry(checkpc_t, checkpc_exec_t)
')
optional_policy(`
@@ -129,16 +129,16 @@ allow lpd_t self:unix_dgram_socket create_socket_perms;
allow lpd_t self:tcp_socket create_stream_socket_perms;
allow lpd_t self:udp_socket create_stream_socket_perms;
-manage_dirs_pattern(lpd_t,lpd_tmp_t,lpd_tmp_t)
-manage_files_pattern(lpd_t,lpd_tmp_t,lpd_tmp_t)
+manage_dirs_pattern(lpd_t, lpd_tmp_t, lpd_tmp_t)
+manage_files_pattern(lpd_t, lpd_tmp_t, lpd_tmp_t)
files_tmp_filetrans(lpd_t, lpd_tmp_t, { file dir })
-manage_files_pattern(lpd_t,lpd_var_run_t,lpd_var_run_t)
-manage_sock_files_pattern(lpd_t,lpd_var_run_t,lpd_var_run_t)
-files_pid_filetrans(lpd_t,lpd_var_run_t,file)
+manage_files_pattern(lpd_t, lpd_var_run_t, lpd_var_run_t)
+manage_sock_files_pattern(lpd_t, lpd_var_run_t, lpd_var_run_t)
+files_pid_filetrans(lpd_t, lpd_var_run_t, file)
# Write to /var/spool/lpd.
-manage_files_pattern(lpd_t,print_spool_t,print_spool_t)
+manage_files_pattern(lpd_t, print_spool_t, print_spool_t)
files_search_spool(lpd_t)
# lpd must be able to execute the filter utilities in /usr/share/printconf.
@@ -147,7 +147,7 @@ can_exec(lpd_t, printconf_t)
# Create and bind to /dev/printer.
allow lpd_t printer_t:lnk_file manage_lnk_file_perms;
-dev_filetrans(lpd_t,printer_t,lnk_file)
+dev_filetrans(lpd_t, printer_t, lnk_file)
kernel_read_kernel_sysctls(lpd_t)
# bash wants access to /proc/meminfo
diff --git a/policy/modules/services/mailman.if b/policy/modules/services/mailman.if
index af7276a..dfe403b 100644
--- a/policy/modules/services/mailman.if
+++ b/policy/modules/services/mailman.if
@@ -31,18 +31,18 @@ template(`mailman_domain_template', `
allow mailman_$1_t self:tcp_socket create_stream_socket_perms;
allow mailman_$1_t self:udp_socket create_socket_perms;
- manage_dirs_pattern(mailman_$1_t,mailman_data_t,mailman_data_t)
- manage_files_pattern(mailman_$1_t,mailman_data_t,mailman_data_t)
- manage_lnk_files_pattern(mailman_$1_t,mailman_data_t,mailman_data_t)
+ manage_dirs_pattern(mailman_$1_t, mailman_data_t, mailman_data_t)
+ manage_files_pattern(mailman_$1_t, mailman_data_t, mailman_data_t)
+ manage_lnk_files_pattern(mailman_$1_t, mailman_data_t, mailman_data_t)
- manage_files_pattern(mailman_$1_t,mailman_lock_t,mailman_lock_t)
- files_lock_filetrans(mailman_$1_t,mailman_lock_t,file)
+ manage_files_pattern(mailman_$1_t, mailman_lock_t, mailman_lock_t)
+ files_lock_filetrans(mailman_$1_t, mailman_lock_t, file)
- manage_files_pattern(mailman_$1_t,mailman_log_t,mailman_log_t)
- logging_log_filetrans(mailman_$1_t,mailman_log_t,file)
+ manage_files_pattern(mailman_$1_t, mailman_log_t, mailman_log_t)
+ logging_log_filetrans(mailman_$1_t, mailman_log_t, file)
- manage_dirs_pattern(mailman_$1_t,mailman_$1_tmp_t,mailman_$1_tmp_t)
- manage_files_pattern(mailman_$1_t,mailman_$1_tmp_t,mailman_$1_tmp_t)
+ manage_dirs_pattern(mailman_$1_t, mailman_$1_tmp_t, mailman_$1_tmp_t)
+ manage_files_pattern(mailman_$1_t, mailman_$1_tmp_t, mailman_$1_tmp_t)
files_tmp_filetrans(mailman_$1_t, mailman_$1_tmp_t, { file dir })
kernel_read_kernel_sysctls(mailman_$1_t)
@@ -138,7 +138,7 @@ interface(`mailman_exec',`
type mailman_mail_exec_t;
')
- can_exec($1,mailman_mail_exec_t)
+ can_exec($1, mailman_mail_exec_t)
')
#######################################
@@ -192,7 +192,7 @@ interface(`mailman_read_data_files',`
type mailman_data_t;
')
- read_files_pattern($1,mailman_data_t,mailman_data_t)
+ read_files_pattern($1, mailman_data_t, mailman_data_t)
')
#######################################
@@ -211,7 +211,7 @@ interface(`mailman_manage_data_files',`
type mailman_data_t;
')
- manage_files_pattern($1,mailman_data_t,mailman_data_t)
+ manage_files_pattern($1, mailman_data_t, mailman_data_t)
')
#######################################
@@ -247,7 +247,7 @@ interface(`mailman_read_data_symlinks',`
type mailman_data_t;
')
- read_lnk_files_pattern($1,mailman_data_t,mailman_data_t)
+ read_lnk_files_pattern($1, mailman_data_t, mailman_data_t)
')
#######################################
@@ -265,7 +265,7 @@ interface(`mailman_append_log',`
type mailman_log_t;
')
- append_files_pattern($1,mailman_log_t,mailman_log_t)
+ append_files_pattern($1, mailman_log_t, mailman_log_t)
')
#######################################
@@ -284,8 +284,8 @@ interface(`mailman_manage_log',`
type mailman_log_t;
')
- manage_files_pattern($1,mailman_log_t,mailman_log_t)
- manage_lnk_files_pattern($1,mailman_log_t,mailman_log_t)
+ manage_files_pattern($1, mailman_log_t, mailman_log_t)
+ manage_lnk_files_pattern($1, mailman_log_t, mailman_log_t)
')
#######################################
@@ -304,8 +304,8 @@ interface(`mailman_read_archive',`
')
allow $1 mailman_archive_t:dir list_dir_perms;
- read_files_pattern($1,mailman_archive_t,mailman_archive_t)
- read_lnk_files_pattern($1,mailman_archive_t,mailman_archive_t)
+ read_files_pattern($1, mailman_archive_t, mailman_archive_t)
+ read_lnk_files_pattern($1, mailman_archive_t, mailman_archive_t)
')
#######################################
diff --git a/policy/modules/services/mailman.te b/policy/modules/services/mailman.te
index aefa358..ea67c12 100644
--- a/policy/modules/services/mailman.te
+++ b/policy/modules/services/mailman.te
@@ -21,7 +21,7 @@ type mailman_lock_t;
files_lock_file(mailman_lock_t)
mailman_domain_template(mail)
-init_daemon_domain(mailman_mail_t,mailman_mail_exec_t)
+init_daemon_domain(mailman_mail_t, mailman_mail_exec_t)
mailman_domain_template(queue)
@@ -38,9 +38,9 @@ mailman_domain_template(queue)
optional_policy(`
dev_read_urand(mailman_cgi_t)
- manage_dirs_pattern(mailman_cgi_t,mailman_archive_t,mailman_archive_t)
- manage_files_pattern(mailman_cgi_t,mailman_archive_t,mailman_archive_t)
- manage_lnk_files_pattern(mailman_cgi_t,mailman_archive_t,mailman_archive_t)
+ manage_dirs_pattern(mailman_cgi_t, mailman_archive_t, mailman_archive_t)
+ manage_files_pattern(mailman_cgi_t, mailman_archive_t, mailman_archive_t)
+ manage_lnk_files_pattern(mailman_cgi_t, mailman_archive_t, mailman_archive_t)
files_search_spool(mailman_cgi_t)
@@ -86,9 +86,9 @@ allow mailman_queue_t self:process signal;
allow mailman_queue_t self:fifo_file rw_fifo_file_perms;
allow mailman_queue_t self:unix_dgram_socket create_socket_perms;
-manage_dirs_pattern(mailman_queue_t,mailman_archive_t,mailman_archive_t)
-manage_files_pattern(mailman_queue_t,mailman_archive_t,mailman_archive_t)
-manage_lnk_files_pattern(mailman_queue_t,mailman_archive_t,mailman_archive_t)
+manage_dirs_pattern(mailman_queue_t, mailman_archive_t, mailman_archive_t)
+manage_files_pattern(mailman_queue_t, mailman_archive_t, mailman_archive_t)
+manage_lnk_files_pattern(mailman_queue_t, mailman_archive_t, mailman_archive_t)
kernel_read_proc_symlinks(mailman_queue_t)
@@ -106,5 +106,5 @@ su_exec(mailman_queue_t)
sysadm_search_home_dirs(mailman_queue_t)
optional_policy(`
- cron_system_entry(mailman_queue_t,mailman_queue_exec_t)
+ cron_system_entry(mailman_queue_t, mailman_queue_exec_t)
')
diff --git a/policy/modules/services/monop.te b/policy/modules/services/monop.te
index 58430ab..eb4880a 100644
--- a/policy/modules/services/monop.te
+++ b/policy/modules/services/monop.te
@@ -8,7 +8,7 @@ policy_module(monop, 1.5.0)
type monopd_t;
type monopd_exec_t;
-init_daemon_domain(monopd_t,monopd_exec_t)
+init_daemon_domain(monopd_t, monopd_exec_t)
type monopd_etc_t;
files_config_file(monopd_etc_t)
@@ -33,11 +33,11 @@ allow monopd_t monopd_etc_t:file { getattr read };
files_search_etc(monopd_t)
allow monopd_t monopd_share_t:dir list_dir_perms;
-read_files_pattern(monopd_t,monopd_share_t,monopd_share_t)
-read_lnk_files_pattern(monopd_t,monopd_share_t,monopd_share_t)
+read_files_pattern(monopd_t, monopd_share_t, monopd_share_t)
+read_lnk_files_pattern(monopd_t, monopd_share_t, monopd_share_t)
-manage_files_pattern(monopd_t,monopd_var_run_t,monopd_var_run_t)
-files_pid_filetrans(monopd_t,monopd_var_run_t,file)
+manage_files_pattern(monopd_t, monopd_var_run_t, monopd_var_run_t)
+files_pid_filetrans(monopd_t, monopd_var_run_t, file)
kernel_read_kernel_sysctls(monopd_t)
kernel_list_proc(monopd_t)
diff --git a/policy/modules/services/mta.if b/policy/modules/services/mta.if
index c2b8382..7399a58 100644
--- a/policy/modules/services/mta.if
+++ b/policy/modules/services/mta.if
@@ -51,7 +51,7 @@ template(`mta_base_mail_template',`
#
type $1_mail_t, user_mail_domain;
- application_domain($1_mail_t,sendmail_exec_t)
+ application_domain($1_mail_t, sendmail_exec_t)
type $1_mail_tmp_t;
files_tmp_file($1_mail_tmp_t)
@@ -113,15 +113,15 @@ template(`mta_base_mail_template',`
type etc_mail_t, mail_spool_t, mqueue_spool_t;
')
- manage_dirs_pattern($1_mail_t,$1_mail_tmp_t,$1_mail_tmp_t)
- manage_files_pattern($1_mail_t,$1_mail_tmp_t,$1_mail_tmp_t)
+ manage_dirs_pattern($1_mail_t, $1_mail_tmp_t, $1_mail_tmp_t)
+ manage_files_pattern($1_mail_t, $1_mail_tmp_t, $1_mail_tmp_t)
files_tmp_filetrans($1_mail_t, $1_mail_tmp_t, { file dir })
allow $1_mail_t etc_mail_t:dir { getattr search };
# Write to /var/spool/mail and /var/spool/mqueue.
- manage_files_pattern($1_mail_t,mail_spool_t,mail_spool_t)
- manage_files_pattern($1_mail_t,mqueue_spool_t,mqueue_spool_t)
+ manage_files_pattern($1_mail_t, mail_spool_t, mail_spool_t)
+ manage_files_pattern($1_mail_t, mqueue_spool_t, mqueue_spool_t)
# Check available space.
fs_getattr_xattr_fs($1_mail_t)
@@ -194,26 +194,26 @@ template(`mta_per_role_template',`
domain_use_interactive_fds($1_mail_t)
- userdom_use_user_terminals($1,$1_mail_t)
+ userdom_use_user_terminals($1, $1_mail_t)
# Write to the user domain tty. cjp: why?
- userdom_use_user_terminals($1,mta_user_agent)
+ userdom_use_user_terminals($1, mta_user_agent)
# Create dead.letter in user home directories.
- userdom_manage_user_home_content_files($1,$1_mail_t)
- userdom_user_home_dir_filetrans_user_home_content($1,$1_mail_t,file)
+ userdom_manage_user_home_content_files($1, $1_mail_t)
+ userdom_user_home_dir_filetrans_user_home_content($1, $1_mail_t, file)
# for reading .forward - maybe we need a new type for it?
# also for delivering mail to maildir
- userdom_manage_user_home_content_dirs($1,mailserver_delivery)
- userdom_manage_user_home_content_files($1,mailserver_delivery)
- userdom_manage_user_home_content_symlinks($1,mailserver_delivery)
- userdom_manage_user_home_content_pipes($1,mailserver_delivery)
- userdom_manage_user_home_content_sockets($1,mailserver_delivery)
- userdom_user_home_dir_filetrans_user_home_content($1,mailserver_delivery,{ dir file lnk_file fifo_file sock_file })
+ userdom_manage_user_home_content_dirs($1, mailserver_delivery)
+ userdom_manage_user_home_content_files($1, mailserver_delivery)
+ userdom_manage_user_home_content_symlinks($1, mailserver_delivery)
+ userdom_manage_user_home_content_pipes($1, mailserver_delivery)
+ userdom_manage_user_home_content_sockets($1, mailserver_delivery)
+ userdom_user_home_dir_filetrans_user_home_content($1, mailserver_delivery, { dir file lnk_file fifo_file sock_file })
# Read user temporary files.
- userdom_read_user_tmp_files($1,$1_mail_t)
- userdom_dontaudit_append_user_tmp_files($1,$1_mail_t)
+ userdom_read_user_tmp_files($1, $1_mail_t)
+ userdom_dontaudit_append_user_tmp_files($1, $1_mail_t)
# cjp: this should probably be read all user tmp
# files in an appropriate place for mta_user_agent
- userdom_read_user_tmp_files($1,mta_user_agent)
+ userdom_read_user_tmp_files($1, mta_user_agent)
tunable_policy(`use_samba_home_dirs',`
fs_manage_cifs_files($1_mail_t)
@@ -225,7 +225,7 @@ template(`mta_per_role_template',`
# Read user temporary files.
# postfix seems to need write access if the file handle is opened read/write
- userdom_rw_user_tmp_files($1,$1_mail_t)
+ userdom_rw_user_tmp_files($1, $1_mail_t)
postfix_read_config($1_mail_t)
postfix_list_spool($1_mail_t)
@@ -266,12 +266,12 @@ template(`mta_admin_template',`
allow mta_user_agent $2:fifo_file { read write };
- manage_dirs_pattern($1_mail_t,etc_aliases_t,etc_aliases_t)
- manage_files_pattern($1_mail_t,etc_aliases_t,etc_aliases_t)
- manage_lnk_files_pattern($1_mail_t,etc_aliases_t,etc_aliases_t)
- manage_fifo_files_pattern($1_mail_t,etc_aliases_t,etc_aliases_t)
- manage_sock_files_pattern($1_mail_t,etc_aliases_t,etc_aliases_t)
- files_etc_filetrans($1_mail_t,etc_aliases_t,{ file lnk_file sock_file fifo_file })
+ manage_dirs_pattern($1_mail_t, etc_aliases_t, etc_aliases_t)
+ manage_files_pattern($1_mail_t, etc_aliases_t, etc_aliases_t)
+ manage_lnk_files_pattern($1_mail_t, etc_aliases_t, etc_aliases_t)
+ manage_fifo_files_pattern($1_mail_t, etc_aliases_t, etc_aliases_t)
+ manage_sock_files_pattern($1_mail_t, etc_aliases_t, etc_aliases_t)
+ files_etc_filetrans($1_mail_t, etc_aliases_t, { file lnk_file sock_file fifo_file })
# postfix needs this for newaliases
files_getattr_tmp_dirs($1_mail_t)
@@ -280,7 +280,7 @@ template(`mta_admin_template',`
ifdef(`distro_redhat',`
# compatability for old default main.cf
- postfix_config_filetrans($1_mail_t,etc_aliases_t,{ dir file lnk_file sock_file fifo_file })
+ postfix_config_filetrans($1_mail_t, etc_aliases_t, { dir file lnk_file sock_file fifo_file })
')
')
')
@@ -383,10 +383,10 @@ interface(`mta_mailserver_delivery',`
typeattribute $1 mailserver_delivery;
allow $1 mail_spool_t:dir list_dir_perms;
- create_files_pattern($1,mail_spool_t,mail_spool_t)
- read_files_pattern($1,mail_spool_t,mail_spool_t)
- create_lnk_files_pattern($1,mail_spool_t,mail_spool_t)
- read_lnk_files_pattern($1,mail_spool_t,mail_spool_t)
+ create_files_pattern($1, mail_spool_t, mail_spool_t)
+ read_files_pattern($1, mail_spool_t, mail_spool_t)
+ create_lnk_files_pattern($1, mail_spool_t, mail_spool_t)
+ read_lnk_files_pattern($1, mail_spool_t, mail_spool_t)
optional_policy(`
dovecot_manage_spool($1)
@@ -488,7 +488,7 @@ interface(`mta_sendmail_domtrans',`
files_search_usr($1)
corecmd_read_bin_symlinks($1)
- domain_auto_trans($1,sendmail_exec_t,$2)
+ domain_auto_trans($1, sendmail_exec_t, $2)
')
########################################
@@ -527,8 +527,8 @@ interface(`mta_read_config',`
files_search_etc($1)
allow $1 etc_mail_t:dir list_dir_perms;
- read_files_pattern($1,etc_mail_t,etc_mail_t)
- read_lnk_files_pattern($1,etc_mail_t,etc_mail_t)
+ read_files_pattern($1, etc_mail_t, etc_mail_t)
+ read_lnk_files_pattern($1, etc_mail_t, etc_mail_t)
')
########################################
@@ -566,7 +566,7 @@ interface(`mta_etc_filetrans_aliases',`
type etc_aliases_t;
')
- files_etc_filetrans($1,etc_aliases_t, file)
+ files_etc_filetrans($1, etc_aliases_t, file)
')
########################################
@@ -711,7 +711,7 @@ interface(`mta_spool_filetrans',`
')
files_search_spool($1)
- filetrans_pattern($1,mail_spool_t,$2,$3)
+ filetrans_pattern($1, mail_spool_t, $2, $3)
')
########################################
@@ -732,8 +732,8 @@ interface(`mta_rw_spool',`
files_search_spool($1)
allow $1 mail_spool_t:dir list_dir_perms;
allow $1 mail_spool_t:file setattr;
- rw_files_pattern($1,mail_spool_t,mail_spool_t)
- read_lnk_files_pattern($1,mail_spool_t,mail_spool_t)
+ rw_files_pattern($1, mail_spool_t, mail_spool_t)
+ read_lnk_files_pattern($1, mail_spool_t, mail_spool_t)
')
#######################################
@@ -753,9 +753,9 @@ interface(`mta_append_spool',`
files_search_spool($1)
allow $1 mail_spool_t:dir list_dir_perms;
- create_files_pattern($1,mail_spool_t,mail_spool_t)
- write_files_pattern($1,mail_spool_t,mail_spool_t)
- read_lnk_files_pattern($1,mail_spool_t,mail_spool_t)
+ create_files_pattern($1, mail_spool_t, mail_spool_t)
+ write_files_pattern($1, mail_spool_t, mail_spool_t)
+ read_lnk_files_pattern($1, mail_spool_t, mail_spool_t)
')
#######################################
@@ -774,7 +774,7 @@ interface(`mta_delete_spool',`
')
files_search_spool($1)
- delete_files_pattern($1,mail_spool_t,mail_spool_t)
+ delete_files_pattern($1, mail_spool_t, mail_spool_t)
')
########################################
@@ -793,9 +793,9 @@ interface(`mta_manage_spool',`
')
files_search_spool($1)
- manage_dirs_pattern($1,mail_spool_t,mail_spool_t)
- manage_files_pattern($1,mail_spool_t,mail_spool_t)
- manage_lnk_files_pattern($1,mail_spool_t,mail_spool_t)
+ manage_dirs_pattern($1, mail_spool_t, mail_spool_t)
+ manage_files_pattern($1, mail_spool_t, mail_spool_t)
+ manage_lnk_files_pattern($1, mail_spool_t, mail_spool_t)
')
########################################
@@ -854,7 +854,7 @@ interface(`mta_manage_queue',`
')
files_search_spool($1)
- manage_files_pattern($1,mqueue_spool_t,mqueue_spool_t)
+ manage_files_pattern($1, mqueue_spool_t, mqueue_spool_t)
')
#######################################
diff --git a/policy/modules/services/mta.te b/policy/modules/services/mta.te
index 4a5934b..f31347d 100644
--- a/policy/modules/services/mta.te
+++ b/policy/modules/services/mta.te
@@ -39,7 +39,7 @@ role system_r types system_mail_t;
# newalias required this, not sure if it is needed in 'if' file
allow system_mail_t self:capability { dac_override };
-read_files_pattern(system_mail_t,etc_mail_t,etc_mail_t)
+read_files_pattern(system_mail_t, etc_mail_t, etc_mail_t)
kernel_read_system_state(system_mail_t)
kernel_read_network_state(system_mail_t)
@@ -93,12 +93,12 @@ optional_policy(`
')
optional_policy(`
- manage_dirs_pattern(system_mail_t,etc_aliases_t,etc_aliases_t)
- manage_files_pattern(system_mail_t,etc_aliases_t,etc_aliases_t)
- manage_lnk_files_pattern(system_mail_t,etc_aliases_t,etc_aliases_t)
- manage_fifo_files_pattern(system_mail_t,etc_aliases_t,etc_aliases_t)
- manage_sock_files_pattern(system_mail_t,etc_aliases_t,etc_aliases_t)
- files_etc_filetrans(system_mail_t,etc_aliases_t,{ file lnk_file sock_file fifo_file })
+ manage_dirs_pattern(system_mail_t, etc_aliases_t, etc_aliases_t)
+ manage_files_pattern(system_mail_t, etc_aliases_t, etc_aliases_t)
+ manage_lnk_files_pattern(system_mail_t, etc_aliases_t, etc_aliases_t)
+ manage_fifo_files_pattern(system_mail_t, etc_aliases_t, etc_aliases_t)
+ manage_sock_files_pattern(system_mail_t, etc_aliases_t, etc_aliases_t)
+ files_etc_filetrans(system_mail_t, etc_aliases_t, { file lnk_file sock_file fifo_file })
domain_use_interactive_fds(system_mail_t)
@@ -111,7 +111,7 @@ optional_policy(`
ifdef(`distro_redhat',`
# compatability for old default main.cf
- postfix_config_filetrans(system_mail_t,etc_aliases_t,{ dir file lnk_file sock_file fifo_file })
+ postfix_config_filetrans(system_mail_t, etc_aliases_t, { dir file lnk_file sock_file fifo_file })
')
optional_policy(`
diff --git a/policy/modules/services/munin.te b/policy/modules/services/munin.te
index 8c982c5..2a7f58f 100644
--- a/policy/modules/services/munin.te
+++ b/policy/modules/services/munin.te
@@ -8,7 +8,7 @@ policy_module(munin, 1.5.0)
type munin_t alias lrrd_t;
type munin_exec_t alias lrrd_exec_t;
-init_daemon_domain(munin_t,munin_exec_t)
+init_daemon_domain(munin_t, munin_exec_t)
type munin_etc_t alias lrrd_etc_t;
files_config_file(munin_etc_t)
@@ -39,26 +39,26 @@ allow munin_t self:tcp_socket create_stream_socket_perms;
allow munin_t self:udp_socket create_socket_perms;
allow munin_t munin_etc_t:dir list_dir_perms;
-read_files_pattern(munin_t,munin_etc_t,munin_etc_t)
-read_lnk_files_pattern(munin_t,munin_etc_t,munin_etc_t)
+read_files_pattern(munin_t, munin_etc_t, munin_etc_t)
+read_lnk_files_pattern(munin_t, munin_etc_t, munin_etc_t)
files_search_etc(munin_t)
allow munin_t munin_log_t:file manage_file_perms;
-logging_log_filetrans(munin_t,munin_log_t,file)
+logging_log_filetrans(munin_t, munin_log_t, file)
-manage_dirs_pattern(munin_t,munin_tmp_t,munin_tmp_t)
-manage_files_pattern(munin_t,munin_tmp_t,munin_tmp_t)
+manage_dirs_pattern(munin_t, munin_tmp_t, munin_tmp_t)
+manage_files_pattern(munin_t, munin_tmp_t, munin_tmp_t)
files_tmp_filetrans(munin_t, munin_tmp_t, { file dir })
# Allow access to the munin databases
-manage_dirs_pattern(munin_t,munin_var_lib_t,munin_var_lib_t)
-manage_files_pattern(munin_t,munin_var_lib_t,munin_var_lib_t)
-manage_lnk_files_pattern(munin_t,munin_var_lib_t,munin_var_lib_t)
+manage_dirs_pattern(munin_t, munin_var_lib_t, munin_var_lib_t)
+manage_files_pattern(munin_t, munin_var_lib_t, munin_var_lib_t)
+manage_lnk_files_pattern(munin_t, munin_var_lib_t, munin_var_lib_t)
files_search_var_lib(munin_t)
-manage_files_pattern(munin_t,munin_var_run_t,munin_var_run_t)
-manage_sock_files_pattern(munin_t,munin_var_run_t,munin_var_run_t)
-files_pid_filetrans(munin_t,munin_var_run_t,file)
+manage_files_pattern(munin_t, munin_var_run_t, munin_var_run_t)
+manage_sock_files_pattern(munin_t, munin_var_run_t, munin_var_run_t)
+files_pid_filetrans(munin_t, munin_var_run_t, file)
kernel_read_system_state(munin_t)
kernel_read_kernel_sysctls(munin_t)
diff --git a/policy/modules/services/mysql.if b/policy/modules/services/mysql.if
index 2f14308..75b3476 100644
--- a/policy/modules/services/mysql.if
+++ b/policy/modules/services/mysql.if
@@ -34,7 +34,7 @@ interface(`mysql_stream_connect',`
type mysqld_t, mysqld_var_run_t;
')
- stream_connect_pattern($1,mysqld_var_run_t,mysqld_var_run_t,mysqld_t)
+ stream_connect_pattern($1, mysqld_var_run_t, mysqld_var_run_t, mysqld_t)
')
########################################
diff --git a/policy/modules/services/mysql.te b/policy/modules/services/mysql.te
index dfa10cf..e19ce51 100644
--- a/policy/modules/services/mysql.te
+++ b/policy/modules/services/mysql.te
@@ -8,7 +8,7 @@ policy_module(mysql, 1.8.0)
type mysqld_t;
type mysqld_exec_t;
-init_daemon_domain(mysqld_t,mysqld_exec_t)
+init_daemon_domain(mysqld_t, mysqld_exec_t)
type mysqld_var_run_t;
files_pid_file(mysqld_var_run_t)
@@ -38,20 +38,20 @@ allow mysqld_t self:unix_stream_socket create_stream_socket_perms;
allow mysqld_t self:tcp_socket create_stream_socket_perms;
allow mysqld_t self:udp_socket create_socket_perms;
-manage_dirs_pattern(mysqld_t,mysqld_db_t,mysqld_db_t)
-manage_files_pattern(mysqld_t,mysqld_db_t,mysqld_db_t)
-manage_lnk_files_pattern(mysqld_t,mysqld_db_t,mysqld_db_t)
-files_var_lib_filetrans(mysqld_t,mysqld_db_t,{ dir file })
+manage_dirs_pattern(mysqld_t, mysqld_db_t, mysqld_db_t)
+manage_files_pattern(mysqld_t, mysqld_db_t, mysqld_db_t)
+manage_lnk_files_pattern(mysqld_t, mysqld_db_t, mysqld_db_t)
+files_var_lib_filetrans(mysqld_t, mysqld_db_t, { dir file })
allow mysqld_t mysqld_etc_t:file { getattr read };
allow mysqld_t mysqld_etc_t:lnk_file { getattr read };
allow mysqld_t mysqld_etc_t:dir list_dir_perms;
allow mysqld_t mysqld_log_t:file manage_file_perms;
-logging_log_filetrans(mysqld_t,mysqld_log_t,file)
+logging_log_filetrans(mysqld_t, mysqld_log_t, file)
-manage_dirs_pattern(mysqld_t,mysqld_tmp_t,mysqld_tmp_t)
-manage_files_pattern(mysqld_t,mysqld_tmp_t,mysqld_tmp_t)
+manage_dirs_pattern(mysqld_t, mysqld_tmp_t, mysqld_tmp_t)
+manage_files_pattern(mysqld_t, mysqld_tmp_t, mysqld_tmp_t)
files_tmp_filetrans(mysqld_t, mysqld_tmp_t, { file dir })
manage_files_pattern(mysqld_t, mysqld_var_run_t, mysqld_var_run_t)
diff --git a/policy/modules/services/nagios.if b/policy/modules/services/nagios.if
index d34c035..c76ba8b 100644
--- a/policy/modules/services/nagios.if
+++ b/policy/modules/services/nagios.if
@@ -58,7 +58,7 @@ interface(`nagios_domtrans_cgi',`
type nagios_cgi_t, nagios_cgi_exec_t;
')
- domtrans_pattern($1,nagios_cgi_exec_t,nagios_cgi_t)
+ domtrans_pattern($1, nagios_cgi_exec_t, nagios_cgi_t)
')
########################################
@@ -77,5 +77,5 @@ interface(`nagios_domtrans_nrpe',`
type nrpe_t, nrpe_exec_t;
')
- domtrans_pattern($1,nrpe_exec_t,nrpe_t)
+ domtrans_pattern($1, nrpe_exec_t, nrpe_t)
')
diff --git a/policy/modules/services/nessus.te b/policy/modules/services/nessus.te
index 5934f20..eda0e12 100644
--- a/policy/modules/services/nessus.te
+++ b/policy/modules/services/nessus.te
@@ -8,7 +8,7 @@ policy_module(nessus, 1.5.0)
type nessusd_t;
type nessusd_exec_t;
-init_daemon_domain(nessusd_t,nessusd_exec_t)
+init_daemon_domain(nessusd_t, nessusd_exec_t)
type nessusd_db_t;
files_type(nessusd_db_t)
@@ -37,19 +37,19 @@ allow nessusd_t self:rawip_socket create_socket_perms;
allow nessusd_t self:packet_socket create_socket_perms;
# Allow access to the nessusd authentication database
-manage_dirs_pattern(nessusd_t,nessusd_db_t,nessusd_db_t)
-manage_files_pattern(nessusd_t,nessusd_db_t,nessusd_db_t)
-manage_lnk_files_pattern(nessusd_t,nessusd_db_t,nessusd_db_t)
+manage_dirs_pattern(nessusd_t, nessusd_db_t, nessusd_db_t)
+manage_files_pattern(nessusd_t, nessusd_db_t, nessusd_db_t)
+manage_lnk_files_pattern(nessusd_t, nessusd_db_t, nessusd_db_t)
files_list_var_lib(nessusd_t)
allow nessusd_t nessusd_etc_t:file { getattr read };
files_search_etc(nessusd_t)
-manage_files_pattern(nessusd_t,nessusd_log_t,nessusd_log_t)
-logging_log_filetrans(nessusd_t,nessusd_log_t,{ file dir })
+manage_files_pattern(nessusd_t, nessusd_log_t, nessusd_log_t)
+logging_log_filetrans(nessusd_t, nessusd_log_t, { file dir })
-manage_files_pattern(nessusd_t,nessusd_var_run_t,nessusd_var_run_t)
-files_pid_filetrans(nessusd_t,nessusd_var_run_t,file)
+manage_files_pattern(nessusd_t, nessusd_var_run_t, nessusd_var_run_t)
+files_pid_filetrans(nessusd_t, nessusd_var_run_t, file)
kernel_read_system_state(nessusd_t)
kernel_read_kernel_sysctls(nessusd_t)
diff --git a/policy/modules/services/networkmanager.if b/policy/modules/services/networkmanager.if
index dfb48ea..9e9d836 100644
--- a/policy/modules/services/networkmanager.if
+++ b/policy/modules/services/networkmanager.if
@@ -74,7 +74,7 @@ interface(`networkmanager_domtrans',`
')
corecmd_search_bin($1)
- domtrans_pattern($1,NetworkManager_exec_t,NetworkManager_t)
+ domtrans_pattern($1, NetworkManager_exec_t, NetworkManager_t)
')
########################################
diff --git a/policy/modules/services/networkmanager.te b/policy/modules/services/networkmanager.te
index b560b86..fc92ba1 100644
--- a/policy/modules/services/networkmanager.te
+++ b/policy/modules/services/networkmanager.te
@@ -8,7 +8,7 @@ policy_module(networkmanager, 1.10.0)
type NetworkManager_t;
type NetworkManager_exec_t;
-init_daemon_domain(NetworkManager_t,NetworkManager_exec_t)
+init_daemon_domain(NetworkManager_t, NetworkManager_exec_t)
type NetworkManager_var_run_t;
files_pid_file(NetworkManager_var_run_t)
@@ -33,9 +33,9 @@ allow NetworkManager_t self:packet_socket create_socket_perms;
can_exec(NetworkManager_t, NetworkManager_exec_t)
-manage_dirs_pattern(NetworkManager_t,NetworkManager_var_run_t,NetworkManager_var_run_t)
-manage_files_pattern(NetworkManager_t,NetworkManager_var_run_t,NetworkManager_var_run_t)
-manage_sock_files_pattern(NetworkManager_t,NetworkManager_var_run_t,NetworkManager_var_run_t)
+manage_dirs_pattern(NetworkManager_t, NetworkManager_var_run_t, NetworkManager_var_run_t)
+manage_files_pattern(NetworkManager_t, NetworkManager_var_run_t, NetworkManager_var_run_t)
+manage_sock_files_pattern(NetworkManager_t, NetworkManager_var_run_t, NetworkManager_var_run_t)
files_pid_filetrans(NetworkManager_t,NetworkManager_var_run_t, { dir file sock_file })
kernel_read_system_state(NetworkManager_t)
@@ -130,7 +130,7 @@ optional_policy(`
')
optional_policy(`
- dbus_system_bus_client_template(NetworkManager,NetworkManager_t)
+ dbus_system_bus_client_template(NetworkManager, NetworkManager_t)
dbus_connect_system_bus(NetworkManager_t)
')
diff --git a/policy/modules/services/nis.if b/policy/modules/services/nis.if
index 2132e42..f1196e1 100644
--- a/policy/modules/services/nis.if
+++ b/policy/modules/services/nis.if
@@ -101,7 +101,7 @@ interface(`nis_domtrans_ypbind',`
')
corecmd_search_bin($1)
- domtrans_pattern($1,ypbind_exec_t,ypbind_t)
+ domtrans_pattern($1, ypbind_exec_t, ypbind_t)
')
########################################
@@ -242,5 +242,5 @@ interface(`nis_domtrans_ypxfr',`
')
corecmd_search_bin($1)
- domtrans_pattern($1,ypxfr_exec_t,ypxfr_t)
+ domtrans_pattern($1, ypxfr_exec_t, ypxfr_t)
')
diff --git a/policy/modules/services/nis.te b/policy/modules/services/nis.te
index cdc6565..9cec5d3 100644
--- a/policy/modules/services/nis.te
+++ b/policy/modules/services/nis.te
@@ -11,7 +11,7 @@ files_type(var_yp_t)
type ypbind_t;
type ypbind_exec_t;
-init_daemon_domain(ypbind_t,ypbind_exec_t)
+init_daemon_domain(ypbind_t, ypbind_exec_t)
type ypbind_tmp_t;
files_tmp_file(ypbind_tmp_t)
@@ -21,7 +21,7 @@ files_pid_file(ypbind_var_run_t)
type yppasswdd_t;
type yppasswdd_exec_t;
-init_daemon_domain(yppasswdd_t,yppasswdd_exec_t)
+init_daemon_domain(yppasswdd_t, yppasswdd_exec_t)
domain_obj_id_change_exemption(yppasswdd_t)
type yppasswdd_var_run_t;
@@ -29,7 +29,7 @@ files_pid_file(yppasswdd_var_run_t)
type ypserv_t;
type ypserv_exec_t;
-init_daemon_domain(ypserv_t,ypserv_exec_t)
+init_daemon_domain(ypserv_t, ypserv_exec_t)
type ypserv_conf_t;
files_type(ypserv_conf_t)
@@ -42,7 +42,7 @@ files_pid_file(ypserv_var_run_t)
type ypxfr_t;
type ypxfr_exec_t;
-init_daemon_domain(ypxfr_t,ypxfr_exec_t)
+init_daemon_domain(ypxfr_t, ypxfr_exec_t)
########################################
#
@@ -56,14 +56,14 @@ allow ypbind_t self:netlink_route_socket r_netlink_socket_perms;
allow ypbind_t self:tcp_socket create_stream_socket_perms;
allow ypbind_t self:udp_socket create_socket_perms;
-manage_dirs_pattern(ypbind_t,ypbind_tmp_t,ypbind_tmp_t)
-manage_files_pattern(ypbind_t,ypbind_tmp_t,ypbind_tmp_t)
+manage_dirs_pattern(ypbind_t, ypbind_tmp_t, ypbind_tmp_t)
+manage_files_pattern(ypbind_t, ypbind_tmp_t, ypbind_tmp_t)
files_tmp_filetrans(ypbind_t, ypbind_tmp_t, { file dir })
-manage_files_pattern(ypbind_t,ypbind_var_run_t,ypbind_var_run_t)
-files_pid_filetrans(ypbind_t,ypbind_var_run_t,file)
+manage_files_pattern(ypbind_t, ypbind_var_run_t, ypbind_var_run_t)
+files_pid_filetrans(ypbind_t, ypbind_var_run_t, file)
-manage_files_pattern(ypbind_t,var_yp_t,var_yp_t)
+manage_files_pattern(ypbind_t, var_yp_t, var_yp_t)
kernel_read_kernel_sysctls(ypbind_t)
kernel_list_proc(ypbind_t)
@@ -136,11 +136,11 @@ allow yppasswdd_t self:netlink_route_socket r_netlink_socket_perms;
allow yppasswdd_t self:tcp_socket create_stream_socket_perms;
allow yppasswdd_t self:udp_socket create_socket_perms;
-manage_files_pattern(yppasswdd_t,yppasswdd_var_run_t,yppasswdd_var_run_t)
-files_pid_filetrans(yppasswdd_t,yppasswdd_var_run_t,file)
+manage_files_pattern(yppasswdd_t, yppasswdd_var_run_t, yppasswdd_var_run_t)
+files_pid_filetrans(yppasswdd_t, yppasswdd_var_run_t, file)
-manage_files_pattern(yppasswdd_t,var_yp_t,var_yp_t)
-manage_lnk_files_pattern(yppasswdd_t,var_yp_t,var_yp_t)
+manage_files_pattern(yppasswdd_t, var_yp_t, var_yp_t)
+manage_lnk_files_pattern(yppasswdd_t, var_yp_t, var_yp_t)
kernel_list_proc(yppasswdd_t)
kernel_read_proc_symlinks(yppasswdd_t)
@@ -226,12 +226,12 @@ manage_files_pattern(ypserv_t,var_yp_t,var_yp_t)
allow ypserv_t ypserv_conf_t:file { getattr read };
-manage_dirs_pattern(ypserv_t,ypserv_tmp_t,ypserv_tmp_t)
-manage_files_pattern(ypserv_t,ypserv_tmp_t,ypserv_tmp_t)
+manage_dirs_pattern(ypserv_t, ypserv_tmp_t, ypserv_tmp_t)
+manage_files_pattern(ypserv_t, ypserv_tmp_t, ypserv_tmp_t)
files_tmp_filetrans(ypserv_t, ypserv_tmp_t, { file dir })
-manage_files_pattern(ypserv_t,ypserv_var_run_t,ypserv_var_run_t)
-files_pid_filetrans(ypserv_t,ypserv_var_run_t,file)
+manage_files_pattern(ypserv_t, ypserv_var_run_t, ypserv_var_run_t)
+files_pid_filetrans(ypserv_t, ypserv_var_run_t, file)
kernel_read_kernel_sysctls(ypserv_t)
kernel_list_proc(ypserv_t)
diff --git a/policy/modules/services/nscd.if b/policy/modules/services/nscd.if
index 7412c97..732e5e8 100644
--- a/policy/modules/services/nscd.if
+++ b/policy/modules/services/nscd.if
@@ -34,7 +34,7 @@ interface(`nscd_domtrans',`
')
corecmd_search_bin($1)
- domtrans_pattern($1,nscd_exec_t,nscd_t)
+ domtrans_pattern($1, nscd_exec_t, nscd_t)
')
########################################
@@ -53,7 +53,7 @@ interface(`nscd_exec',`
type nscd_exec_t;
')
- can_exec($1,nscd_exec_t)
+ can_exec($1, nscd_exec_t)
')
########################################
@@ -80,7 +80,7 @@ interface(`nscd_socket_use',`
dontaudit $1 nscd_t:nscd { shmempwd shmemgrp shmemhost };
files_search_pids($1)
- stream_connect_pattern($1,nscd_var_run_t,nscd_var_run_t,nscd_t)
+ stream_connect_pattern($1, nscd_var_run_t, nscd_var_run_t, nscd_t)
dontaudit $1 nscd_var_run_t:file { getattr read };
')
@@ -152,7 +152,7 @@ interface(`nscd_read_pid',`
')
files_search_pids($1)
- read_files_pattern($1,nscd_var_run_t,nscd_var_run_t)
+ read_files_pattern($1, nscd_var_run_t, nscd_var_run_t)
')
########################################
diff --git a/policy/modules/services/nscd.te b/policy/modules/services/nscd.te
index 42b2b4d..5e4eb69 100644
--- a/policy/modules/services/nscd.te
+++ b/policy/modules/services/nscd.te
@@ -18,7 +18,7 @@ files_pid_file(nscd_var_run_t)
# nscd is both the client program and the daemon.
type nscd_t;
type nscd_exec_t;
-init_daemon_domain(nscd_t,nscd_exec_t)
+init_daemon_domain(nscd_t, nscd_exec_t)
type nscd_log_t;
logging_log_file(nscd_log_t)
@@ -44,11 +44,11 @@ allow nscd_t self:udp_socket create_socket_perms;
allow nscd_t self:nscd { admin getstat };
allow nscd_t nscd_log_t:file manage_file_perms;
-logging_log_filetrans(nscd_t,nscd_log_t,file)
+logging_log_filetrans(nscd_t, nscd_log_t, file)
-manage_files_pattern(nscd_t,nscd_var_run_t,nscd_var_run_t)
-manage_sock_files_pattern(nscd_t,nscd_var_run_t,nscd_var_run_t)
-files_pid_filetrans(nscd_t,nscd_var_run_t,{ file sock_file })
+manage_files_pattern(nscd_t, nscd_var_run_t, nscd_var_run_t)
+manage_sock_files_pattern(nscd_t, nscd_var_run_t, nscd_var_run_t)
+files_pid_filetrans(nscd_t, nscd_var_run_t, { file sock_file })
kernel_read_kernel_sysctls(nscd_t)
kernel_list_proc(nscd_t)
diff --git a/policy/modules/services/nsd.te b/policy/modules/services/nsd.te
index a5870d9..22611c0 100644
--- a/policy/modules/services/nsd.te
+++ b/policy/modules/services/nsd.te
@@ -8,7 +8,7 @@ policy_module(nsd, 1.5.0)
type nsd_t;
type nsd_exec_t;
-init_daemon_domain(nsd_t,nsd_exec_t)
+init_daemon_domain(nsd_t, nsd_exec_t)
# A type for configuration files of nsd
type nsd_conf_t;
@@ -16,7 +16,7 @@ files_type(nsd_conf_t)
type nsd_crond_t;
domain_type(nsd_crond_t)
-domain_entry_file(nsd_crond_t,nsd_exec_t)
+domain_entry_file(nsd_crond_t, nsd_exec_t)
role system_r types nsd_crond_t;
# a type for nsd.db
@@ -42,20 +42,20 @@ allow nsd_t self:tcp_socket create_stream_socket_perms;
allow nsd_t self:udp_socket create_socket_perms;
allow nsd_t nsd_conf_t:dir list_dir_perms;
-read_files_pattern(nsd_t,nsd_conf_t,nsd_conf_t)
-read_lnk_files_pattern(nsd_t,nsd_conf_t,nsd_conf_t)
+read_files_pattern(nsd_t, nsd_conf_t, nsd_conf_t)
+read_lnk_files_pattern(nsd_t, nsd_conf_t, nsd_conf_t)
allow nsd_t nsd_db_t:file manage_file_perms;
-filetrans_pattern(nsd_t,nsd_zone_t,nsd_db_t,file)
+filetrans_pattern(nsd_t, nsd_zone_t, nsd_db_t, file)
-manage_files_pattern(nsd_t,nsd_var_run_t,nsd_var_run_t)
-files_pid_filetrans(nsd_t,nsd_var_run_t,file)
+manage_files_pattern(nsd_t, nsd_var_run_t, nsd_var_run_t)
+files_pid_filetrans(nsd_t, nsd_var_run_t, file)
allow nsd_t nsd_zone_t:dir list_dir_perms;
-read_files_pattern(nsd_t,nsd_zone_t,nsd_zone_t)
-read_lnk_files_pattern(nsd_t,nsd_zone_t,nsd_zone_t)
+read_files_pattern(nsd_t, nsd_zone_t, nsd_zone_t)
+read_lnk_files_pattern(nsd_t, nsd_zone_t, nsd_zone_t)
-can_exec(nsd_t,nsd_exec_t)
+can_exec(nsd_t, nsd_exec_t)
kernel_read_system_state(nsd_t)
kernel_read_kernel_sysctls(nsd_t)
@@ -127,17 +127,17 @@ allow nsd_crond_t self:udp_socket create_socket_perms;
allow nsd_crond_t nsd_conf_t:file { getattr read ioctl };
allow nsd_crond_t nsd_db_t:file manage_file_perms;
-filetrans_pattern(nsd_crond_t,nsd_zone_t,nsd_db_t,file)
+filetrans_pattern(nsd_crond_t, nsd_zone_t, nsd_db_t, file)
files_search_var_lib(nsd_crond_t)
allow nsd_crond_t nsd_t:process signal;
-ps_process_pattern(nsd_crond_t,nsd_t)
+ps_process_pattern(nsd_crond_t, nsd_t)
-manage_files_pattern(nsd_crond_t,nsd_zone_t,nsd_zone_t)
-filetrans_pattern(nsd_crond_t,nsd_conf_t,nsd_zone_t,file)
+manage_files_pattern(nsd_crond_t, nsd_zone_t, nsd_zone_t)
+filetrans_pattern(nsd_crond_t, nsd_conf_t, nsd_zone_t, file)
-can_exec(nsd_crond_t,nsd_exec_t)
+can_exec(nsd_crond_t, nsd_exec_t)
kernel_read_system_state(nsd_crond_t)
@@ -176,7 +176,7 @@ sysnet_read_config(nsd_crond_t)
sysadm_dontaudit_search_home_dirs(nsd_crond_t)
optional_policy(`
- cron_system_entry(nsd_crond_t,nsd_exec_t)
+ cron_system_entry(nsd_crond_t, nsd_exec_t)
')
optional_policy(`
diff --git a/policy/modules/services/ntop.te b/policy/modules/services/ntop.te
index 25535d7..54a2c5f 100644
--- a/policy/modules/services/ntop.te
+++ b/policy/modules/services/ntop.te
@@ -8,8 +8,8 @@ policy_module(ntop, 1.6.0)
type ntop_t;
type ntop_exec_t;
-init_daemon_domain(ntop_t,ntop_exec_t)
-application_domain(ntop_t,ntop_exec_t)
+init_daemon_domain(ntop_t, ntop_exec_t)
+application_domain(ntop_t, ntop_exec_t)
type ntop_etc_t;
files_config_file(ntop_etc_t)
@@ -40,22 +40,22 @@ allow ntop_t self:udp_socket create_socket_perms;
allow ntop_t self:packet_socket create_socket_perms;
allow ntop_t ntop_etc_t:dir list_dir_perms;
-read_files_pattern(ntop_t,ntop_etc_t,ntop_etc_t)
-read_lnk_files_pattern(ntop_t,ntop_etc_t,ntop_etc_t)
+read_files_pattern(ntop_t, ntop_etc_t, ntop_etc_t)
+read_lnk_files_pattern(ntop_t, ntop_etc_t, ntop_etc_t)
allow ntop_t ntop_http_content_t:dir list_dir_perms;
-read_files_pattern(ntop_t,ntop_http_content_t,ntop_http_content_t)
+read_files_pattern(ntop_t, ntop_http_content_t, ntop_http_content_t)
-manage_dirs_pattern(ntop_t,ntop_tmp_t,ntop_tmp_t)
-manage_files_pattern(ntop_t,ntop_tmp_t,ntop_tmp_t)
+manage_dirs_pattern(ntop_t, ntop_tmp_t, ntop_tmp_t)
+manage_files_pattern(ntop_t, ntop_tmp_t, ntop_tmp_t)
files_tmp_filetrans(ntop_t, ntop_tmp_t, { file dir })
-create_dirs_pattern(ntop_t,ntop_var_lib_t,ntop_var_lib_t)
-manage_files_pattern(ntop_t,ntop_var_lib_t,ntop_var_lib_t)
-files_var_lib_filetrans(ntop_t,ntop_var_lib_t,file)
+create_dirs_pattern(ntop_t, ntop_var_lib_t, ntop_var_lib_t)
+manage_files_pattern(ntop_t, ntop_var_lib_t, ntop_var_lib_t)
+files_var_lib_filetrans(ntop_t, ntop_var_lib_t, file)
-manage_files_pattern(ntop_t,ntop_var_run_t,ntop_var_run_t)
-files_pid_filetrans(ntop_t,ntop_var_run_t,file)
+manage_files_pattern(ntop_t, ntop_var_run_t, ntop_var_run_t)
+files_pid_filetrans(ntop_t, ntop_var_run_t, file)
kernel_read_network_state(ntop_t)
kernel_read_kernel_sysctls(ntop_t)
diff --git a/policy/modules/services/ntp.if b/policy/modules/services/ntp.if
index 9605874..06bf2ea 100644
--- a/policy/modules/services/ntp.if
+++ b/policy/modules/services/ntp.if
@@ -32,7 +32,7 @@ interface(`ntp_domtrans',`
')
corecmd_search_bin($1)
- domtrans_pattern($1,ntpd_exec_t,ntpd_t)
+ domtrans_pattern($1, ntpd_exec_t, ntpd_t)
')
########################################
@@ -51,5 +51,5 @@ interface(`ntp_domtrans_ntpdate',`
')
corecmd_search_bin($1)
- domtrans_pattern($1,ntpdate_exec_t,ntpd_t)
+ domtrans_pattern($1, ntpdate_exec_t, ntpd_t)
')
diff --git a/policy/modules/services/ntp.te b/policy/modules/services/ntp.te
index 15b4b95..f10ed7d 100644
--- a/policy/modules/services/ntp.te
+++ b/policy/modules/services/ntp.te
@@ -11,7 +11,7 @@ files_type(ntp_drift_t)
type ntpd_t;
type ntpd_exec_t;
-init_daemon_domain(ntpd_t,ntpd_exec_t)
+init_daemon_domain(ntpd_t, ntpd_exec_t)
type ntpd_log_t;
logging_log_file(ntpd_log_t)
@@ -23,7 +23,7 @@ type ntpd_var_run_t;
files_pid_file(ntpd_var_run_t)
type ntpdate_exec_t;
-init_system_domain(ntpd_t,ntpdate_exec_t)
+init_system_domain(ntpd_t, ntpdate_exec_t)
########################################
#
@@ -41,7 +41,7 @@ allow ntpd_t self:unix_stream_socket create_socket_perms;
allow ntpd_t self:tcp_socket create_stream_socket_perms;
allow ntpd_t self:udp_socket create_socket_perms;
-manage_files_pattern(ntpd_t,ntp_drift_t,ntp_drift_t)
+manage_files_pattern(ntpd_t, ntp_drift_t, ntp_drift_t)
can_exec(ntpd_t,ntpd_exec_t)
@@ -50,12 +50,12 @@ manage_files_pattern(ntpd_t,ntpd_log_t,ntpd_log_t)
logging_log_filetrans(ntpd_t,ntpd_log_t,{ file dir })
# for some reason it creates a file in /tmp
-manage_dirs_pattern(ntpd_t,ntpd_tmp_t,ntpd_tmp_t)
-manage_files_pattern(ntpd_t,ntpd_tmp_t,ntpd_tmp_t)
+manage_dirs_pattern(ntpd_t, ntpd_tmp_t, ntpd_tmp_t)
+manage_files_pattern(ntpd_t, ntpd_tmp_t, ntpd_tmp_t)
files_tmp_filetrans(ntpd_t, ntpd_tmp_t, { file dir })
-manage_files_pattern(ntpd_t,ntpd_var_run_t,ntpd_var_run_t)
-files_pid_filetrans(ntpd_t,ntpd_var_run_t,file)
+manage_files_pattern(ntpd_t, ntpd_var_run_t, ntpd_var_run_t)
+files_pid_filetrans(ntpd_t, ntpd_var_run_t, file)
kernel_read_kernel_sysctls(ntpd_t)
kernel_read_system_state(ntpd_t)
@@ -111,7 +111,7 @@ sysadm_list_home_dirs(ntpd_t)
optional_policy(`
# for cron jobs
- cron_system_entry(ntpd_t,ntpdate_exec_t)
+ cron_system_entry(ntpd_t, ntpdate_exec_t)
')
optional_policy(`
diff --git a/policy/modules/services/nx.if b/policy/modules/services/nx.if
index 0e345be..0ab8cbc 100644
--- a/policy/modules/services/nx.if
+++ b/policy/modules/services/nx.if
@@ -15,5 +15,5 @@ interface(`nx_spec_domtrans_server',`
type nx_server_t, nx_server_exec_t;
')
- spec_domtrans_pattern($1,nx_server_exec_t,nx_server_t)
+ spec_domtrans_pattern($1, nx_server_exec_t, nx_server_t)
')
diff --git a/policy/modules/services/nx.te b/policy/modules/services/nx.te
index 1830e61..eef573e 100644
--- a/policy/modules/services/nx.te
+++ b/policy/modules/services/nx.te
@@ -1,5 +1,5 @@
-policy_module(nx,1.3.0)
+policy_module(nx, 1.3.0)
########################################
#
@@ -9,7 +9,7 @@ policy_module(nx,1.3.0)
type nx_server_t;
type nx_server_exec_t;
domain_type(nx_server_t)
-domain_entry_file(nx_server_t,nx_server_exec_t)
+domain_entry_file(nx_server_t, nx_server_exec_t)
domain_user_exemption_target(nx_server_t)
# we need an extra role because nxserver is called from sshd
# cjp: do we really need this?
@@ -17,7 +17,7 @@ role nx_server_r types nx_server_t;
allow system_r nx_server_r;
type nx_server_devpts_t;
-term_user_pty(nx_server_t,nx_server_devpts_t)
+term_user_pty(nx_server_t, nx_server_devpts_t)
type nx_server_tmp_t;
files_tmp_file(nx_server_tmp_t)
@@ -37,12 +37,12 @@ allow nx_server_t self:udp_socket create_socket_perms;
allow nx_server_t nx_server_devpts_t:chr_file { rw_chr_file_perms setattr };
term_create_pty(nx_server_t,nx_server_devpts_t)
-manage_dirs_pattern(nx_server_t,nx_server_tmp_t,nx_server_tmp_t)
-manage_files_pattern(nx_server_t,nx_server_tmp_t,nx_server_tmp_t)
+manage_dirs_pattern(nx_server_t, nx_server_tmp_t, nx_server_tmp_t)
+manage_files_pattern(nx_server_t, nx_server_tmp_t, nx_server_tmp_t)
files_tmp_filetrans(nx_server_t, nx_server_tmp_t, { file dir })
-manage_files_pattern(nx_server_t,nx_server_var_run_t,nx_server_var_run_t)
-files_pid_filetrans(nx_server_t,nx_server_var_run_t,file)
+manage_files_pattern(nx_server_t, nx_server_var_run_t, nx_server_var_run_t)
+files_pid_filetrans(nx_server_t, nx_server_var_run_t, file)
kernel_read_system_state(nx_server_t)
kernel_read_kernel_sysctls(nx_server_t)
@@ -91,4 +91,4 @@ allow nx_server_t user_tmpfile:file getattr;
# SSH component local policy
#
-ssh_basic_client_template(nx_server,nx_server_t,nx_server_r)
+ssh_basic_client_template(nx_server, nx_server_t, nx_server_r)
diff --git a/policy/modules/services/oav.if b/policy/modules/services/oav.if
index cf56dfb..0d6b501 100644
--- a/policy/modules/services/oav.if
+++ b/policy/modules/services/oav.if
@@ -16,7 +16,7 @@ interface(`oav_domtrans_update',`
')
corecmd_search_bin($1)
- domtrans_pattern($1,oav_update_exec_t,oav_update_t)
+ domtrans_pattern($1, oav_update_exec_t, oav_update_t)
')
########################################
diff --git a/policy/modules/services/oav.te b/policy/modules/services/oav.te
index 69bfb1d..2c93c85 100644
--- a/policy/modules/services/oav.te
+++ b/policy/modules/services/oav.te
@@ -8,7 +8,7 @@ policy_module(oav, 1.6.0)
type oav_update_t;
type oav_update_exec_t;
-application_domain(oav_update_t,oav_update_exec_t)
+application_domain(oav_update_t, oav_update_exec_t)
# cjp: may be collapsable to etc_t
type oav_update_etc_t;
@@ -19,7 +19,7 @@ files_type(oav_update_var_lib_t)
type scannerdaemon_t;
type scannerdaemon_exec_t;
-init_daemon_domain(scannerdaemon_t,scannerdaemon_exec_t)
+init_daemon_domain(scannerdaemon_t, scannerdaemon_exec_t)
type scannerdaemon_etc_t;
files_type(scannerdaemon_etc_t)
@@ -43,9 +43,9 @@ allow oav_update_t oav_update_etc_t:dir list_dir_perms;
allow oav_update_t oav_update_etc_t:file read_file_perms;
# Can read /var/lib/oav-update/current
-manage_dirs_pattern(oav_update_t,oav_update_var_lib_t,oav_update_var_lib_t)
-manage_files_pattern(oav_update_t,oav_update_var_lib_t,oav_update_var_lib_t)
-read_lnk_files_pattern(oav_update_t,oav_update_var_lib_t,oav_update_var_lib_t)
+manage_dirs_pattern(oav_update_t, oav_update_var_lib_t, oav_update_var_lib_t)
+manage_files_pattern(oav_update_t, oav_update_var_lib_t, oav_update_var_lib_t)
+read_lnk_files_pattern(oav_update_t, oav_update_var_lib_t, oav_update_var_lib_t)
corecmd_exec_all_executables(oav_update_t)
@@ -72,7 +72,7 @@ logging_send_syslog_msg(oav_update_t)
sysnet_read_config(oav_update_t)
optional_policy(`
- cron_system_entry(oav_update_t,oav_update_exec_t)
+ cron_system_entry(oav_update_t, oav_update_exec_t)
')
########################################
@@ -93,10 +93,10 @@ files_search_var_lib(scannerdaemon_t)
allow scannerdaemon_t scannerdaemon_etc_t:file read_file_perms;
allow scannerdaemon_t scannerdaemon_log_t:file manage_file_perms;
-logging_log_filetrans(scannerdaemon_t,scannerdaemon_log_t,file)
+logging_log_filetrans(scannerdaemon_t, scannerdaemon_log_t, file)
-manage_files_pattern(scannerdaemon_t,scannerdaemon_var_run_t,scannerdaemon_var_run_t)
-files_pid_filetrans(scannerdaemon_t,scannerdaemon_var_run_t,file)
+manage_files_pattern(scannerdaemon_t, scannerdaemon_var_run_t, scannerdaemon_var_run_t)
+files_pid_filetrans(scannerdaemon_t, scannerdaemon_var_run_t, file)
kernel_read_system_state(scannerdaemon_t)
kernel_read_kernel_sysctls(scannerdaemon_t)
diff --git a/policy/modules/services/oddjob.if b/policy/modules/services/oddjob.if
index 3338e8f..9bac058 100644
--- a/policy/modules/services/oddjob.if
+++ b/policy/modules/services/oddjob.if
@@ -19,7 +19,7 @@ interface(`oddjob_domtrans',`
type oddjob_t, oddjob_exec_t;
')
- domtrans_pattern($1,oddjob_exec_t,oddjob_t)
+ domtrans_pattern($1, oddjob_exec_t, oddjob_t)
')
########################################
@@ -82,5 +82,5 @@ interface(`oddjob_domtrans_mkhomedir',`
type oddjob_mkhomedir_t, oddjob_mkhomedir_exec_t;
')
- domtrans_pattern($1,oddjob_mkhomedir_exec_t,oddjob_mkhomedir_t)
+ domtrans_pattern($1, oddjob_mkhomedir_exec_t, oddjob_mkhomedir_t)
')
diff --git a/policy/modules/services/oddjob.te b/policy/modules/services/oddjob.te
index 6fffb44..0a38d3a 100644
--- a/policy/modules/services/oddjob.te
+++ b/policy/modules/services/oddjob.te
@@ -32,9 +32,9 @@ allow oddjob_t self:process { setexec signal };
allow oddjob_t self:fifo_file { read write };
allow oddjob_t self:unix_stream_socket create_stream_socket_perms;
-manage_files_pattern(oddjob_t,oddjob_var_run_t,oddjob_var_run_t)
-manage_sock_files_pattern(oddjob_t,oddjob_var_run_t,oddjob_var_run_t)
-files_pid_filetrans(oddjob_t,oddjob_var_run_t, { file sock_file })
+manage_files_pattern(oddjob_t, oddjob_var_run_t, oddjob_var_run_t)
+manage_sock_files_pattern(oddjob_t, oddjob_var_run_t, oddjob_var_run_t)
+files_pid_filetrans(oddjob_t, oddjob_var_run_t, { file sock_file })
kernel_read_system_state(oddjob_t)
@@ -55,7 +55,7 @@ miscfiles_read_localization(oddjob_t)
locallogin_dontaudit_use_fds(oddjob_t)
optional_policy(`
- dbus_system_bus_client_template(oddjob,oddjob_t)
+ dbus_system_bus_client_template(oddjob, oddjob_t)
dbus_connect_system_bus(oddjob_t)
')
@@ -85,5 +85,5 @@ unprivuser_home_filetrans_home_dir(oddjob_mkhomedir_t)
unprivuser_manage_home_content_dirs(oddjob_mkhomedir_t)
unprivuser_manage_home_content_files(oddjob_mkhomedir_t)
unprivuser_manage_home_dirs(oddjob_mkhomedir_t)
-unprivuser_home_dir_filetrans_home_content(oddjob_mkhomedir_t,notdevfile_class_set)
+unprivuser_home_dir_filetrans_home_content(oddjob_mkhomedir_t, notdevfile_class_set)
diff --git a/policy/modules/services/openca.te b/policy/modules/services/openca.te
index 53cde88..a097200 100644
--- a/policy/modules/services/openca.te
+++ b/policy/modules/services/openca.te
@@ -1,5 +1,5 @@
-policy_module(openca,1.1.0)
+policy_module(openca, 1.1.0)
########################################
#
@@ -9,7 +9,7 @@ policy_module(openca,1.1.0)
type openca_ca_t;
type openca_ca_exec_t;
domain_type(openca_ca_t)
-domain_entry_file(openca_ca_t,openca_ca_exec_t)
+domain_entry_file(openca_ca_t, openca_ca_exec_t)
role system_r types openca_ca_t;
# cjp: seems like some of these types
@@ -50,20 +50,20 @@ allow openca_ca_t openca_etc_t:file read_file_perms;
allow openca_ca_t openca_etc_t:dir list_dir_perms;
# Allow access to writeable files under /etc/openca
-manage_dirs_pattern(openca_ca_t,openca_etc_writeable_t,openca_etc_writeable_t)
-manage_files_pattern(openca_ca_t,openca_etc_writeable_t,openca_etc_writeable_t)
+manage_dirs_pattern(openca_ca_t, openca_etc_writeable_t, openca_etc_writeable_t)
+manage_files_pattern(openca_ca_t, openca_etc_writeable_t, openca_etc_writeable_t)
# Allow access to other /var/lib/openca files
-manage_dirs_pattern(openca_ca_t,openca_var_lib_t,openca_var_lib_t)
-manage_files_pattern(openca_ca_t,openca_var_lib_t,openca_var_lib_t)
+manage_dirs_pattern(openca_ca_t, openca_var_lib_t, openca_var_lib_t)
+manage_files_pattern(openca_ca_t, openca_var_lib_t, openca_var_lib_t)
# Allow access to private CA key
-manage_dirs_pattern(openca_ca_t,openca_var_lib_keys_t,openca_var_lib_keys_t)
-manage_files_pattern(openca_ca_t,openca_var_lib_keys_t,openca_var_lib_keys_t)
+manage_dirs_pattern(openca_ca_t, openca_var_lib_keys_t, openca_var_lib_keys_t)
+manage_files_pattern(openca_ca_t, openca_var_lib_keys_t, openca_var_lib_keys_t)
# Allow access to other /usr/share/openca files
-read_files_pattern(openca_ca_t,openca_usr_share_t,openca_usr_share_t)
-read_lnk_files_pattern(openca_ca_t,openca_usr_share_t,openca_usr_share_t)
+read_files_pattern(openca_ca_t, openca_usr_share_t, openca_usr_share_t)
+read_lnk_files_pattern(openca_ca_t, openca_usr_share_t, openca_usr_share_t)
allow openca_ca_t openca_usr_share_t:dir list_dir_perms;
# the perl executable will be able to run a perl script
diff --git a/policy/modules/services/openct.if b/policy/modules/services/openct.if
index b947cfd..9d0a67b 100644
--- a/policy/modules/services/openct.if
+++ b/policy/modules/services/openct.if
@@ -34,7 +34,7 @@ interface(`openct_exec',`
')
corecmd_search_bin($1)
- can_exec($1,openct_exec_t)
+ can_exec($1, openct_exec_t)
')
########################################
@@ -53,7 +53,7 @@ interface(`openct_domtrans',`
')
corecmd_search_bin($1)
- domtrans_pattern($1,openct_exec_t,openct_t)
+ domtrans_pattern($1, openct_exec_t, openct_t)
')
########################################
@@ -72,7 +72,7 @@ interface(`openct_read_pid_files',`
')
files_search_pids($1)
- read_files_pattern($1,openct_var_run_t,openct_var_run_t)
+ read_files_pattern($1, openct_var_run_t, openct_var_run_t)
')
########################################
@@ -91,5 +91,5 @@ interface(`openct_stream_connect',`
')
files_search_pids($1)
- stream_connect_pattern($1,openct_var_run_t,openct_var_run_t,openct_t)
+ stream_connect_pattern($1, openct_var_run_t, openct_var_run_t, openct_t)
')
diff --git a/policy/modules/services/openct.te b/policy/modules/services/openct.te
index 7f72de0..4a48f86 100644
--- a/policy/modules/services/openct.te
+++ b/policy/modules/services/openct.te
@@ -8,7 +8,7 @@ policy_module(openct, 1.3.0)
type openct_t;
type openct_exec_t;
-init_daemon_domain(openct_t,openct_exec_t)
+init_daemon_domain(openct_t, openct_exec_t)
type openct_var_run_t;
files_pid_file(openct_var_run_t)
@@ -21,9 +21,9 @@ files_pid_file(openct_var_run_t)
dontaudit openct_t self:capability sys_tty_config;
allow openct_t self:process signal_perms;
-manage_files_pattern(openct_t,openct_var_run_t,openct_var_run_t)
-manage_sock_files_pattern(openct_t,openct_var_run_t,openct_var_run_t)
-files_pid_filetrans(openct_t,openct_var_run_t,{ file sock_file })
+manage_files_pattern(openct_t, openct_var_run_t, openct_var_run_t)
+manage_sock_files_pattern(openct_t, openct_var_run_t, openct_var_run_t)
+files_pid_filetrans(openct_t, openct_var_run_t, { file sock_file })
kernel_read_kernel_sysctls(openct_t)
kernel_list_proc(openct_t)
diff --git a/policy/modules/services/openvpn.if b/policy/modules/services/openvpn.if
index f806906..54c09b8 100644
--- a/policy/modules/services/openvpn.if
+++ b/policy/modules/services/openvpn.if
@@ -87,6 +87,6 @@ interface(`openvpn_read_config',`
files_search_etc($1)
allow $1 openvpn_etc_t:dir list_dir_perms;
- read_files_pattern($1,openvpn_etc_t,openvpn_etc_t)
- read_lnk_files_pattern($1,openvpn_etc_t,openvpn_etc_t)
+ read_files_pattern($1, openvpn_etc_t, openvpn_etc_t)
+ read_lnk_files_pattern($1, openvpn_etc_t, openvpn_etc_t)
')
diff --git a/policy/modules/services/openvpn.te b/policy/modules/services/openvpn.te
index 0c69ce5..8306732 100644
--- a/policy/modules/services/openvpn.te
+++ b/policy/modules/services/openvpn.te
@@ -1,5 +1,5 @@
-policy_module(openvpn,1.5.0)
+policy_module(openvpn, 1.5.0)
########################################
#
@@ -11,7 +11,7 @@ policy_module(openvpn,1.5.0)
## Allow openvpn to read home directories
##
##
-gen_tunable(openvpn_enable_homedirs,false)
+gen_tunable(openvpn_enable_homedirs, false)
# main openvpn domain
type openvpn_t;
@@ -45,11 +45,11 @@ allow openvpn_t self:tcp_socket server_stream_socket_perms;
allow openvpn_t self:netlink_route_socket rw_netlink_socket_perms;
allow openvpn_t openvpn_etc_t:dir list_dir_perms;
-read_files_pattern(openvpn_t,openvpn_etc_t,openvpn_etc_t)
-read_lnk_files_pattern(openvpn_t,openvpn_etc_t,openvpn_etc_t)
+read_files_pattern(openvpn_t, openvpn_etc_t, openvpn_etc_t)
+read_lnk_files_pattern(openvpn_t, openvpn_etc_t, openvpn_etc_t)
allow openvpn_t openvpn_var_log_t:file manage_file_perms;
-logging_log_filetrans(openvpn_t,openvpn_var_log_t,file)
+logging_log_filetrans(openvpn_t, openvpn_var_log_t, file)
manage_files_pattern(openvpn_t, openvpn_var_run_t, openvpn_var_run_t)
files_pid_filetrans(openvpn_t, openvpn_var_run_t, { file dir })
@@ -101,11 +101,11 @@ tunable_policy(`openvpn_enable_homedirs',`
')
optional_policy(`
- daemontools_service_domain(openvpn_t,openvpn_exec_t)
+ daemontools_service_domain(openvpn_t, openvpn_exec_t)
')
optional_policy(`
- dbus_system_bus_client_template(openvpn,openvpn_t)
+ dbus_system_bus_client_template(openvpn, openvpn_t)
dbus_connect_system_bus(openvpn_t)
networkmanager_dbus_chat(openvpn_t)
diff --git a/policy/modules/services/pcscd.if b/policy/modules/services/pcscd.if
index 5c77c32..7622d76 100644
--- a/policy/modules/services/pcscd.if
+++ b/policy/modules/services/pcscd.if
@@ -15,7 +15,7 @@ interface(`pcscd_domtrans',`
type pcscd_t, pcscd_exec_t;
')
- domtrans_pattern($1,pcscd_exec_t,pcscd_t)
+ domtrans_pattern($1, pcscd_exec_t, pcscd_t)
')
########################################
diff --git a/policy/modules/services/pcscd.te b/policy/modules/services/pcscd.te
index 1f382e1..a90f603 100644
--- a/policy/modules/services/pcscd.te
+++ b/policy/modules/services/pcscd.te
@@ -1,5 +1,5 @@
-policy_module(pcscd,1.4.0)
+policy_module(pcscd, 1.4.0)
########################################
#
@@ -27,9 +27,9 @@ allow pcscd_t self:unix_stream_socket create_stream_socket_perms;
allow pcscd_t self:unix_dgram_socket create_socket_perms;
allow pcscd_t self:tcp_socket create_stream_socket_perms;
-manage_files_pattern(pcscd_t,pcscd_var_run_t,pcscd_var_run_t)
-manage_sock_files_pattern(pcscd_t,pcscd_var_run_t,pcscd_var_run_t)
-files_pid_filetrans(pcscd_t,pcscd_var_run_t, { file sock_file })
+manage_files_pattern(pcscd_t, pcscd_var_run_t, pcscd_var_run_t)
+manage_sock_files_pattern(pcscd_t, pcscd_var_run_t, pcscd_var_run_t)
+files_pid_filetrans(pcscd_t, pcscd_var_run_t, { file sock_file })
corenet_all_recvfrom_unlabeled(pcscd_t)
corenet_all_recvfrom_netlabel(pcscd_t)
diff --git a/policy/modules/services/pegasus.te b/policy/modules/services/pegasus.te
index 321e73c..c4223eb 100644
--- a/policy/modules/services/pegasus.te
+++ b/policy/modules/services/pegasus.te
@@ -8,7 +8,7 @@ policy_module(pegasus, 1.6.0)
type pegasus_t;
type pegasus_exec_t;
-init_daemon_domain(pegasus_t,pegasus_exec_t)
+init_daemon_domain(pegasus_t, pegasus_exec_t)
type pegasus_data_t;
files_type(pegasus_data_t)
@@ -42,24 +42,24 @@ allow pegasus_t pegasus_conf_t:dir rw_dir_perms;
allow pegasus_t pegasus_conf_t:file { read_file_perms link unlink };
allow pegasus_t pegasus_conf_t:lnk_file read_lnk_file_perms;
-manage_dirs_pattern(pegasus_t,pegasus_data_t,pegasus_data_t)
-manage_files_pattern(pegasus_t,pegasus_data_t,pegasus_data_t)
-manage_lnk_files_pattern(pegasus_t,pegasus_data_t,pegasus_data_t)
-filetrans_pattern(pegasus_t,pegasus_conf_t,pegasus_data_t,{ file dir })
+manage_dirs_pattern(pegasus_t, pegasus_data_t, pegasus_data_t)
+manage_files_pattern(pegasus_t, pegasus_data_t, pegasus_data_t)
+manage_lnk_files_pattern(pegasus_t, pegasus_data_t, pegasus_data_t)
+filetrans_pattern(pegasus_t, pegasus_conf_t, pegasus_data_t, { file dir })
-can_exec(pegasus_t,pegasus_exec_t)
+can_exec(pegasus_t, pegasus_exec_t)
allow pegasus_t pegasus_mof_t:dir list_dir_perms;
-read_files_pattern(pegasus_t,pegasus_mof_t,pegasus_mof_t)
-read_lnk_files_pattern(pegasus_t,pegasus_mof_t,pegasus_mof_t)
+read_files_pattern(pegasus_t, pegasus_mof_t, pegasus_mof_t)
+read_lnk_files_pattern(pegasus_t, pegasus_mof_t, pegasus_mof_t)
-manage_dirs_pattern(pegasus_t,pegasus_tmp_t,pegasus_tmp_t)
-manage_files_pattern(pegasus_t,pegasus_tmp_t,pegasus_tmp_t)
+manage_dirs_pattern(pegasus_t, pegasus_tmp_t, pegasus_tmp_t)
+manage_files_pattern(pegasus_t, pegasus_tmp_t, pegasus_tmp_t)
files_tmp_filetrans(pegasus_t, pegasus_tmp_t, { file dir })
allow pegasus_t pegasus_var_run_t:sock_file { create setattr unlink };
-manage_files_pattern(pegasus_t,pegasus_var_run_t,pegasus_var_run_t)
-files_pid_filetrans(pegasus_t,pegasus_var_run_t,file)
+manage_files_pattern(pegasus_t, pegasus_var_run_t, pegasus_var_run_t)
+files_pid_filetrans(pegasus_t, pegasus_var_run_t, file)
kernel_read_kernel_sysctls(pegasus_t)
kernel_read_fs_sysctls(pegasus_t)
diff --git a/policy/modules/services/perdition.te b/policy/modules/services/perdition.te
index d75f1f9..b221e6b 100644
--- a/policy/modules/services/perdition.te
+++ b/policy/modules/services/perdition.te
@@ -8,7 +8,7 @@ policy_module(perdition, 1.5.0)
type perdition_t;
type perdition_exec_t;
-init_daemon_domain(perdition_t,perdition_exec_t)
+init_daemon_domain(perdition_t, perdition_exec_t)
type perdition_etc_t;
files_config_file(perdition_etc_t)
@@ -30,8 +30,8 @@ allow perdition_t self:udp_socket create_socket_perms;
allow perdition_t perdition_etc_t:file { getattr read };
files_search_etc(perdition_t)
-manage_files_pattern(perdition_t,perdition_var_run_t,perdition_var_run_t)
-files_pid_filetrans(perdition_t,perdition_var_run_t,file)
+manage_files_pattern(perdition_t, perdition_var_run_t, perdition_var_run_t)
+files_pid_filetrans(perdition_t, perdition_var_run_t, file)
kernel_read_kernel_sysctls(perdition_t)
kernel_list_proc(perdition_t)
diff --git a/policy/modules/services/portmap.if b/policy/modules/services/portmap.if
index bcc66e9..4fa2123 100644
--- a/policy/modules/services/portmap.if
+++ b/policy/modules/services/portmap.if
@@ -16,7 +16,7 @@ interface(`portmap_domtrans_helper',`
')
corecmd_search_bin($1)
- domtrans_pattern($1,portmap_helper_exec_t,portmap_helper_t)
+ domtrans_pattern($1, portmap_helper_exec_t, portmap_helper_t)
')
########################################
diff --git a/policy/modules/services/portmap.te b/policy/modules/services/portmap.te
index 55aaa1f..61b8fd1 100644
--- a/policy/modules/services/portmap.te
+++ b/policy/modules/services/portmap.te
@@ -8,11 +8,11 @@ policy_module(portmap, 1.7.0)
type portmap_t;
type portmap_exec_t;
-init_daemon_domain(portmap_t,portmap_exec_t)
+init_daemon_domain(portmap_t, portmap_exec_t)
type portmap_helper_t;
type portmap_helper_exec_t;
-init_system_domain(portmap_helper_t,portmap_helper_exec_t)
+init_system_domain(portmap_helper_t, portmap_helper_exec_t)
role system_r types portmap_helper_t;
type portmap_tmp_t;
@@ -34,12 +34,12 @@ allow portmap_t self:unix_stream_socket create_stream_socket_perms;
allow portmap_t self:tcp_socket create_stream_socket_perms;
allow portmap_t self:udp_socket create_socket_perms;
-manage_dirs_pattern(portmap_t,portmap_tmp_t,portmap_tmp_t)
-manage_files_pattern(portmap_t,portmap_tmp_t,portmap_tmp_t)
+manage_dirs_pattern(portmap_t, portmap_tmp_t, portmap_tmp_t)
+manage_files_pattern(portmap_t, portmap_tmp_t, portmap_tmp_t)
files_tmp_filetrans(portmap_t, portmap_tmp_t, { file dir })
-manage_files_pattern(portmap_t,portmap_var_run_t,portmap_var_run_t)
-files_pid_filetrans(portmap_t,portmap_var_run_t,file)
+manage_files_pattern(portmap_t, portmap_var_run_t, portmap_var_run_t)
+files_pid_filetrans(portmap_t, portmap_var_run_t, file)
kernel_read_kernel_sysctls(portmap_t)
kernel_list_proc(portmap_t)
@@ -117,7 +117,7 @@ allow portmap_helper_t self:tcp_socket create_stream_socket_perms;
allow portmap_helper_t self:udp_socket create_socket_perms;
allow portmap_helper_t portmap_var_run_t:file manage_file_perms;
-files_pid_filetrans(portmap_helper_t,portmap_var_run_t,file)
+files_pid_filetrans(portmap_helper_t, portmap_var_run_t, file)
corenet_all_recvfrom_unlabeled(portmap_helper_t)
corenet_all_recvfrom_netlabel(portmap_helper_t)
diff --git a/policy/modules/services/portslave.if b/policy/modules/services/portslave.if
index a55ca53..b53ff77 100644
--- a/policy/modules/services/portslave.if
+++ b/policy/modules/services/portslave.if
@@ -15,5 +15,5 @@ interface(`portslave_domtrans',`
type portslave_t, portslave_exec_t;
')
- domtrans_pattern($1,portslave_exec_t,portslave_t)
+ domtrans_pattern($1, portslave_exec_t, portslave_t)
')
diff --git a/policy/modules/services/portslave.te b/policy/modules/services/portslave.te
index c2b47e3..8b6eb55 100644
--- a/policy/modules/services/portslave.te
+++ b/policy/modules/services/portslave.te
@@ -1,5 +1,5 @@
-policy_module(portslave,1.4.0)
+policy_module(portslave, 1.4.0)
########################################
#
@@ -8,8 +8,8 @@ policy_module(portslave,1.4.0)
type portslave_t;
type portslave_exec_t;
-init_domain(portslave_t,portslave_exec_t)
-init_daemon_domain(portslave_t,portslave_exec_t)
+init_domain(portslave_t, portslave_exec_t)
+init_daemon_domain(portslave_t, portslave_exec_t)
type portslave_etc_t;
files_type(portslave_etc_t)
@@ -43,11 +43,11 @@ allow portslave_t self:tcp_socket create_stream_socket_perms;
allow portslave_t self:udp_socket create_socket_perms;
allow portslave_t portslave_etc_t:dir list_dir_perms;
-read_files_pattern(portslave_t,portslave_etc_t,portslave_etc_t)
-read_lnk_files_pattern(portslave_t,portslave_etc_t,portslave_etc_t)
+read_files_pattern(portslave_t, portslave_etc_t, portslave_etc_t)
+read_lnk_files_pattern(portslave_t, portslave_etc_t, portslave_etc_t)
allow portslave_t portslave_lock_t:file manage_file_perms;
-files_lock_filetrans(portslave_t,portslave_lock_t,file)
+files_lock_filetrans(portslave_t, portslave_lock_t, file)
kernel_read_system_state(portslave_t)
kernel_read_kernel_sysctls(portslave_t)
@@ -113,7 +113,7 @@ ppp_pid_filetrans(portslave_t)
ssh_exec(portslave_t)
optional_policy(`
- inetd_tcp_service_domain(portslave_t,portslave_exec_t)
+ inetd_tcp_service_domain(portslave_t, portslave_exec_t)
')
optional_policy(`
diff --git a/policy/modules/services/postfix.if b/policy/modules/services/postfix.if
index 6bbb105..6b207df 100644
--- a/policy/modules/services/postfix.if
+++ b/policy/modules/services/postfix.if
@@ -31,7 +31,7 @@ template(`postfix_domain_template',`
type postfix_$1_t;
type postfix_$1_exec_t;
domain_type(postfix_$1_t)
- domain_entry_file(postfix_$1_t,postfix_$1_exec_t)
+ domain_entry_file(postfix_$1_t, postfix_$1_exec_t)
role system_r types postfix_$1_t;
dontaudit postfix_$1_t self:capability sys_tty_config;
@@ -45,7 +45,7 @@ template(`postfix_domain_template',`
allow postfix_$1_t postfix_master_t:file read;
allow postfix_$1_t postfix_etc_t:dir list_dir_perms;
- read_files_pattern(postfix_$1_t,postfix_etc_t,postfix_etc_t)
+ read_files_pattern(postfix_$1_t, postfix_etc_t, postfix_etc_t)
can_exec(postfix_$1_t, postfix_$1_exec_t)
@@ -56,7 +56,7 @@ template(`postfix_domain_template',`
allow postfix_$1_t postfix_spool_t:dir list_dir_perms;
allow postfix_$1_t postfix_var_run_t:file manage_file_perms;
- files_pid_filetrans(postfix_$1_t,postfix_var_run_t,file)
+ files_pid_filetrans(postfix_$1_t, postfix_var_run_t, file)
kernel_read_system_state(postfix_$1_t)
kernel_read_network_state(postfix_$1_t)
@@ -244,7 +244,7 @@ interface(`postfix_config_filetrans',`
')
files_search_etc($1)
- filetrans_pattern($1,postfix_etc_t,$2,$3)
+ filetrans_pattern($1, postfix_etc_t, $2, $3)
')
########################################
@@ -282,7 +282,7 @@ interface(`postfix_read_local_state',`
type postfix_local_t;
')
- read_files_pattern($1,postfix_local_t,postfix_local_t)
+ read_files_pattern($1, postfix_local_t, postfix_local_t)
')
########################################
@@ -300,7 +300,7 @@ interface(`postfix_read_master_state',`
type postfix_master_t;
')
- read_files_pattern($1,postfix_master_t,postfix_master_t)
+ read_files_pattern($1, postfix_master_t, postfix_master_t)
')
########################################
@@ -338,7 +338,7 @@ interface(`postfix_domtrans_map',`
type postfix_map_t, postfix_map_exec_t;
')
- domtrans_pattern($1,postfix_map_exec_t,postfix_map_t)
+ domtrans_pattern($1, postfix_map_exec_t, postfix_map_t)
')
########################################
@@ -389,7 +389,7 @@ interface(`postfix_domtrans_master',`
type postfix_master_t, postfix_master_exec_t;
')
- domtrans_pattern($1,postfix_master_exec_t,postfix_master_t)
+ domtrans_pattern($1, postfix_master_exec_t, postfix_master_t)
')
########################################
@@ -427,7 +427,7 @@ interface(`postfix_create_pivate_sockets',`
')
allow $1 postfix_private_t:dir list_dir_perms;
- create_sock_files_pattern($1,postfix_private_t,postfix_private_t)
+ create_sock_files_pattern($1, postfix_private_t, postfix_private_t)
')
########################################
@@ -446,7 +446,7 @@ interface(`postfix_domtrans_smtp',`
type postfix_smtp_t, postfix_smtp_exec_t;
')
- domtrans_pattern($1,postfix_smtp_exec_t,postfix_smtp_t)
+ domtrans_pattern($1, postfix_smtp_exec_t, postfix_smtp_t)
')
########################################
@@ -503,7 +503,7 @@ interface(`postfix_read_spool_files',`
')
files_search_spool($1)
- read_files_pattern($1,postfix_spool_t, postfix_spool_t)
+ read_files_pattern($1, postfix_spool_t, postfix_spool_t)
')
########################################
diff --git a/policy/modules/services/postfix.te b/policy/modules/services/postfix.te
index 1836225..8c11bf2 100644
--- a/policy/modules/services/postfix.te
+++ b/policy/modules/services/postfix.te
@@ -33,7 +33,7 @@ files_tmp_file(postfix_local_tmp_t)
# Program for creating database files
type postfix_map_t;
type postfix_map_exec_t;
-application_domain(postfix_map_t,postfix_map_exec_t)
+application_domain(postfix_map_t, postfix_map_exec_t)
type postfix_map_tmp_t;
files_tmp_file(postfix_map_tmp_t)
@@ -42,7 +42,7 @@ postfix_domain_template(master)
typealias postfix_master_t alias postfix_t;
# alias is a hack to make the disable trans bool
# generation macro work
-mta_mailserver(postfix_t,postfix_master_exec_t)
+mta_mailserver(postfix_t, postfix_master_exec_t)
postfix_server_domain_template(pickup)
@@ -117,31 +117,31 @@ allow postfix_master_t postfix_postdrop_exec_t:file getattr;
allow postfix_master_t postfix_postqueue_exec_t:file getattr;
-manage_fifo_files_pattern(postfix_master_t,postfix_private_t,postfix_private_t)
-manage_sock_files_pattern(postfix_master_t,postfix_private_t,postfix_private_t)
+manage_fifo_files_pattern(postfix_master_t, postfix_private_t, postfix_private_t)
+manage_sock_files_pattern(postfix_master_t, postfix_private_t, postfix_private_t)
domtrans_pattern(postfix_master_t, postfix_postqueue_exec_t, postfix_postqueue_t)
allow postfix_master_t postfix_prng_t:file rw_file_perms;
-manage_fifo_files_pattern(postfix_master_t,postfix_public_t,postfix_public_t)
-manage_sock_files_pattern(postfix_master_t,postfix_public_t,postfix_public_t)
+manage_fifo_files_pattern(postfix_master_t, postfix_public_t, postfix_public_t)
+manage_sock_files_pattern(postfix_master_t, postfix_public_t, postfix_public_t)
domtrans_pattern(postfix_master_t, postfix_showq_exec_t, postfix_showq_t)
# allow access to deferred queue and allow removing bogus incoming entries
-manage_dirs_pattern(postfix_master_t,postfix_spool_t,postfix_spool_t)
-manage_files_pattern(postfix_master_t,postfix_spool_t,postfix_spool_t)
+manage_dirs_pattern(postfix_master_t, postfix_spool_t, postfix_spool_t)
+manage_files_pattern(postfix_master_t, postfix_spool_t, postfix_spool_t)
allow postfix_master_t postfix_spool_bounce_t:dir manage_dir_perms;
allow postfix_master_t postfix_spool_bounce_t:file getattr;
-manage_dirs_pattern(postfix_master_t,postfix_spool_flush_t,postfix_spool_flush_t)
-manage_files_pattern(postfix_master_t,postfix_spool_flush_t,postfix_spool_flush_t)
-manage_lnk_files_pattern(postfix_master_t,postfix_spool_flush_t,postfix_spool_flush_t)
+manage_dirs_pattern(postfix_master_t, postfix_spool_flush_t, postfix_spool_flush_t)
+manage_files_pattern(postfix_master_t, postfix_spool_flush_t, postfix_spool_flush_t)
+manage_lnk_files_pattern(postfix_master_t, postfix_spool_flush_t, postfix_spool_flush_t)
-delete_files_pattern(postfix_master_t,postfix_spool_maildrop_t,postfix_spool_maildrop_t)
-rename_files_pattern(postfix_master_t,postfix_spool_maildrop_t,postfix_spool_maildrop_t)
+delete_files_pattern(postfix_master_t, postfix_spool_maildrop_t, postfix_spool_maildrop_t)
+rename_files_pattern(postfix_master_t, postfix_spool_maildrop_t, postfix_spool_maildrop_t)
kernel_read_all_sysctls(postfix_master_t)
@@ -210,7 +210,7 @@ ifdef(`distro_redhat',`
allow postfix_master_t etc_aliases_t:file manage_file_perms;
allow postfix_master_t etc_aliases_t:lnk_file manage_lnk_file_perms;
mta_etc_filetrans_aliases(postfix_master_t)
- filetrans_pattern(postfix_master_t,postfix_etc_t,etc_aliases_t,{ dir file lnk_file })
+ filetrans_pattern(postfix_master_t, postfix_etc_t, etc_aliases_t, { dir file lnk_file })
')
# end partially converted rules
@@ -226,13 +226,13 @@ allow postfix_bounce_t self:tcp_socket create_socket_perms;
allow postfix_bounce_t postfix_public_t:sock_file write;
allow postfix_bounce_t postfix_public_t:dir search;
-manage_dirs_pattern(postfix_bounce_t,postfix_spool_t,postfix_spool_t)
-manage_files_pattern(postfix_bounce_t,postfix_spool_t,postfix_spool_t)
-manage_lnk_files_pattern(postfix_bounce_t,postfix_spool_t,postfix_spool_t)
+manage_dirs_pattern(postfix_bounce_t, postfix_spool_t, postfix_spool_t)
+manage_files_pattern(postfix_bounce_t, postfix_spool_t, postfix_spool_t)
+manage_lnk_files_pattern(postfix_bounce_t, postfix_spool_t, postfix_spool_t)
-manage_dirs_pattern(postfix_bounce_t,postfix_spool_bounce_t,postfix_spool_bounce_t)
-manage_files_pattern(postfix_bounce_t,postfix_spool_bounce_t,postfix_spool_bounce_t)
-manage_lnk_files_pattern(postfix_bounce_t,postfix_spool_bounce_t,postfix_spool_bounce_t)
+manage_dirs_pattern(postfix_bounce_t, postfix_spool_bounce_t, postfix_spool_bounce_t)
+manage_files_pattern(postfix_bounce_t, postfix_spool_bounce_t, postfix_spool_bounce_t)
+manage_lnk_files_pattern(postfix_bounce_t, postfix_spool_bounce_t, postfix_spool_bounce_t)
########################################
#
@@ -242,14 +242,14 @@ manage_lnk_files_pattern(postfix_bounce_t,postfix_spool_bounce_t,postfix_spool_b
allow postfix_cleanup_t self:process setrlimit;
# connect to master process
-stream_connect_pattern(postfix_cleanup_t,postfix_private_t,postfix_private_t,postfix_master_t)
+stream_connect_pattern(postfix_cleanup_t, postfix_private_t, postfix_private_t, postfix_master_t)
-rw_fifo_files_pattern(postfix_cleanup_t,postfix_public_t,postfix_public_t)
-write_sock_files_pattern(postfix_cleanup_t,postfix_public_t,postfix_public_t)
+rw_fifo_files_pattern(postfix_cleanup_t, postfix_public_t, postfix_public_t)
+write_sock_files_pattern(postfix_cleanup_t, postfix_public_t, postfix_public_t)
-manage_dirs_pattern(postfix_cleanup_t,postfix_spool_t,postfix_spool_t)
-manage_files_pattern(postfix_cleanup_t,postfix_spool_t,postfix_spool_t)
-manage_lnk_files_pattern(postfix_cleanup_t,postfix_spool_t,postfix_spool_t)
+manage_dirs_pattern(postfix_cleanup_t, postfix_spool_t, postfix_spool_t)
+manage_files_pattern(postfix_cleanup_t, postfix_spool_t, postfix_spool_t)
+manage_lnk_files_pattern(postfix_cleanup_t, postfix_spool_t, postfix_spool_t)
allow postfix_cleanup_t postfix_spool_bounce_t:dir list_dir_perms;
@@ -263,15 +263,15 @@ corecmd_exec_bin(postfix_cleanup_t)
allow postfix_local_t self:fifo_file rw_fifo_file_perms;
allow postfix_local_t self:process { setsched setrlimit };
-manage_dirs_pattern(postfix_local_t,postfix_local_tmp_t,postfix_local_tmp_t)
-manage_files_pattern(postfix_local_t,postfix_local_tmp_t,postfix_local_tmp_t)
+manage_dirs_pattern(postfix_local_t, postfix_local_tmp_t, postfix_local_tmp_t)
+manage_files_pattern(postfix_local_t, postfix_local_tmp_t, postfix_local_tmp_t)
files_tmp_filetrans(postfix_local_t, postfix_local_tmp_t, { file dir })
# connect to master process
-stream_connect_pattern(postfix_local_t,postfix_public_t,postfix_public_t,postfix_master_t)
+stream_connect_pattern(postfix_local_t, postfix_public_t, postfix_public_t, postfix_master_t)
# for .forward - maybe we need a new type for it?
-rw_sock_files_pattern(postfix_local_t,postfix_private_t,postfix_private_t)
+rw_sock_files_pattern(postfix_local_t, postfix_private_t, postfix_private_t)
allow postfix_local_t postfix_spool_t:file rw_file_perms;
@@ -309,12 +309,12 @@ allow postfix_map_t self:unix_dgram_socket create_socket_perms;
allow postfix_map_t self:tcp_socket create_stream_socket_perms;
allow postfix_map_t self:udp_socket create_socket_perms;
-manage_dirs_pattern(postfix_map_t,postfix_etc_t,postfix_etc_t)
-manage_files_pattern(postfix_map_t,postfix_etc_t,postfix_etc_t)
-manage_lnk_files_pattern(postfix_map_t,postfix_etc_t,postfix_etc_t)
+manage_dirs_pattern(postfix_map_t, postfix_etc_t, postfix_etc_t)
+manage_files_pattern(postfix_map_t, postfix_etc_t, postfix_etc_t)
+manage_lnk_files_pattern(postfix_map_t, postfix_etc_t, postfix_etc_t)
-manage_dirs_pattern(postfix_map_t,postfix_map_tmp_t,postfix_map_tmp_t)
-manage_files_pattern(postfix_map_t,postfix_map_tmp_t,postfix_map_tmp_t)
+manage_dirs_pattern(postfix_map_t, postfix_map_tmp_t, postfix_map_tmp_t)
+manage_files_pattern(postfix_map_t, postfix_map_tmp_t, postfix_map_tmp_t)
files_tmp_filetrans(postfix_map_t, postfix_map_tmp_t, { file dir })
kernel_read_kernel_sysctls(postfix_map_t)
@@ -376,14 +376,14 @@ allow postfix_pickup_t self:tcp_socket create_socket_perms;
stream_connect_pattern(postfix_pickup_t,postfix_private_t,postfix_private_t,postfix_master_t)
-rw_fifo_files_pattern(postfix_pickup_t,postfix_public_t,postfix_public_t)
-rw_sock_files_pattern(postfix_pickup_t,postfix_public_t,postfix_public_t)
+rw_fifo_files_pattern(postfix_pickup_t, postfix_public_t, postfix_public_t)
+rw_sock_files_pattern(postfix_pickup_t, postfix_public_t, postfix_public_t)
postfix_list_spool(postfix_pickup_t)
allow postfix_pickup_t postfix_spool_maildrop_t:dir list_dir_perms;
-read_files_pattern(postfix_pickup_t,postfix_spool_maildrop_t,postfix_spool_maildrop_t)
-delete_files_pattern(postfix_pickup_t,postfix_spool_maildrop_t,postfix_spool_maildrop_t)
+read_files_pattern(postfix_pickup_t, postfix_spool_maildrop_t, postfix_spool_maildrop_t)
+delete_files_pattern(postfix_pickup_t, postfix_spool_maildrop_t, postfix_spool_maildrop_t)
########################################
#
@@ -392,11 +392,11 @@ delete_files_pattern(postfix_pickup_t,postfix_spool_maildrop_t,postfix_spool_mai
allow postfix_pipe_t self:fifo_file rw_fifo_file_perms;
-write_sock_files_pattern(postfix_pipe_t,postfix_private_t,postfix_private_t)
+write_sock_files_pattern(postfix_pipe_t, postfix_private_t, postfix_private_t)
-write_fifo_files_pattern(postfix_pipe_t,postfix_public_t,postfix_public_t)
+write_fifo_files_pattern(postfix_pipe_t, postfix_public_t, postfix_public_t)
-rw_files_pattern(postfix_pipe_t,postfix_spool_t,postfix_spool_t)
+rw_files_pattern(postfix_pipe_t, postfix_spool_t, postfix_spool_t)
optional_policy(`
procmail_domtrans(postfix_pipe_t)
@@ -420,10 +420,10 @@ allow postfix_postdrop_t self:capability sys_resource;
allow postfix_postdrop_t self:tcp_socket create;
allow postfix_postdrop_t self:udp_socket create_socket_perms;
-rw_fifo_files_pattern(postfix_postdrop_t,postfix_public_t,postfix_public_t)
+rw_fifo_files_pattern(postfix_postdrop_t, postfix_public_t, postfix_public_t)
postfix_list_spool(postfix_postdrop_t)
-manage_files_pattern(postfix_postdrop_t,postfix_spool_maildrop_t,postfix_spool_maildrop_t)
+manage_files_pattern(postfix_postdrop_t, postfix_spool_maildrop_t, postfix_spool_maildrop_t)
corenet_udp_sendrecv_all_if(postfix_postdrop_t)
corenet_udp_sendrecv_all_nodes(postfix_postdrop_t)
@@ -456,10 +456,10 @@ allow postfix_postqueue_t self:tcp_socket create;
allow postfix_postqueue_t self:udp_socket { create ioctl };
# wants to write to /var/spool/postfix/public/showq
-stream_connect_pattern(postfix_postqueue_t,postfix_public_t,postfix_public_t,postfix_master_t)
+stream_connect_pattern(postfix_postqueue_t, postfix_public_t, postfix_public_t,postfix_master_t)
# write to /var/spool/postfix/public/qmgr
-write_fifo_files_pattern(postfix_postqueue_t,postfix_public_t,postfix_public_t)
+write_fifo_files_pattern(postfix_postqueue_t, postfix_public_t, postfix_public_t)
domtrans_pattern(postfix_postqueue_t, postfix_showq_exec_t, postfix_showq_t)
@@ -475,14 +475,14 @@ init_use_script_fds(postfix_postqueue_t)
# Postfix qmgr local policy
#
-stream_connect_pattern(postfix_qmgr_t,{ postfix_private_t postfix_public_t },{ postfix_private_t postfix_public_t },postfix_master_t)
+stream_connect_pattern(postfix_qmgr_t, { postfix_private_t postfix_public_t }, { postfix_private_t postfix_public_t },postfix_master_t)
-rw_fifo_files_pattern(postfix_qmgr_t,postfix_public_t,postfix_public_t)
+rw_fifo_files_pattern(postfix_qmgr_t, postfix_public_t, postfix_public_t)
# for /var/spool/postfix/active
-manage_dirs_pattern(postfix_qmgr_t,postfix_spool_t,postfix_spool_t)
-manage_files_pattern(postfix_qmgr_t,postfix_spool_t,postfix_spool_t)
-manage_lnk_files_pattern(postfix_qmgr_t,postfix_spool_t,postfix_spool_t)
+manage_dirs_pattern(postfix_qmgr_t, postfix_spool_t, postfix_spool_t)
+manage_files_pattern(postfix_qmgr_t, postfix_spool_t, postfix_spool_t)
+manage_lnk_files_pattern(postfix_qmgr_t, postfix_spool_t, postfix_spool_t)
allow postfix_qmgr_t postfix_spool_bounce_t:dir { getattr read search };
allow postfix_qmgr_t postfix_spool_bounce_t:file { read getattr };
@@ -518,7 +518,7 @@ term_use_all_user_ttys(postfix_showq_t)
#
# connect to master process
-stream_connect_pattern(postfix_smtp_t,{ postfix_private_t postfix_public_t },{ postfix_private_t postfix_public_t },postfix_master_t)
+stream_connect_pattern(postfix_smtp_t, { postfix_private_t postfix_public_t }, { postfix_private_t postfix_public_t },postfix_master_t)
allow postfix_smtp_t postfix_prng_t:file rw_file_perms;
@@ -537,7 +537,7 @@ optional_policy(`
allow postfix_smtpd_t postfix_master_t:tcp_socket rw_stream_socket_perms;
# connect to master process
-stream_connect_pattern(postfix_smtpd_t,{ postfix_private_t postfix_public_t },{ postfix_private_t postfix_public_t },postfix_master_t)
+stream_connect_pattern(postfix_smtpd_t, { postfix_private_t postfix_public_t }, { postfix_private_t postfix_public_t },postfix_master_t)
# Connect to policy server
corenet_tcp_connect_postfix_policyd_port(postfix_smtpd_t)
@@ -574,12 +574,12 @@ allow postfix_virtual_t self:process { setsched setrlimit };
allow postfix_virtual_t postfix_spool_t:file rw_file_perms;
-manage_dirs_pattern(postfix_virtual_t,postfix_virtual_tmp_t,postfix_virtual_tmp_t)
-manage_files_pattern(postfix_virtual_t,postfix_virtual_tmp_t,postfix_virtual_tmp_t)
+manage_dirs_pattern(postfix_virtual_t, postfix_virtual_tmp_t, postfix_virtual_tmp_t)
+manage_files_pattern(postfix_virtual_t, postfix_virtual_tmp_t, postfix_virtual_tmp_t)
files_tmp_filetrans(postfix_virtual_t, postfix_virtual_tmp_t, { file dir })
# connect to master process
-stream_connect_pattern(postfix_virtual_t,postfix_public_t,postfix_public_t,postfix_master_t)
+stream_connect_pattern(postfix_virtual_t, postfix_public_t, postfix_public_t, postfix_master_t)
corecmd_exec_shell(postfix_virtual_t)
corecmd_exec_bin(postfix_virtual_t)
diff --git a/policy/modules/services/postgresql.if b/policy/modules/services/postgresql.if
index 489356a..bae1e10 100644
--- a/policy/modules/services/postgresql.if
+++ b/policy/modules/services/postgresql.if
@@ -67,24 +67,24 @@ template(`postgresql_userdom_template',`
#
tunable_policy(`sepgsql_enable_users_ddl',`
- allow $2 $1_sepgsql_table_t : db_table { create drop };
+ allow $2 $1_sepgsql_table_t:db_table { create drop };
type_transition $2 sepgsql_database_type:db_table $1_sepgsql_table_t;
- allow $2 $1_sepgsql_table_t : db_column { create drop };
+ allow $2 $1_sepgsql_table_t:db_column { create drop };
- allow $2 $1_sepgsql_sysobj_t : db_tuple { update insert delete };
+ allow $2 $1_sepgsql_sysobj_t:db_tuple { update insert delete };
type_transition $2 sepgsql_sysobj_table_type:db_tuple $1_sepgsql_sysobj_t;
')
- allow $2 $1_sepgsql_table_t : db_table { getattr setattr use select update insert delete };
- allow $2 $1_sepgsql_table_t : db_column { getattr setattr use select update insert };
- allow $2 $1_sepgsql_table_t : db_tuple { use select update insert delete };
- allow $2 $1_sepgsql_sysobj_t : db_tuple { use select };
+ allow $2 $1_sepgsql_table_t:db_table { getattr setattr use select update insert delete };
+ allow $2 $1_sepgsql_table_t:db_column { getattr setattr use select update insert };
+ allow $2 $1_sepgsql_table_t:db_tuple { use select update insert delete };
+ allow $2 $1_sepgsql_sysobj_t:db_tuple { use select };
- allow $2 $1_sepgsql_proc_exec_t : db_procedure { create drop getattr setattr execute };
+ allow $2 $1_sepgsql_proc_exec_t:db_procedure { create drop getattr setattr execute };
type_transition $2 sepgsql_database_type:db_procedure $1_sepgsql_proc_exec_t;
- allow $2 $1_sepgsql_blob_t : db_blob { create drop getattr setattr read write };
+ allow $2 $1_sepgsql_blob_t:db_blob { create drop getattr setattr read write };
type_transition $2 sepgsql_database_type:db_blob $1_sepgsql_blob_t;
allow $2 sepgsql_trusted_proc_t:process transition;
@@ -157,8 +157,7 @@ interface(`postgresql_table_object',`
#
interface(`postgresql_system_table_object',`
gen_require(`
- attribute sepgsql_table_type;
- attribute sepgsql_sysobj_table_type;
+ attribute sepgsql_table_type, sepgsql_sysobj_table_type;
')
typeattribute $1 sepgsql_table_type;
@@ -253,7 +252,7 @@ interface(`postgresql_domtrans',`
type postgresql_t, postgresql_exec_t;
')
- domtrans_pattern($1,postgresql_exec_t,postgresql_t)
+ domtrans_pattern($1, postgresql_exec_t, postgresql_t)
')
########################################
@@ -293,7 +292,7 @@ interface(`postgresql_tcp_connect',`
type postgresql_t;
')
- corenet_tcp_recvfrom_labeled($1,postgresql_t)
+ corenet_tcp_recvfrom_labeled($1, postgresql_t)
corenet_tcp_sendrecv_postgresql_port($1)
corenet_tcp_connect_postgresql_port($1)
corenet_sendrecv_postgresql_client_packets($1)
@@ -342,7 +341,6 @@ interface(`postgresql_unpriv_client',`
attribute sepgsql_client_type;
type sepgsql_db_t, sepgsql_table_t, sepgsql_proc_t, sepgsql_blob_t;
-
type sepgsql_trusted_proc_t, sepgsql_trusted_proc_exec_t;
')
diff --git a/policy/modules/services/postgresql.te b/policy/modules/services/postgresql.te
index 8d58804..3f7578b 100644
--- a/policy/modules/services/postgresql.te
+++ b/policy/modules/services/postgresql.te
@@ -24,7 +24,7 @@ gen_tunable(sepgsql_enable_users_ddl, true)
type postgresql_t;
type postgresql_exec_t;
-init_daemon_domain(postgresql_t,postgresql_exec_t)
+init_daemon_domain(postgresql_t, postgresql_exec_t)
type postgresql_db_t;
files_type(postgresql_db_t)
@@ -129,16 +129,16 @@ type_transition postgresql_t sepgsql_database_type:db_procedure sepgsql_proc_t;
allow postgresql_t sepgsql_blob_type:db_blob *;
type_transition postgresql_t sepgsql_database_type:db_blob sepgsql_blob_t;
-manage_dirs_pattern(postgresql_t,postgresql_db_t,postgresql_db_t)
-manage_files_pattern(postgresql_t,postgresql_db_t,postgresql_db_t)
-manage_lnk_files_pattern(postgresql_t,postgresql_db_t,postgresql_db_t)
-manage_fifo_files_pattern(postgresql_t,postgresql_db_t,postgresql_db_t)
-manage_sock_files_pattern(postgresql_t,postgresql_db_t,postgresql_db_t)
+manage_dirs_pattern(postgresql_t, postgresql_db_t, postgresql_db_t)
+manage_files_pattern(postgresql_t, postgresql_db_t, postgresql_db_t)
+manage_lnk_files_pattern(postgresql_t, postgresql_db_t, postgresql_db_t)
+manage_fifo_files_pattern(postgresql_t, postgresql_db_t, postgresql_db_t)
+manage_sock_files_pattern(postgresql_t, postgresql_db_t, postgresql_db_t)
files_var_lib_filetrans(postgresql_t, postgresql_db_t, { dir file lnk_file sock_file fifo_file })
allow postgresql_t postgresql_etc_t:dir list_dir_perms;
-read_files_pattern(postgresql_t,postgresql_etc_t,postgresql_etc_t)
-read_lnk_files_pattern(postgresql_t,postgresql_etc_t,postgresql_etc_t)
+read_files_pattern(postgresql_t, postgresql_etc_t, postgresql_etc_t)
+read_lnk_files_pattern(postgresql_t, postgresql_etc_t, postgresql_etc_t)
allow postgresql_t postgresql_exec_t:lnk_file { getattr read };
can_exec(postgresql_t, postgresql_exec_t )
@@ -146,20 +146,20 @@ can_exec(postgresql_t, postgresql_exec_t )
allow postgresql_t postgresql_lock_t:file manage_file_perms;
files_lock_filetrans(postgresql_t,postgresql_lock_t,file)
-manage_files_pattern(postgresql_t,postgresql_log_t,postgresql_log_t)
-logging_log_filetrans(postgresql_t,postgresql_log_t,{ file dir })
+manage_files_pattern(postgresql_t, postgresql_log_t, postgresql_log_t)
+logging_log_filetrans(postgresql_t, postgresql_log_t, { file dir })
-manage_dirs_pattern(postgresql_t,postgresql_tmp_t,postgresql_tmp_t)
-manage_files_pattern(postgresql_t,postgresql_tmp_t,postgresql_tmp_t)
-manage_lnk_files_pattern(postgresql_t,postgresql_tmp_t,postgresql_tmp_t)
-manage_fifo_files_pattern(postgresql_t,postgresql_tmp_t,postgresql_tmp_t)
-manage_sock_files_pattern(postgresql_t,postgresql_tmp_t,postgresql_tmp_t)
+manage_dirs_pattern(postgresql_t, postgresql_tmp_t, postgresql_tmp_t)
+manage_files_pattern(postgresql_t, postgresql_tmp_t, postgresql_tmp_t)
+manage_lnk_files_pattern(postgresql_t, postgresql_tmp_t, postgresql_tmp_t)
+manage_fifo_files_pattern(postgresql_t, postgresql_tmp_t, postgresql_tmp_t)
+manage_sock_files_pattern(postgresql_t, postgresql_tmp_t, postgresql_tmp_t)
files_tmp_filetrans(postgresql_t, postgresql_tmp_t, { dir file sock_file })
fs_tmpfs_filetrans(postgresql_t, postgresql_tmp_t, { dir file lnk_file sock_file fifo_file })
-manage_files_pattern(postgresql_t,postgresql_var_run_t,postgresql_var_run_t)
-manage_sock_files_pattern(postgresql_t,postgresql_var_run_t,postgresql_var_run_t)
-files_pid_filetrans(postgresql_t,postgresql_var_run_t,file)
+manage_files_pattern(postgresql_t, postgresql_var_run_t, postgresql_var_run_t)
+manage_sock_files_pattern(postgresql_t, postgresql_var_run_t, postgresql_var_run_t)
+files_pid_filetrans(postgresql_t, postgresql_var_run_t, file)
kernel_read_kernel_sysctls(postgresql_t)
kernel_read_system_state(postgresql_t)
@@ -308,9 +308,9 @@ allow sepgsql_client_type sepgsql_secret_blob_t:db_blob getattr;
dontaudit { postgresql_t sepgsql_client_type sepgsql_unconfined_type } { sepgsql_table_type -sepgsql_sysobj_table_type }:db_tuple { use select update insert delete };
tunable_policy(`sepgsql_enable_users_ddl',`
- allow sepgsql_client_type sepgsql_table_t:db_table { create drop setattr };
+ allow sepgsql_client_type sepgsql_table_t:db_table { create drop setattr };
allow sepgsql_client_type sepgsql_table_t:db_column { create drop setattr };
- allow sepgsql_client_type sepgsql_sysobj_t:db_tuple { update insert delete };
+ allow sepgsql_client_type sepgsql_sysobj_t:db_tuple { update insert delete };
')
########################################
diff --git a/policy/modules/services/postgrey.te b/policy/modules/services/postgrey.te
index 975eae6..6ed3e53 100644
--- a/policy/modules/services/postgrey.te
+++ b/policy/modules/services/postgrey.te
@@ -8,7 +8,7 @@ policy_module(postgrey, 1.5.0)
type postgrey_t;
type postgrey_exec_t;
-init_daemon_domain(postgrey_t,postgrey_exec_t)
+init_daemon_domain(postgrey_t, postgrey_exec_t)
type postgrey_etc_t;
files_config_file(postgrey_etc_t)
@@ -30,15 +30,15 @@ allow postgrey_t self:process signal_perms;
allow postgrey_t self:tcp_socket create_stream_socket_perms;
allow postgrey_t postgrey_etc_t:dir list_dir_perms;
-read_files_pattern(postgrey_t,postgrey_etc_t,postgrey_etc_t)
-read_lnk_files_pattern(postgrey_t,postgrey_etc_t,postgrey_etc_t)
+read_files_pattern(postgrey_t, postgrey_etc_t, postgrey_etc_t)
+read_lnk_files_pattern(postgrey_t, postgrey_etc_t, postgrey_etc_t)
-manage_files_pattern(postgrey_t,postgrey_var_lib_t,postgrey_var_lib_t)
-files_var_lib_filetrans(postgrey_t,postgrey_var_lib_t,file)
+manage_files_pattern(postgrey_t, postgrey_var_lib_t, postgrey_var_lib_t)
+files_var_lib_filetrans(postgrey_t, postgrey_var_lib_t, file)
-manage_files_pattern(postgrey_t,postgrey_var_run_t,postgrey_var_run_t)
-manage_sock_files_pattern(postgrey_t,postgrey_var_run_t,postgrey_var_run_t)
-files_pid_filetrans(postgrey_t,postgrey_var_run_t,{ file sock_file })
+manage_files_pattern(postgrey_t, postgrey_var_run_t, postgrey_var_run_t)
+manage_sock_files_pattern(postgrey_t, postgrey_var_run_t, postgrey_var_run_t)
+files_pid_filetrans(postgrey_t, postgrey_var_run_t, { file sock_file })
kernel_read_system_state(postgrey_t)
kernel_read_kernel_sysctls(postgrey_t)
diff --git a/policy/modules/services/ppp.if b/policy/modules/services/ppp.if
index da7d140..2ce1141 100644
--- a/policy/modules/services/ppp.if
+++ b/policy/modules/services/ppp.if
@@ -287,7 +287,7 @@ interface(`ppp_pid_filetrans',`
type pppd_var_run_t;
')
- files_pid_filetrans($1,pppd_var_run_t,file)
+ files_pid_filetrans($1, pppd_var_run_t, file)
')
########################################
diff --git a/policy/modules/services/ppp.te b/policy/modules/services/ppp.te
index 4e6955f..2ed25ee 100644
--- a/policy/modules/services/ppp.te
+++ b/policy/modules/services/ppp.te
@@ -11,20 +11,20 @@ policy_module(ppp, 1.8.0)
## Allow pppd to load kernel modules for certain modems
##
##
-gen_tunable(pppd_can_insmod,false)
+gen_tunable(pppd_can_insmod, false)
##
##
## Allow pppd to be run for a regular user
##
##
-gen_tunable(pppd_for_user,false)
+gen_tunable(pppd_for_user, false)
# pppd_t is the domain for the pppd program.
# pppd_exec_t is the type of the pppd executable.
type pppd_t;
type pppd_exec_t;
-init_daemon_domain(pppd_t,pppd_exec_t)
+init_daemon_domain(pppd_t, pppd_exec_t)
type pppd_devpts_t;
term_pty(pppd_devpts_t)
@@ -58,7 +58,7 @@ files_pid_file(pppd_var_run_t)
type pptp_t;
type pptp_exec_t;
-init_daemon_domain(pptp_t,pptp_exec_t)
+init_daemon_domain(pptp_t, pptp_exec_t)
type pptp_log_t;
logging_log_file(pptp_log_t)
@@ -91,22 +91,22 @@ allow pppd_t pppd_etc_t:dir rw_dir_perms;
allow pppd_t pppd_etc_t:file read_file_perms;
allow pppd_t pppd_etc_t:lnk_file { getattr read };
-manage_files_pattern(pppd_t,pppd_etc_rw_t,pppd_etc_rw_t)
+manage_files_pattern(pppd_t, pppd_etc_rw_t, pppd_etc_rw_t)
# Automatically label newly created files under /etc/ppp with this type
-filetrans_pattern(pppd_t,pppd_etc_t,pppd_etc_rw_t,file)
+filetrans_pattern(pppd_t, pppd_etc_t, pppd_etc_rw_t, file)
allow pppd_t pppd_lock_t:file manage_file_perms;
-files_lock_filetrans(pppd_t,pppd_lock_t,file)
+files_lock_filetrans(pppd_t, pppd_lock_t, file)
allow pppd_t pppd_log_t:file manage_file_perms;
-logging_log_filetrans(pppd_t,pppd_log_t,file)
+logging_log_filetrans(pppd_t, pppd_log_t, file)
-manage_dirs_pattern(pppd_t,pppd_tmp_t,pppd_tmp_t)
-manage_files_pattern(pppd_t,pppd_tmp_t,pppd_tmp_t)
+manage_dirs_pattern(pppd_t, pppd_tmp_t, pppd_tmp_t)
+manage_files_pattern(pppd_t, pppd_tmp_t, pppd_tmp_t)
files_tmp_filetrans(pppd_t, pppd_tmp_t, { file dir })
-manage_files_pattern(pppd_t,pppd_var_run_t,pppd_var_run_t)
-files_pid_filetrans(pppd_t,pppd_var_run_t,file)
+manage_files_pattern(pppd_t, pppd_var_run_t, pppd_var_run_t)
+files_pid_filetrans(pppd_t, pppd_var_run_t, file)
allow pppd_t pptp_t:process signal;
@@ -144,7 +144,7 @@ term_use_unallocated_ttys(pppd_t)
term_setattr_unallocated_ttys(pppd_t)
term_ioctl_generic_ptys(pppd_t)
# for pppoe
-term_create_pty(pppd_t,pppd_devpts_t)
+term_create_pty(pppd_t, pppd_devpts_t)
# allow running ip-up and ip-down scripts and running chat.
corecmd_exec_bin(pppd_t)
@@ -238,11 +238,11 @@ can_exec(pptp_t, pppd_etc_rw_t)
allow pptp_t pppd_log_t:file append;
allow pptp_t pptp_log_t:file manage_file_perms;
-logging_log_filetrans(pptp_t,pptp_log_t,file)
+logging_log_filetrans(pptp_t, pptp_log_t, file)
-manage_files_pattern(pptp_t,pptp_var_run_t,pptp_var_run_t)
-manage_sock_files_pattern(pptp_t,pptp_var_run_t,pptp_var_run_t)
-files_pid_filetrans(pptp_t,pptp_var_run_t,file)
+manage_files_pattern(pptp_t, pptp_var_run_t, pptp_var_run_t)
+manage_sock_files_pattern(pptp_t, pptp_var_run_t, pptp_var_run_t)
+files_pid_filetrans(pptp_t, pptp_var_run_t, file)
kernel_list_proc(pptp_t)
kernel_read_kernel_sysctls(pptp_t)
diff --git a/policy/modules/services/privoxy.te b/policy/modules/services/privoxy.te
index c88f931..0270983 100644
--- a/policy/modules/services/privoxy.te
+++ b/policy/modules/services/privoxy.te
@@ -8,7 +8,7 @@ policy_module(privoxy, 1.7.0)
type privoxy_t; # web_client_domain
type privoxy_exec_t;
-init_daemon_domain(privoxy_t,privoxy_exec_t)
+init_daemon_domain(privoxy_t, privoxy_exec_t)
type privoxy_etc_rw_t;
files_type(privoxy_etc_rw_t)
@@ -30,11 +30,11 @@ allow privoxy_t self:tcp_socket create_stream_socket_perms;
allow privoxy_t privoxy_etc_rw_t:file rw_file_perms;
-manage_files_pattern(privoxy_t,privoxy_log_t,privoxy_log_t)
-logging_log_filetrans(privoxy_t,privoxy_log_t,file)
+manage_files_pattern(privoxy_t, privoxy_log_t, privoxy_log_t)
+logging_log_filetrans(privoxy_t, privoxy_log_t, file)
-manage_files_pattern(privoxy_t,privoxy_var_run_t,privoxy_var_run_t)
-files_pid_filetrans(privoxy_t,privoxy_var_run_t,file)
+manage_files_pattern(privoxy_t, privoxy_var_run_t, privoxy_var_run_t)
+files_pid_filetrans(privoxy_t, privoxy_var_run_t, file)
kernel_read_kernel_sysctls(privoxy_t)
kernel_list_proc(privoxy_t)
diff --git a/policy/modules/services/procmail.if b/policy/modules/services/procmail.if
index 440565a..12c0865 100644
--- a/policy/modules/services/procmail.if
+++ b/policy/modules/services/procmail.if
@@ -17,7 +17,7 @@ interface(`procmail_domtrans',`
files_search_usr($1)
corecmd_search_bin($1)
- domtrans_pattern($1,procmail_exec_t,procmail_t)
+ domtrans_pattern($1, procmail_exec_t, procmail_t)
')
########################################
@@ -37,5 +37,5 @@ interface(`procmail_exec',`
files_search_usr($1)
corecmd_search_bin($1)
- can_exec($1,procmail_exec_t)
+ can_exec($1, procmail_exec_t)
')
diff --git a/policy/modules/services/procmail.te b/policy/modules/services/procmail.te
index 543da21..ecb6f6a 100644
--- a/policy/modules/services/procmail.te
+++ b/policy/modules/services/procmail.te
@@ -8,7 +8,7 @@ policy_module(procmail, 1.9.0)
type procmail_t;
type procmail_exec_t;
-application_domain(procmail_t,procmail_exec_t)
+application_domain(procmail_t, procmail_exec_t)
role system_r types procmail_t;
type procmail_tmp_t;
diff --git a/policy/modules/services/publicfile.te b/policy/modules/services/publicfile.te
index 6ff1339..d309d15 100644
--- a/policy/modules/services/publicfile.te
+++ b/policy/modules/services/publicfile.te
@@ -1,5 +1,5 @@
-policy_module(publicfile,1.1.0)
+policy_module(publicfile, 1.1.0)
########################################
#
@@ -8,7 +8,7 @@ policy_module(publicfile,1.1.0)
type publicfile_t;
type publicfile_exec_t;
-init_daemon_domain(publicfile_t,publicfile_exec_t)
+init_daemon_domain(publicfile_t, publicfile_exec_t)
type publicfile_content_t;
files_type(publicfile_content_t)
diff --git a/policy/modules/services/pxe.te b/policy/modules/services/pxe.te
index 1e38342..03d9c03 100644
--- a/policy/modules/services/pxe.te
+++ b/policy/modules/services/pxe.te
@@ -10,7 +10,7 @@ policy_module(pxe, 1.3.0)
type pxe_t;
type pxe_exec_t;
-init_daemon_domain(pxe_t,pxe_exec_t)
+init_daemon_domain(pxe_t, pxe_exec_t)
type pxe_log_t;
logging_log_file(pxe_log_t)
@@ -28,10 +28,10 @@ dontaudit pxe_t self:capability sys_tty_config;
allow pxe_t self:process signal_perms;
allow pxe_t pxe_log_t:file manage_file_perms;
-logging_log_filetrans(pxe_t,pxe_log_t,file)
+logging_log_filetrans(pxe_t, pxe_log_t, file)
-manage_files_pattern(pxe_t,pxe_var_run_t,pxe_var_run_t)
-files_pid_filetrans(pxe_t,pxe_var_run_t,file)
+manage_files_pattern(pxe_t, pxe_var_run_t, pxe_var_run_t)
+files_pid_filetrans(pxe_t, pxe_var_run_t, file)
kernel_read_kernel_sysctls(pxe_t)
kernel_list_proc(pxe_t)
diff --git a/policy/modules/services/pyzor.if b/policy/modules/services/pyzor.if
index 4589fd1..8ab808b 100644
--- a/policy/modules/services/pyzor.if
+++ b/policy/modules/services/pyzor.if
@@ -72,7 +72,7 @@ interface(`pyzor_domtrans',`
files_search_usr($1)
corecmd_search_bin($1)
- domtrans_pattern($1,pyzor_exec_t,pyzor_t)
+ domtrans_pattern($1, pyzor_exec_t, pyzor_t)
')
########################################
@@ -92,5 +92,5 @@ interface(`pyzor_exec',`
files_search_usr($1)
corecmd_search_bin($1)
- can_exec($1,pyzor_exec_t)
+ can_exec($1, pyzor_exec_t)
')
diff --git a/policy/modules/services/pyzor.te b/policy/modules/services/pyzor.te
index e4d47ae..bcafdc4 100644
--- a/policy/modules/services/pyzor.te
+++ b/policy/modules/services/pyzor.te
@@ -8,13 +8,13 @@ policy_module(pyzor, 1.6.0)
type pyzor_t;
type pyzor_exec_t;
-application_domain(pyzor_t,pyzor_exec_t)
+application_domain(pyzor_t, pyzor_exec_t)
role system_r types pyzor_t;
type pyzord_t;
type pyzord_exec_t;
domain_type(pyzord_t)
-init_daemon_domain(pyzord_t,pyzord_exec_t)
+init_daemon_domain(pyzord_t, pyzord_exec_t)
type pyzor_etc_t;
files_type(pyzor_etc_t)
@@ -39,8 +39,8 @@ allow pyzor_t pyzor_var_lib_t:dir list_dir_perms;
read_files_pattern(pyzor_t,pyzor_var_lib_t,pyzor_var_lib_t)
files_search_var_lib(pyzor_t)
-manage_files_pattern(pyzor_t,pyzor_tmp_t,pyzor_tmp_t)
-manage_dirs_pattern(pyzor_t,pyzor_tmp_t,pyzor_tmp_t)
+manage_files_pattern(pyzor_t, pyzor_tmp_t, pyzor_tmp_t)
+manage_dirs_pattern(pyzor_t, pyzor_tmp_t, pyzor_tmp_t)
files_tmp_filetrans(pyzor_t, pyzor_tmp_t, { file dir })
kernel_read_kernel_sysctls(pyzor_t)
@@ -87,18 +87,18 @@ optional_policy(`
allow pyzord_t self:udp_socket create_socket_perms;
-manage_files_pattern(pyzord_t,pyzor_var_lib_t,pyzor_var_lib_t)
+manage_files_pattern(pyzord_t, pyzor_var_lib_t, pyzor_var_lib_t)
allow pyzord_t pyzor_var_lib_t:dir setattr;
-files_var_lib_filetrans(pyzord_t,pyzor_var_lib_t,{ file dir })
+files_var_lib_filetrans(pyzord_t, pyzor_var_lib_t, { file dir })
-read_files_pattern(pyzord_t,pyzor_etc_t,pyzor_etc_t)
+read_files_pattern(pyzord_t, pyzor_etc_t, pyzor_etc_t)
allow pyzord_t pyzor_etc_t:dir list_dir_perms;
-can_exec(pyzord_t,pyzor_exec_t)
+can_exec(pyzord_t, pyzor_exec_t)
-manage_files_pattern(pyzord_t,pyzord_log_t,pyzord_log_t)
+manage_files_pattern(pyzord_t, pyzord_log_t, pyzord_log_t)
allow pyzord_t pyzord_log_t:dir setattr;
-logging_log_filetrans(pyzord_t,pyzord_log_t, { file dir } )
+logging_log_filetrans(pyzord_t, pyzord_log_t, { file dir } )
kernel_read_kernel_sysctls(pyzord_t)
kernel_read_system_state(pyzord_t)
diff --git a/policy/modules/services/qmail.if b/policy/modules/services/qmail.if
index e14d35e..4523c1b 100644
--- a/policy/modules/services/qmail.if
+++ b/policy/modules/services/qmail.if
@@ -62,7 +62,7 @@ template(`qmail_child_domain_template',`
type $1_t;
domain_type($1_t)
type $1_exec_t;
- domain_entry_file($1_t,$1_exec_t)
+ domain_entry_file($1_t, $1_exec_t)
domain_auto_trans($2, $1_exec_t, $1_t)
role system_r types $1_t;
@@ -105,8 +105,7 @@ template(`qmail_child_domain_template',`
#
interface(`qmail_domtrans_inject',`
gen_require(`
- type qmail_inject_t;
- type qmail_inject_exec_t;
+ type qmail_inject_t, qmail_inject_exec_t;
')
domtrans_pattern($1, qmail_inject_exec_t, qmail_inject_t)
@@ -132,8 +131,7 @@ interface(`qmail_domtrans_inject',`
#
interface(`qmail_domtrans_queue',`
gen_require(`
- type qmail_queue_t;
- type qmail_queue_exec_t;
+ type qmail_queue_t, qmail_queue_exec_t;
')
domtrans_pattern($1, qmail_queue_exec_t, qmail_queue_t)
diff --git a/policy/modules/services/qmail.te b/policy/modules/services/qmail.te
index 7390b72..5d4e608 100644
--- a/policy/modules/services/qmail.te
+++ b/policy/modules/services/qmail.te
@@ -1,5 +1,5 @@
-policy_module(qmail,1.3.0)
+policy_module(qmail, 1.3.0)
########################################
#
@@ -22,7 +22,7 @@ files_type(qmail_exec_t)
type qmail_inject_t, qmail_user_domains;
type qmail_inject_exec_t;
domain_type(qmail_inject_t)
-domain_entry_file(qmail_inject_t,qmail_inject_exec_t)
+domain_entry_file(qmail_inject_t, qmail_inject_exec_t)
mta_mailserver_user_agent(qmail_inject_t)
role system_r types qmail_inject_t;
@@ -52,11 +52,11 @@ files_type(qmail_spool_t)
type qmail_start_t;
type qmail_start_exec_t;
-init_daemon_domain(qmail_start_t,qmail_start_exec_t)
+init_daemon_domain(qmail_start_t, qmail_start_exec_t)
type qmail_tcp_env_t;
type qmail_tcp_env_exec_t;
-application_domain(qmail_tcp_env_t,qmail_tcp_env_exec_t)
+application_domain(qmail_tcp_env_t, qmail_tcp_env_exec_t)
########################################
#
@@ -64,8 +64,8 @@ application_domain(qmail_tcp_env_t,qmail_tcp_env_exec_t)
# this component cleans up the queue directory
#
-read_files_pattern(qmail_clean_t,qmail_spool_t,qmail_spool_t)
-delete_files_pattern(qmail_clean_t,qmail_spool_t,qmail_spool_t)
+read_files_pattern(qmail_clean_t, qmail_spool_t, qmail_spool_t)
+delete_files_pattern(qmail_clean_t, qmail_spool_t, qmail_spool_t)
########################################
#
@@ -97,8 +97,8 @@ allow qmail_local_t self:fifo_file write;
allow qmail_local_t self:process signal_perms;
allow qmail_local_t self:unix_stream_socket create_stream_socket_perms;
-manage_dirs_pattern(qmail_local_t,qmail_alias_home_t,qmail_alias_home_t)
-manage_files_pattern(qmail_local_t,qmail_alias_home_t,qmail_alias_home_t)
+manage_dirs_pattern(qmail_local_t, qmail_alias_home_t, qmail_alias_home_t)
+manage_files_pattern(qmail_local_t, qmail_alias_home_t, qmail_alias_home_t)
allow qmail_local_t qmail_queue_exec_t:file read;
@@ -130,7 +130,7 @@ can_exec(qmail_lspawn_t, qmail_exec_t)
allow qmail_lspawn_t qmail_local_exec_t:file read;
-read_files_pattern(qmail_lspawn_t,qmail_spool_t,qmail_spool_t)
+read_files_pattern(qmail_lspawn_t, qmail_spool_t, qmail_spool_t)
corecmd_search_bin(qmail_lspawn_t)
@@ -151,9 +151,9 @@ allow qmail_queue_t qmail_smtpd_t:fd use;
allow qmail_queue_t qmail_smtpd_t:fifo_file read;
allow qmail_queue_t qmail_smtpd_t:process sigchld;
-manage_dirs_pattern(qmail_queue_t,qmail_spool_t,qmail_spool_t)
-manage_files_pattern(qmail_queue_t,qmail_spool_t,qmail_spool_t)
-rw_fifo_files_pattern(qmail_queue_t,qmail_spool_t,qmail_spool_t)
+manage_dirs_pattern(qmail_queue_t, qmail_spool_t, qmail_spool_t)
+manage_files_pattern(qmail_queue_t, qmail_spool_t, qmail_spool_t)
+rw_fifo_files_pattern(qmail_queue_t, qmail_spool_t, qmail_spool_t)
optional_policy(`
daemontools_ipc_domain(qmail_queue_t)
@@ -168,7 +168,7 @@ optional_policy(`
allow qmail_remote_t self:tcp_socket create_socket_perms;
allow qmail_remote_t self:udp_socket create_socket_perms;
-rw_files_pattern(qmail_remote_t,qmail_spool_t,qmail_spool_t)
+rw_files_pattern(qmail_remote_t, qmail_spool_t, qmail_spool_t)
corenet_all_recvfrom_unlabeled(qmail_remote_t)
corenet_all_recvfrom_netlabel(qmail_remote_t)
@@ -197,7 +197,7 @@ allow qmail_rspawn_t self:fifo_file read;
allow qmail_rspawn_t qmail_remote_exec_t:file read;
-rw_files_pattern(qmail_rspawn_t,qmail_spool_t,qmail_spool_t)
+rw_files_pattern(qmail_rspawn_t, qmail_spool_t, qmail_spool_t)
corecmd_search_bin(qmail_rspawn_t)
@@ -210,9 +210,9 @@ corecmd_search_bin(qmail_rspawn_t)
allow qmail_send_t self:process signal_perms;
allow qmail_send_t self:fifo_file write;
-manage_dirs_pattern(qmail_send_t,qmail_spool_t,qmail_spool_t)
-manage_files_pattern(qmail_send_t,qmail_spool_t,qmail_spool_t)
-read_fifo_files_pattern(qmail_send_t,qmail_spool_t,qmail_spool_t)
+manage_dirs_pattern(qmail_send_t, qmail_spool_t, qmail_spool_t)
+manage_files_pattern(qmail_send_t, qmail_spool_t, qmail_spool_t)
+read_fifo_files_pattern(qmail_send_t, qmail_spool_t, qmail_spool_t)
qmail_domtrans_queue(qmail_send_t)
diff --git a/policy/modules/services/radius.te b/policy/modules/services/radius.te
index b862fa8..c280a52 100644
--- a/policy/modules/services/radius.te
+++ b/policy/modules/services/radius.te
@@ -8,7 +8,7 @@ policy_module(radius, 1.8.0)
type radiusd_t;
type radiusd_exec_t;
-init_daemon_domain(radiusd_t,radiusd_exec_t)
+init_daemon_domain(radiusd_t, radiusd_exec_t)
type radiusd_etc_t;
files_config_file(radiusd_etc_t)
@@ -42,23 +42,23 @@ allow radiusd_t self:udp_socket create_socket_perms;
allow radiusd_t self:netlink_route_socket r_netlink_socket_perms;
allow radiusd_t radiusd_etc_t:dir list_dir_perms;
-read_files_pattern(radiusd_t,radiusd_etc_t,radiusd_etc_t)
-read_lnk_files_pattern(radiusd_t,radiusd_etc_t,radiusd_etc_t)
+read_files_pattern(radiusd_t, radiusd_etc_t, radiusd_etc_t)
+read_lnk_files_pattern(radiusd_t, radiusd_etc_t, radiusd_etc_t)
files_search_etc(radiusd_t)
-manage_dirs_pattern(radiusd_t,radiusd_etc_rw_t,radiusd_etc_rw_t)
-manage_files_pattern(radiusd_t,radiusd_etc_rw_t,radiusd_etc_rw_t)
-manage_lnk_files_pattern(radiusd_t,radiusd_etc_rw_t,radiusd_etc_rw_t)
-filetrans_pattern(radiusd_t,radiusd_etc_t,radiusd_etc_rw_t,{ dir file lnk_file })
+manage_dirs_pattern(radiusd_t, radiusd_etc_rw_t, radiusd_etc_rw_t)
+manage_files_pattern(radiusd_t, radiusd_etc_rw_t, radiusd_etc_rw_t)
+manage_lnk_files_pattern(radiusd_t, radiusd_etc_rw_t, radiusd_etc_rw_t)
+filetrans_pattern(radiusd_t, radiusd_etc_t, radiusd_etc_rw_t, { dir file lnk_file })
-manage_dirs_pattern(radiusd_t,radiusd_log_t,radiusd_log_t)
-manage_files_pattern(radiusd_t,radiusd_log_t,radiusd_log_t)
-logging_log_filetrans(radiusd_t,radiusd_log_t,{ file dir })
+manage_dirs_pattern(radiusd_t, radiusd_log_t, radiusd_log_t)
+manage_files_pattern(radiusd_t, radiusd_log_t, radiusd_log_t)
+logging_log_filetrans(radiusd_t, radiusd_log_t,{ file dir })
-manage_files_pattern(radiusd_t,radiusd_var_lib_t,radiusd_var_lib_t)
+manage_files_pattern(radiusd_t, radiusd_var_lib_t, radiusd_var_lib_t)
-manage_files_pattern(radiusd_t,radiusd_var_run_t,radiusd_var_run_t)
-files_pid_filetrans(radiusd_t,radiusd_var_run_t,file)
+manage_files_pattern(radiusd_t, radiusd_var_run_t, radiusd_var_run_t)
+files_pid_filetrans(radiusd_t, radiusd_var_run_t, file)
kernel_read_kernel_sysctls(radiusd_t)
kernel_read_system_state(radiusd_t)
@@ -115,7 +115,7 @@ sysadm_dontaudit_search_home_dirs(radiusd_t)
sysadm_dontaudit_getattr_home_dirs(radiusd_t)
optional_policy(`
- cron_system_entry(radiusd_t,radiusd_exec_t)
+ cron_system_entry(radiusd_t, radiusd_exec_t)
')
optional_policy(`
diff --git a/policy/modules/services/radvd.te b/policy/modules/services/radvd.te
index 4eb0a67..2a32e53 100644
--- a/policy/modules/services/radvd.te
+++ b/policy/modules/services/radvd.te
@@ -7,7 +7,7 @@ policy_module(radvd, 1.8.0)
#
type radvd_t;
type radvd_exec_t;
-init_daemon_domain(radvd_t,radvd_exec_t)
+init_daemon_domain(radvd_t, radvd_exec_t)
type radvd_var_run_t;
files_pid_file(radvd_var_run_t)
@@ -30,8 +30,8 @@ allow radvd_t self:udp_socket create_socket_perms;
allow radvd_t radvd_etc_t:file read_file_perms;
-manage_files_pattern(radvd_t,radvd_var_run_t,radvd_var_run_t)
-files_pid_filetrans(radvd_t,radvd_var_run_t,file)
+manage_files_pattern(radvd_t, radvd_var_run_t, radvd_var_run_t)
+files_pid_filetrans(radvd_t, radvd_var_run_t, file)
kernel_read_kernel_sysctls(radvd_t)
kernel_rw_net_sysctls(radvd_t)
diff --git a/policy/modules/services/razor.if b/policy/modules/services/razor.if
index c8f24ac..30d3b0e 100644
--- a/policy/modules/services/razor.if
+++ b/policy/modules/services/razor.if
@@ -45,14 +45,14 @@ template(`razor_common_domain_template',`
allow $1_t razor_etc_t:file read_file_perms;
allow $1_t razor_etc_t:lnk_file { getattr read };
- manage_dirs_pattern($1_t,razor_log_t,razor_log_t)
- manage_files_pattern($1_t,razor_log_t,razor_log_t)
- manage_lnk_files_pattern($1_t,razor_log_t,razor_log_t)
- logging_log_filetrans($1_t,razor_log_t,file)
-
- manage_dirs_pattern($1_t,razor_var_lib_t,razor_var_lib_t)
- manage_files_pattern($1_t,razor_var_lib_t,razor_var_lib_t)
- manage_lnk_files_pattern($1_t,razor_var_lib_t,razor_var_lib_t)
+ manage_dirs_pattern($1_t, razor_log_t, razor_log_t)
+ manage_files_pattern($1_t, razor_log_t, razor_log_t)
+ manage_lnk_files_pattern($1_t, razor_log_t, razor_log_t)
+ logging_log_filetrans($1_t, razor_log_t, file)
+
+ manage_dirs_pattern($1_t, razor_var_lib_t, razor_var_lib_t)
+ manage_files_pattern($1_t, razor_var_lib_t, razor_var_lib_t)
+ manage_lnk_files_pattern($1_t, razor_var_lib_t, razor_var_lib_t)
files_search_var_lib($1_t)
# Razor is one executable and several symlinks
@@ -141,13 +141,13 @@ template(`razor_per_role_template',`
type $1_razor_t;
domain_type($1_razor_t)
- domain_entry_file($1_razor_t,razor_exec_t)
+ domain_entry_file($1_razor_t, razor_exec_t)
razor_common_domain_template($1_razor)
role $3 types $1_razor_t;
type $1_razor_home_t alias $1_razor_rw_t;
files_poly_member($1_razor_home_t)
- userdom_user_home_content($1,$1_razor_home_t)
+ userdom_user_home_content($1, $1_razor_home_t)
type $1_razor_tmp_t;
files_tmp_file($1_razor_tmp_t)
@@ -159,30 +159,30 @@ template(`razor_per_role_template',`
allow $1_razor_t self:unix_stream_socket create_stream_socket_perms;
- manage_dirs_pattern($1_razor_t,$1_razor_home_t,$1_razor_home_t)
- manage_files_pattern($1_razor_t,$1_razor_home_t,$1_razor_home_t)
- manage_lnk_files_pattern($1_razor_t,$1_razor_home_t,$1_razor_home_t)
- userdom_user_home_dir_filetrans($1,$1_razor_t,$1_razor_home_t,dir)
+ manage_dirs_pattern($1_razor_t, $1_razor_home_t, $1_razor_home_t)
+ manage_files_pattern($1_razor_t, $1_razor_home_t, $1_razor_home_t)
+ manage_lnk_files_pattern($1_razor_t, $1_razor_home_t, $1_razor_home_t)
+ userdom_user_home_dir_filetrans($1, $1_razor_t, $1_razor_home_t, dir)
- manage_dirs_pattern($1_razor_t,$1_razor_tmp_t,$1_razor_tmp_t)
- manage_files_pattern($1_razor_t,$1_razor_tmp_t,$1_razor_tmp_t)
+ manage_dirs_pattern($1_razor_t, $1_razor_tmp_t, $1_razor_tmp_t)
+ manage_files_pattern($1_razor_t, $1_razor_tmp_t, $1_razor_tmp_t)
files_tmp_filetrans($1_razor_t, $1_razor_tmp_t, { file dir })
domtrans_pattern($2, razor_exec_t, $1_razor_t)
- manage_dirs_pattern($2,$1_razor_home_t,$1_razor_home_t)
- manage_files_pattern($2,$1_razor_home_t,$1_razor_home_t)
- manage_lnk_files_pattern($2,$1_razor_home_t,$1_razor_home_t)
- relabel_dirs_pattern($2,$1_razor_home_t,$1_razor_home_t)
- relabel_files_pattern($2,$1_razor_home_t,$1_razor_home_t)
- relabel_lnk_files_pattern($2,$1_razor_home_t,$1_razor_home_t)
+ manage_dirs_pattern($2, $1_razor_home_t, $1_razor_home_t)
+ manage_files_pattern($2, $1_razor_home_t, $1_razor_home_t)
+ manage_lnk_files_pattern($2, $1_razor_home_t, $1_razor_home_t)
+ relabel_dirs_pattern($2, $1_razor_home_t, $1_razor_home_t)
+ relabel_files_pattern($2, $1_razor_home_t, $1_razor_home_t)
+ relabel_lnk_files_pattern($2, $1_razor_home_t, $1_razor_home_t)
logging_send_syslog_msg($1_razor_t)
- userdom_search_user_home_dirs($1,$1_razor_t)
+ userdom_search_user_home_dirs($1, $1_razor_t)
# Allow razor to be run by hand. Needed by any action other than
# invocation from a spam filter.
- userdom_use_user_terminals($1,$1_razor_t)
+ userdom_use_user_terminals($1, $1_razor_t)
tunable_policy(`use_nfs_home_dirs',`
fs_manage_nfs_dirs($1_razor_t)
diff --git a/policy/modules/services/razor.te b/policy/modules/services/razor.te
index e822462..156d1a6 100644
--- a/policy/modules/services/razor.te
+++ b/policy/modules/services/razor.te
@@ -1,5 +1,5 @@
-policy_module(razor,1.4.0)
+policy_module(razor, 1.4.0)
########################################
#
@@ -9,7 +9,7 @@ policy_module(razor,1.4.0)
type razor_t;
type razor_exec_t;
domain_type(razor_t)
-domain_entry_file(razor_t,razor_exec_t)
+domain_entry_file(razor_t, razor_exec_t)
role system_r types razor_t;
type razor_etc_t;
@@ -30,16 +30,16 @@ razor_common_domain_template(razor)
allow razor_t self:tcp_socket create_socket_perms;
-manage_dirs_pattern(razor_t,razor_etc_t,razor_etc_t)
-manage_files_pattern(razor_t,razor_etc_t,razor_etc_t)
-manage_lnk_files_pattern(razor_t,razor_etc_t,razor_etc_t)
+manage_dirs_pattern(razor_t, razor_etc_t, razor_etc_t)
+manage_files_pattern(razor_t, razor_etc_t, razor_etc_t)
+manage_lnk_files_pattern(razor_t, razor_etc_t, razor_etc_t)
files_search_etc(razor_t)
allow razor_t razor_log_t:file manage_file_perms;
-logging_log_filetrans(razor_t,razor_log_t,file)
+logging_log_filetrans(razor_t, razor_log_t, file)
-manage_files_pattern(razor_t,razor_var_lib_t,razor_var_lib_t)
-files_var_lib_filetrans(razor_t,razor_var_lib_t,file)
+manage_files_pattern(razor_t, razor_var_lib_t, razor_var_lib_t)
+files_var_lib_filetrans(razor_t, razor_var_lib_t, file)
corenet_all_recvfrom_unlabeled(razor_t)
corenet_all_recvfrom_netlabel(razor_t)
diff --git a/policy/modules/services/rdisc.te b/policy/modules/services/rdisc.te
index 8ccc0a2..10b72b0 100644
--- a/policy/modules/services/rdisc.te
+++ b/policy/modules/services/rdisc.te
@@ -1,5 +1,5 @@
-policy_module(rdisc,1.5.0)
+policy_module(rdisc, 1.5.0)
########################################
#
@@ -8,7 +8,7 @@ policy_module(rdisc,1.5.0)
type rdisc_t;
type rdisc_exec_t;
-init_daemon_domain(rdisc_t,rdisc_exec_t)
+init_daemon_domain(rdisc_t, rdisc_exec_t)
########################################
#
diff --git a/policy/modules/services/remotelogin.if b/policy/modules/services/remotelogin.if
index 3bfd4ec..6ff8060 100644
--- a/policy/modules/services/remotelogin.if
+++ b/policy/modules/services/remotelogin.if
@@ -15,7 +15,7 @@ interface(`remotelogin_domtrans',`
type remote_login_t;
')
- auth_domtrans_login_program($1,remote_login_t)
+ auth_domtrans_login_program($1, remote_login_t)
')
########################################
diff --git a/policy/modules/services/remotelogin.te b/policy/modules/services/remotelogin.te
index 3ce11e4..7fe8f58 100644
--- a/policy/modules/services/remotelogin.te
+++ b/policy/modules/services/remotelogin.te
@@ -1,5 +1,5 @@
-policy_module(remotelogin,1.5.0)
+policy_module(remotelogin, 1.5.0)
########################################
#
@@ -35,8 +35,8 @@ allow remote_login_t self:msgq create_msgq_perms;
allow remote_login_t self:msg { send receive };
allow remote_login_t self:key write;
-manage_dirs_pattern(remote_login_t,remote_login_tmp_t,remote_login_tmp_t)
-manage_files_pattern(remote_login_t,remote_login_tmp_t,remote_login_tmp_t)
+manage_dirs_pattern(remote_login_t, remote_login_tmp_t, remote_login_tmp_t)
+manage_files_pattern(remote_login_t, remote_login_tmp_t, remote_login_tmp_t)
files_tmp_filetrans(remote_login_t, remote_login_tmp_t, { file dir })
kernel_read_system_state(remote_login_t)
diff --git a/policy/modules/services/resmgr.te b/policy/modules/services/resmgr.te
index d916910..70c426f 100644
--- a/policy/modules/services/resmgr.te
+++ b/policy/modules/services/resmgr.te
@@ -1,5 +1,5 @@
-policy_module(resmgr,1.2.0)
+policy_module(resmgr, 1.2.0)
########################################
#
@@ -8,7 +8,7 @@ policy_module(resmgr,1.2.0)
type resmgrd_t;
type resmgrd_exec_t;
-init_daemon_domain(resmgrd_t,resmgrd_exec_t)
+init_daemon_domain(resmgrd_t, resmgrd_exec_t)
type resmgrd_etc_t;
files_config_file(resmgrd_etc_t)
@@ -30,7 +30,7 @@ files_search_etc(resmgrd_t)
allow resmgrd_t resmgrd_var_run_t:file manage_file_perms;
allow resmgrd_t resmgrd_var_run_t:sock_file manage_sock_file_perms;
-files_pid_filetrans(resmgrd_t,resmgrd_var_run_t,{ file sock_file })
+files_pid_filetrans(resmgrd_t, resmgrd_var_run_t, { file sock_file })
kernel_list_proc(resmgrd_t)
kernel_read_proc_symlinks(resmgrd_t)
diff --git a/policy/modules/services/rhgb.te b/policy/modules/services/rhgb.te
index 3bf4aff..d8b1c63 100644
--- a/policy/modules/services/rhgb.te
+++ b/policy/modules/services/rhgb.te
@@ -8,7 +8,7 @@ policy_module(rhgb, 1.7.0)
type rhgb_t;
type rhgb_exec_t;
-init_daemon_domain(rhgb_t,rhgb_exec_t)
+init_daemon_domain(rhgb_t, rhgb_exec_t)
type rhgb_tmpfs_t;
files_tmpfs_file(rhgb_tmpfs_t)
@@ -34,12 +34,12 @@ allow rhgb_t self:netlink_route_socket r_netlink_socket_perms;
allow rhgb_t rhgb_devpts_t:chr_file { rw_chr_file_perms setattr };
term_create_pty(rhgb_t,rhgb_devpts_t)
-manage_dirs_pattern(rhgb_t,rhgb_tmpfs_t,rhgb_tmpfs_t)
-manage_files_pattern(rhgb_t,rhgb_tmpfs_t,rhgb_tmpfs_t)
-manage_lnk_files_pattern(rhgb_t,rhgb_tmpfs_t,rhgb_tmpfs_t)
-manage_fifo_files_pattern(rhgb_t,rhgb_tmpfs_t,rhgb_tmpfs_t)
-manage_sock_files_pattern(rhgb_t,rhgb_tmpfs_t,rhgb_tmpfs_t)
-fs_tmpfs_filetrans(rhgb_t,rhgb_tmpfs_t,{ dir file lnk_file sock_file fifo_file })
+manage_dirs_pattern(rhgb_t, rhgb_tmpfs_t, rhgb_tmpfs_t)
+manage_files_pattern(rhgb_t, rhgb_tmpfs_t, rhgb_tmpfs_t)
+manage_lnk_files_pattern(rhgb_t, rhgb_tmpfs_t, rhgb_tmpfs_t)
+manage_fifo_files_pattern(rhgb_t, rhgb_tmpfs_t, rhgb_tmpfs_t)
+manage_sock_files_pattern(rhgb_t, rhgb_tmpfs_t, rhgb_tmpfs_t)
+fs_tmpfs_filetrans(rhgb_t, rhgb_tmpfs_t, { dir file lnk_file sock_file fifo_file })
kernel_read_kernel_sysctls(rhgb_t)
kernel_read_system_state(rhgb_t)
diff --git a/policy/modules/services/ricci.if b/policy/modules/services/ricci.if
index be4d466..9f3641b 100644
--- a/policy/modules/services/ricci.if
+++ b/policy/modules/services/ricci.if
@@ -15,7 +15,7 @@ interface(`ricci_domtrans',`
type ricci_t, ricci_exec_t;
')
- domtrans_pattern($1,ricci_exec_t,ricci_t)
+ domtrans_pattern($1, ricci_exec_t, ricci_t)
')
########################################
@@ -33,7 +33,7 @@ interface(`ricci_domtrans_modcluster',`
type ricci_modcluster_t, ricci_modcluster_exec_t;
')
- domtrans_pattern($1,ricci_modcluster_exec_t,ricci_modcluster_t)
+ domtrans_pattern($1, ricci_modcluster_exec_t, ricci_modcluster_t)
')
########################################
@@ -109,7 +109,7 @@ interface(`ricci_domtrans_modlog',`
type ricci_modlog_t, ricci_modlog_exec_t;
')
- domtrans_pattern($1,ricci_modlog_exec_t,ricci_modlog_t)
+ domtrans_pattern($1, ricci_modlog_exec_t, ricci_modlog_t)
')
########################################
@@ -127,7 +127,7 @@ interface(`ricci_domtrans_modrpm',`
type ricci_modrpm_t, ricci_modrpm_exec_t;
')
- domtrans_pattern($1,ricci_modrpm_exec_t,ricci_modrpm_t)
+ domtrans_pattern($1, ricci_modrpm_exec_t, ricci_modrpm_t)
')
########################################
@@ -145,7 +145,7 @@ interface(`ricci_domtrans_modservice',`
type ricci_modservice_t, ricci_modservice_exec_t;
')
- domtrans_pattern($1,ricci_modservice_exec_t,ricci_modservice_t)
+ domtrans_pattern($1, ricci_modservice_exec_t, ricci_modservice_t)
')
########################################
@@ -163,5 +163,5 @@ interface(`ricci_domtrans_modstorage',`
type ricci_modstorage_t, ricci_modstorage_exec_t;
')
- domtrans_pattern($1,ricci_modstorage_exec_t,ricci_modstorage_t)
+ domtrans_pattern($1, ricci_modstorage_exec_t, ricci_modstorage_t)
')
diff --git a/policy/modules/services/ricci.te b/policy/modules/services/ricci.te
index 91371f0..dc94414 100644
--- a/policy/modules/services/ricci.te
+++ b/policy/modules/services/ricci.te
@@ -1,5 +1,5 @@
-policy_module(ricci,1.3.0)
+policy_module(ricci, 1.3.0)
########################################
#
@@ -88,33 +88,33 @@ allow ricci_t self:fifo_file { read write };
allow ricci_t self:unix_stream_socket { create_stream_socket_perms connectto };
allow ricci_t self:tcp_socket create_stream_socket_perms;
-domain_auto_trans(ricci_t,ricci_modcluster_exec_t,ricci_modcluster_t)
-domain_auto_trans(ricci_t,ricci_modlog_exec_t,ricci_modlog_t)
-domain_auto_trans(ricci_t,ricci_modrpm_exec_t,ricci_modrpm_t)
-domain_auto_trans(ricci_t,ricci_modservice_exec_t,ricci_modservice_t)
-domain_auto_trans(ricci_t,ricci_modstorage_exec_t,ricci_modstorage_t)
+domain_auto_trans(ricci_t, ricci_modcluster_exec_t, ricci_modcluster_t)
+domain_auto_trans(ricci_t, ricci_modlog_exec_t, ricci_modlog_t)
+domain_auto_trans(ricci_t, ricci_modrpm_exec_t, ricci_modrpm_t)
+domain_auto_trans(ricci_t, ricci_modservice_exec_t, ricci_modservice_t)
+domain_auto_trans(ricci_t, ricci_modstorage_exec_t, ricci_modstorage_t)
# tmp file
-manage_dirs_pattern(ricci_t,ricci_tmp_t,ricci_tmp_t)
-manage_files_pattern(ricci_t,ricci_tmp_t,ricci_tmp_t)
+manage_dirs_pattern(ricci_t, ricci_tmp_t, ricci_tmp_t)
+manage_files_pattern(ricci_t, ricci_tmp_t, ricci_tmp_t)
files_tmp_filetrans(ricci_t, ricci_tmp_t, { file dir })
# var/lib files for ricci
-manage_dirs_pattern(ricci_t,ricci_var_lib_t,ricci_var_lib_t)
-manage_files_pattern(ricci_t,ricci_var_lib_t,ricci_var_lib_t)
-manage_sock_files_pattern(ricci_t,ricci_var_lib_t,ricci_var_lib_t)
-files_var_lib_filetrans(ricci_t,ricci_var_lib_t, { file dir sock_file })
+manage_dirs_pattern(ricci_t, ricci_var_lib_t, ricci_var_lib_t)
+manage_files_pattern(ricci_t, ricci_var_lib_t, ricci_var_lib_t)
+manage_sock_files_pattern(ricci_t, ricci_var_lib_t, ricci_var_lib_t)
+files_var_lib_filetrans(ricci_t, ricci_var_lib_t, { file dir sock_file })
# log files
allow ricci_t ricci_var_log_t:dir setattr;
-manage_files_pattern(ricci_t,ricci_var_log_t,ricci_var_log_t)
-manage_sock_files_pattern(ricci_t,ricci_var_log_t,ricci_var_log_t)
-logging_log_filetrans(ricci_t,ricci_var_log_t,{ sock_file file dir })
+manage_files_pattern(ricci_t, ricci_var_log_t, ricci_var_log_t)
+manage_sock_files_pattern(ricci_t, ricci_var_log_t, ricci_var_log_t)
+logging_log_filetrans(ricci_t, ricci_var_log_t, { sock_file file dir })
# pid file
-manage_files_pattern(ricci_t,ricci_var_run_t,ricci_var_run_t)
-manage_sock_files_pattern(ricci_t,ricci_var_run_t,ricci_var_run_t)
-files_pid_filetrans(ricci_t,ricci_var_run_t, { file sock_file })
+manage_files_pattern(ricci_t, ricci_var_run_t, ricci_var_run_t)
+manage_sock_files_pattern(ricci_t, ricci_var_run_t, ricci_var_run_t)
+files_pid_filetrans(ricci_t, ricci_var_run_t, { file sock_file })
kernel_read_kernel_sysctls(ricci_t)
@@ -158,7 +158,7 @@ optional_policy(`
')
optional_policy(`
- dbus_system_bus_client_template(ricci,ricci_t)
+ dbus_system_bus_client_template(ricci, ricci_t)
oddjob_dbus_chat(ricci_t)
')
@@ -273,14 +273,14 @@ allow ricci_modclusterd_t ricci_modcluster_t:unix_stream_socket connectto;
# log files
allow ricci_modclusterd_t ricci_modcluster_var_log_t:dir setattr;
-manage_files_pattern(ricci_modclusterd_t,ricci_modcluster_var_log_t,ricci_modcluster_var_log_t)
-manage_sock_files_pattern(ricci_modclusterd_t,ricci_modcluster_var_log_t,ricci_modcluster_var_log_t)
-logging_log_filetrans(ricci_modclusterd_t,ricci_modcluster_var_log_t,{ sock_file file dir })
+manage_files_pattern(ricci_modclusterd_t, ricci_modcluster_var_log_t, ricci_modcluster_var_log_t)
+manage_sock_files_pattern(ricci_modclusterd_t, ricci_modcluster_var_log_t, ricci_modcluster_var_log_t)
+logging_log_filetrans(ricci_modclusterd_t, ricci_modcluster_var_log_t, { sock_file file dir })
# pid file
-manage_files_pattern(ricci_modclusterd_t,ricci_modcluster_var_run_t,ricci_modcluster_var_run_t)
-manage_sock_files_pattern(ricci_modclusterd_t,ricci_modcluster_var_run_t,ricci_modcluster_var_run_t)
-files_pid_filetrans(ricci_modclusterd_t,ricci_modcluster_var_run_t, { file sock_file })
+manage_files_pattern(ricci_modclusterd_t, ricci_modcluster_var_run_t, ricci_modcluster_var_run_t)
+manage_sock_files_pattern(ricci_modclusterd_t, ricci_modcluster_var_run_t, ricci_modcluster_var_run_t)
+files_pid_filetrans(ricci_modclusterd_t, ricci_modcluster_var_run_t, { file sock_file })
kernel_read_kernel_sysctls(ricci_modclusterd_t)
kernel_read_system_state(ricci_modclusterd_t)
@@ -440,8 +440,8 @@ allow ricci_modstorage_t self:unix_dgram_socket create_socket_perms;
kernel_read_kernel_sysctls(ricci_modstorage_t)
kernel_read_system_state(ricci_modstorage_t)
-create_files_pattern(ricci_modstorage_t,ricci_modstorage_lock_t,ricci_modstorage_lock_t)
-files_lock_filetrans(ricci_modstorage_t,ricci_modstorage_lock_t,file)
+create_files_pattern(ricci_modstorage_t, ricci_modstorage_lock_t, ricci_modstorage_lock_t)
+files_lock_filetrans(ricci_modstorage_t, ricci_modstorage_lock_t, file)
corecmd_exec_bin(ricci_modstorage_t)
diff --git a/policy/modules/services/rlogin.if b/policy/modules/services/rlogin.if
index 98f7016..d111a6f 100644
--- a/policy/modules/services/rlogin.if
+++ b/policy/modules/services/rlogin.if
@@ -16,5 +16,5 @@ interface(`rlogin_domtrans',`
')
corecmd_search_bin($1)
- domtrans_pattern($1,rlogind_exec_t,rlogind_t)
+ domtrans_pattern($1, rlogind_exec_t, rlogind_t)
')
diff --git a/policy/modules/services/rlogin.te b/policy/modules/services/rlogin.te
index ab4efc7..4f7b6ee 100644
--- a/policy/modules/services/rlogin.te
+++ b/policy/modules/services/rlogin.te
@@ -34,7 +34,7 @@ allow rlogind_t self:netlink_tcpdiag_socket r_netlink_socket_perms;
allow rlogind_t self:capability { setuid setgid };
allow rlogind_t rlogind_devpts_t:chr_file { rw_chr_file_perms setattr };
-term_create_pty(rlogind_t,rlogind_devpts_t)
+term_create_pty(rlogind_t, rlogind_devpts_t)
# for /usr/lib/telnetlogin
can_exec(rlogind_t, rlogind_exec_t)
diff --git a/policy/modules/services/roundup.te b/policy/modules/services/roundup.te
index 9cd5681..4992c5b 100644
--- a/policy/modules/services/roundup.te
+++ b/policy/modules/services/roundup.te
@@ -8,7 +8,7 @@ policy_module(roundup, 1.5.0)
type roundup_t;
type roundup_exec_t;
-init_daemon_domain(roundup_t,roundup_exec_t)
+init_daemon_domain(roundup_t, roundup_exec_t)
type roundup_var_run_t;
files_pid_file(roundup_var_run_t)
@@ -28,11 +28,11 @@ allow roundup_t self:unix_stream_socket create_stream_socket_perms;
allow roundup_t self:tcp_socket create_stream_socket_perms;
allow roundup_t self:udp_socket create_socket_perms;
-manage_files_pattern(roundup_t,roundup_var_lib_t,roundup_var_lib_t)
-files_var_lib_filetrans(roundup_t,roundup_var_lib_t,file)
+manage_files_pattern(roundup_t, roundup_var_lib_t, roundup_var_lib_t)
+files_var_lib_filetrans(roundup_t, roundup_var_lib_t, file)
-manage_files_pattern(roundup_t,roundup_var_run_t,roundup_var_run_t)
-files_pid_filetrans(roundup_t,roundup_var_run_t,file)
+manage_files_pattern(roundup_t, roundup_var_run_t, roundup_var_run_t)
+files_pid_filetrans(roundup_t, roundup_var_run_t, file)
kernel_read_kernel_sysctls(roundup_t)
kernel_list_proc(roundup_t)
diff --git a/policy/modules/services/rpc.if b/policy/modules/services/rpc.if
index b082a84..961bb7b 100644
--- a/policy/modules/services/rpc.if
+++ b/policy/modules/services/rpc.if
@@ -40,7 +40,7 @@ template(`rpc_domain_template', `
type $1_t;
type $1_exec_t;
- init_daemon_domain($1_t,$1_exec_t)
+ init_daemon_domain($1_t, $1_exec_t)
domain_use_interactive_fds($1_t)
####################################
@@ -56,8 +56,8 @@ template(`rpc_domain_template', `
allow $1_t self:tcp_socket create_stream_socket_perms;
allow $1_t self:udp_socket create_socket_perms;
- manage_dirs_pattern($1_t,var_lib_nfs_t,var_lib_nfs_t)
- manage_files_pattern($1_t,var_lib_nfs_t,var_lib_nfs_t)
+ manage_dirs_pattern($1_t, var_lib_nfs_t, var_lib_nfs_t)
+ manage_files_pattern($1_t, var_lib_nfs_t, var_lib_nfs_t)
kernel_list_proc($1_t)
kernel_read_proc_symlinks($1_t)
@@ -203,7 +203,7 @@ interface(`rpc_domtrans_nfsd',`
type nfsd_t, nfsd_exec_t;
')
- domtrans_pattern($1,nfsd_exec_t,nfsd_t)
+ domtrans_pattern($1, nfsd_exec_t, nfsd_t)
')
########################################
@@ -243,9 +243,9 @@ interface(`rpc_manage_nfs_rw_content',`
type nfsd_rw_t;
')
- manage_dirs_pattern($1,nfsd_rw_t,nfsd_rw_t)
- manage_files_pattern($1,nfsd_rw_t,nfsd_rw_t)
- manage_lnk_files_pattern($1,nfsd_rw_t,nfsd_rw_t)
+ manage_dirs_pattern($1, nfsd_rw_t, nfsd_rw_t)
+ manage_files_pattern($1, nfsd_rw_t, nfsd_rw_t)
+ manage_lnk_files_pattern($1, nfsd_rw_t, nfsd_rw_t)
')
########################################
@@ -264,9 +264,9 @@ interface(`rpc_manage_nfs_ro_content',`
type nfsd_ro_t;
')
- manage_dirs_pattern($1,nfsd_ro_t,nfsd_ro_t)
- manage_files_pattern($1,nfsd_ro_t,nfsd_ro_t)
- manage_lnk_files_pattern($1,nfsd_ro_t,nfsd_ro_t)
+ manage_dirs_pattern($1, nfsd_ro_t, nfsd_ro_t)
+ manage_files_pattern($1, nfsd_ro_t, nfsd_ro_t)
+ manage_lnk_files_pattern($1, nfsd_ro_t, nfsd_ro_t)
')
########################################
@@ -336,5 +336,5 @@ interface(`rpc_read_nfs_state_data',`
')
files_search_var_lib($1)
- read_files_pattern($1,var_lib_nfs_t,var_lib_nfs_t)
+ read_files_pattern($1, var_lib_nfs_t, var_lib_nfs_t)
')
diff --git a/policy/modules/services/rpc.te b/policy/modules/services/rpc.te
index 63cf26f..f35086c 100644
--- a/policy/modules/services/rpc.te
+++ b/policy/modules/services/rpc.te
@@ -1,5 +1,5 @@
-policy_module(rpc,1.8.0)
+policy_module(rpc, 1.8.0)
########################################
#
@@ -11,7 +11,7 @@ policy_module(rpc,1.8.0)
## Allow gssd to read temp directory. For access to kerberos tgt.
##
##
-gen_tunable(allow_gssd_read_tmp,true)
+gen_tunable(allow_gssd_read_tmp, true)
##
##
@@ -20,7 +20,7 @@ gen_tunable(allow_gssd_read_tmp,true)
## labeled public_content_rw_t.
##
##
-gen_tunable(allow_nfsd_anon_write,false)
+gen_tunable(allow_nfsd_anon_write, false)
type exports_t;
files_type(exports_t)
@@ -57,8 +57,8 @@ allow rpcd_t self:capability { chown dac_override setgid setuid };
allow rpcd_t self:fifo_file rw_fifo_file_perms;
allow rpcd_t rpcd_var_run_t:dir setattr;
-manage_files_pattern(rpcd_t,rpcd_var_run_t,rpcd_var_run_t)
-files_pid_filetrans(rpcd_t,rpcd_var_run_t,file)
+manage_files_pattern(rpcd_t, rpcd_var_run_t, rpcd_var_run_t)
+files_pid_filetrans(rpcd_t, rpcd_var_run_t, file)
# rpc.statd executes sm-notify
can_exec(rpcd_t, rpcd_exec_t)
@@ -145,8 +145,8 @@ allow gssd_t self:capability { dac_override dac_read_search setuid sys_nice };
allow gssd_t self:process { getsched setsched };
allow gssd_t self:fifo_file rw_file_perms;
-manage_dirs_pattern(gssd_t,gssd_tmp_t,gssd_tmp_t)
-manage_files_pattern(gssd_t,gssd_tmp_t,gssd_tmp_t)
+manage_dirs_pattern(gssd_t, gssd_tmp_t, gssd_tmp_t)
+manage_files_pattern(gssd_t, gssd_tmp_t, gssd_tmp_t)
files_tmp_filetrans(gssd_t, gssd_tmp_t, { file dir })
kernel_read_network_state(gssd_t)
diff --git a/policy/modules/services/rpcbind.if b/policy/modules/services/rpcbind.if
index 5271eb7..7a74f11 100644
--- a/policy/modules/services/rpcbind.if
+++ b/policy/modules/services/rpcbind.if
@@ -15,7 +15,7 @@ interface(`rpcbind_domtrans',`
type rpcbind_t, rpcbind_exec_t;
')
- domtrans_pattern($1,rpcbind_exec_t,rpcbind_t)
+ domtrans_pattern($1, rpcbind_exec_t, rpcbind_t)
')
########################################
@@ -72,7 +72,7 @@ interface(`rpcbind_read_lib_files',`
type rpcbind_var_lib_t;
')
- read_files_pattern($1,rpcbind_var_lib_t,rpcbind_var_lib_t)
+ read_files_pattern($1, rpcbind_var_lib_t, rpcbind_var_lib_t)
files_search_var_lib($1)
')
@@ -92,6 +92,6 @@ interface(`rpcbind_manage_lib_files',`
type rpcbind_var_lib_t;
')
- manage_files_pattern($1,rpcbind_var_lib_t,rpcbind_var_lib_t)
+ manage_files_pattern($1, rpcbind_var_lib_t, rpcbind_var_lib_t)
files_search_var_lib($1)
')
diff --git a/policy/modules/services/rpcbind.te b/policy/modules/services/rpcbind.te
index 9187944..c2a2ae1 100644
--- a/policy/modules/services/rpcbind.te
+++ b/policy/modules/services/rpcbind.te
@@ -1,5 +1,5 @@
-policy_module(rpcbind,1.1.0)
+policy_module(rpcbind, 1.1.0)
########################################
#
@@ -28,14 +28,14 @@ allow rpcbind_t self:netlink_route_socket r_netlink_socket_perms;
allow rpcbind_t self:udp_socket create_socket_perms;
allow rpcbind_t self:tcp_socket create_stream_socket_perms;
-manage_files_pattern(rpcbind_t,rpcbind_var_run_t,rpcbind_var_run_t)
-manage_sock_files_pattern(rpcbind_t,rpcbind_var_run_t,rpcbind_var_run_t)
-files_pid_filetrans(rpcbind_t,rpcbind_var_run_t, { file sock_file })
+manage_files_pattern(rpcbind_t, rpcbind_var_run_t, rpcbind_var_run_t)
+manage_sock_files_pattern(rpcbind_t, rpcbind_var_run_t, rpcbind_var_run_t)
+files_pid_filetrans(rpcbind_t, rpcbind_var_run_t, { file sock_file })
-manage_dirs_pattern(rpcbind_t,rpcbind_var_lib_t,rpcbind_var_lib_t)
-manage_files_pattern(rpcbind_t,rpcbind_var_lib_t,rpcbind_var_lib_t)
-manage_sock_files_pattern(rpcbind_t,rpcbind_var_lib_t,rpcbind_var_lib_t)
-files_var_lib_filetrans(rpcbind_t,rpcbind_var_lib_t, { file dir sock_file })
+manage_dirs_pattern(rpcbind_t, rpcbind_var_lib_t, rpcbind_var_lib_t)
+manage_files_pattern(rpcbind_t, rpcbind_var_lib_t, rpcbind_var_lib_t)
+manage_sock_files_pattern(rpcbind_t, rpcbind_var_lib_t, rpcbind_var_lib_t)
+files_var_lib_filetrans(rpcbind_t, rpcbind_var_lib_t, { file dir sock_file })
kernel_read_network_state(rpcbind_t)
diff --git a/policy/modules/services/rshd.if b/policy/modules/services/rshd.if
index 2e7daee..e422af6 100644
--- a/policy/modules/services/rshd.if
+++ b/policy/modules/services/rshd.if
@@ -17,5 +17,5 @@ interface(`rshd_domtrans',`
files_search_usr($1)
corecmd_search_bin($1)
- domtrans_pattern($1,rshd_exec_t,rshd_t)
+ domtrans_pattern($1, rshd_exec_t, rshd_t)
')
diff --git a/policy/modules/services/rshd.te b/policy/modules/services/rshd.te
index bf1b516..9e0ca3b 100644
--- a/policy/modules/services/rshd.te
+++ b/policy/modules/services/rshd.te
@@ -1,5 +1,5 @@
-policy_module(rshd,1.5.0)
+policy_module(rshd, 1.5.0)
########################################
#
@@ -81,7 +81,7 @@ optional_policy(`
')
optional_policy(`
- tcpd_wrapped_domain(rshd_t,rshd_exec_t)
+ tcpd_wrapped_domain(rshd_t, rshd_exec_t)
')
optional_policy(`
diff --git a/policy/modules/services/rsync.if b/policy/modules/services/rsync.if
index af9ff01..a363a9a 100644
--- a/policy/modules/services/rsync.if
+++ b/policy/modules/services/rsync.if
@@ -16,7 +16,7 @@ interface(`rsync_entry_type',`
type rsync_exec_t;
')
- domain_entry_file($1,rsync_exec_t)
+ domain_entry_file($1, rsync_exec_t)
')
########################################
@@ -49,7 +49,7 @@ interface(`rsync_entry_spec_domtrans',`
type rsync_exec_t;
')
- domain_trans($1,rsync_exec_t,$2)
+ domain_trans($1, rsync_exec_t, $2)
')
########################################
@@ -82,7 +82,7 @@ interface(`rsync_entry_domtrans',`
type rsync_exec_t;
')
- domain_auto_trans($1,rsync_exec_t,$2)
+ domain_auto_trans($1, rsync_exec_t, $2)
')
########################################
@@ -101,5 +101,5 @@ interface(`rsync_exec',`
type rsync_exec_t;
')
- can_exec($1,rsync_exec_t)
+ can_exec($1, rsync_exec_t)
')
diff --git a/policy/modules/services/rsync.te b/policy/modules/services/rsync.te
index a81d457..371d6bc 100644
--- a/policy/modules/services/rsync.te
+++ b/policy/modules/services/rsync.te
@@ -1,5 +1,5 @@
-policy_module(rsync,1.6.0)
+policy_module(rsync, 1.6.0)
########################################
#
@@ -11,7 +11,7 @@ policy_module(rsync,1.6.0)
## Allow rsync to export any files/directories read only.
##
##
-gen_tunable(rsync_export_all_ro,false)
+gen_tunable(rsync_export_all_ro, false)
##
##
@@ -20,11 +20,11 @@ gen_tunable(rsync_export_all_ro,false)
## labeled public_content_rw_t.
##
##
-gen_tunable(allow_rsync_anon_write,false)
+gen_tunable(allow_rsync_anon_write, false)
type rsync_t;
type rsync_exec_t;
-init_daemon_domain(rsync_t,rsync_exec_t)
+init_daemon_domain(rsync_t, rsync_exec_t)
application_executable_file(rsync_exec_t)
role system_r types rsync_t;
@@ -56,15 +56,15 @@ allow rsync_t self:capability { setuid setgid };
#end for identd
allow rsync_t rsync_data_t:dir list_dir_perms;
-read_files_pattern(rsync_t,rsync_data_t,rsync_data_t)
-read_lnk_files_pattern(rsync_t,rsync_data_t,rsync_data_t)
+read_files_pattern(rsync_t, rsync_data_t, rsync_data_t)
+read_lnk_files_pattern(rsync_t, rsync_data_t, rsync_data_t)
-manage_dirs_pattern(rsync_t,rsync_tmp_t,rsync_tmp_t)
-manage_files_pattern(rsync_t,rsync_tmp_t,rsync_tmp_t)
+manage_dirs_pattern(rsync_t, rsync_tmp_t, rsync_tmp_t)
+manage_files_pattern(rsync_t, rsync_tmp_t, rsync_tmp_t)
files_tmp_filetrans(rsync_t, rsync_tmp_t, { file dir })
-manage_files_pattern(rsync_t,rsync_var_run_t,rsync_var_run_t)
-files_pid_filetrans(rsync_t,rsync_var_run_t,file)
+manage_files_pattern(rsync_t, rsync_var_run_t, rsync_var_run_t)
+files_pid_filetrans(rsync_t, rsync_var_run_t, file)
kernel_read_kernel_sysctls(rsync_t)
kernel_read_system_state(rsync_t)
@@ -113,7 +113,7 @@ optional_policy(`
')
optional_policy(`
- inetd_service_domain(rsync_t,rsync_exec_t)
+ inetd_service_domain(rsync_t, rsync_exec_t)
')
tunable_policy(`rsync_export_all_ro',`
diff --git a/policy/modules/services/rwho.if b/policy/modules/services/rwho.if
index d177de4..523086e 100644
--- a/policy/modules/services/rwho.if
+++ b/policy/modules/services/rwho.if
@@ -15,7 +15,7 @@ interface(`rwho_domtrans',`
type rwho_t, rwho_exec_t;
')
- domtrans_pattern($1,rwho_exec_t,rwho_t)
+ domtrans_pattern($1, rwho_exec_t, rwho_t)
')
########################################
@@ -92,7 +92,7 @@ interface(`rwho_read_spool_files',`
type rwho_spool_t;
')
- read_files_pattern($1,rwho_spool_t,rwho_spool_t)
+ read_files_pattern($1, rwho_spool_t, rwho_spool_t)
files_search_spool($1)
')
diff --git a/policy/modules/services/rwho.te b/policy/modules/services/rwho.te
index a708be7..21c9fd2 100644
--- a/policy/modules/services/rwho.te
+++ b/policy/modules/services/rwho.te
@@ -1,5 +1,5 @@
-policy_module(rwho,1.4.0)
+policy_module(rwho, 1.4.0)
########################################
#
@@ -33,7 +33,7 @@ logging_log_filetrans(rwho_t, rwho_log_t, { file dir })
allow rwho_t rwho_spool_t:dir manage_dir_perms;
allow rwho_t rwho_spool_t:file manage_file_perms;
-files_spool_filetrans(rwho_t,rwho_spool_t, { file dir })
+files_spool_filetrans(rwho_t, rwho_spool_t, { file dir })
kernel_read_system_state(rwho_t)
diff --git a/policy/modules/services/samba.if b/policy/modules/services/samba.if
index 9495ac0..b632cb4 100644
--- a/policy/modules/services/samba.if
+++ b/policy/modules/services/samba.if
@@ -33,12 +33,12 @@ template(`samba_per_role_template',`
')
tunable_policy(`samba_enable_home_dirs',`
- userdom_manage_user_home_content_dirs($1,smbd_t)
- userdom_manage_user_home_content_files($1,smbd_t)
- userdom_manage_user_home_content_symlinks($1,smbd_t)
- userdom_manage_user_home_content_sockets($1,smbd_t)
- userdom_manage_user_home_content_pipes($1,smbd_t)
- userdom_user_home_dir_filetrans_user_home_content($1,smbd_t,{ dir file lnk_file sock_file fifo_file })
+ userdom_manage_user_home_content_dirs($1, smbd_t)
+ userdom_manage_user_home_content_files($1, smbd_t)
+ userdom_manage_user_home_content_symlinks($1, smbd_t)
+ userdom_manage_user_home_content_sockets($1, smbd_t)
+ userdom_manage_user_home_content_pipes($1, smbd_t)
+ userdom_user_home_dir_filetrans_user_home_content($1, smbd_t, { dir file lnk_file sock_file fifo_file })
')
')
@@ -58,7 +58,7 @@ interface(`samba_domtrans_net',`
')
corecmd_search_bin($1)
- domtrans_pattern($1,samba_net_exec_t,samba_net_t)
+ domtrans_pattern($1, samba_net_exec_t, samba_net_t)
')
########################################
@@ -109,7 +109,7 @@ interface(`samba_domtrans_smbmount',`
')
corecmd_search_bin($1)
- domtrans_pattern($1,smbmount_exec_t,smbmount_t)
+ domtrans_pattern($1, smbmount_exec_t, smbmount_t)
')
########################################
@@ -162,7 +162,7 @@ interface(`samba_read_config',`
')
files_search_etc($1)
- read_files_pattern($1,samba_etc_t,samba_etc_t)
+ read_files_pattern($1, samba_etc_t, samba_etc_t)
')
########################################
@@ -183,7 +183,7 @@ interface(`samba_rw_config',`
')
files_search_etc($1)
- rw_files_pattern($1,samba_etc_t,samba_etc_t)
+ rw_files_pattern($1, samba_etc_t, samba_etc_t)
')
########################################
@@ -204,7 +204,7 @@ interface(`samba_read_log',`
logging_search_logs($1)
allow $1 samba_log_t:dir list_dir_perms;
- read_files_pattern($1,samba_log_t,samba_log_t)
+ read_files_pattern($1, samba_log_t, samba_log_t)
')
########################################
@@ -244,7 +244,7 @@ interface(`samba_exec_log',`
')
logging_search_logs($1)
- can_exec($1,samba_log_t)
+ can_exec($1, samba_log_t)
')
########################################
@@ -305,7 +305,7 @@ interface(`samba_read_var_files',`
files_search_var($1)
files_search_var_lib($1)
- read_files_pattern($1,samba_var_t,samba_var_t)
+ read_files_pattern($1, samba_var_t, samba_var_t)
')
########################################
@@ -326,7 +326,7 @@ interface(`samba_rw_var_files',`
files_search_var($1)
files_search_var_lib($1)
- rw_files_pattern($1,samba_var_t,samba_var_t)
+ rw_files_pattern($1, samba_var_t, samba_var_t)
')
########################################
@@ -347,7 +347,7 @@ interface(`samba_manage_var_files',`
files_search_var($1)
files_search_var_lib($1)
- manage_files_pattern($1,samba_var_t,samba_var_t)
+ manage_files_pattern($1, samba_var_t, samba_var_t)
')
########################################
@@ -419,7 +419,7 @@ interface(`samba_domtrans_winbind_helper',`
type winbind_helper_t, winbind_helper_exec_t;
')
- domtrans_pattern($1,winbind_helper_exec_t,winbind_helper_t)
+ domtrans_pattern($1, winbind_helper_exec_t, winbind_helper_t)
')
########################################
@@ -491,7 +491,7 @@ interface(`samba_stream_connect_winbind',`
files_search_pids($1)
allow $1 samba_var_t:dir search_dir_perms;
- stream_connect_pattern($1,winbind_var_run_t,winbind_var_run_t,winbind_t)
+ stream_connect_pattern($1, winbind_var_run_t, winbind_var_run_t, winbind_t)
',`
gen_require(`
type winbind_t, winbind_tmp_t;
@@ -500,6 +500,6 @@ interface(`samba_stream_connect_winbind',`
# the default for the socket is (poorly named):
# /tmp/.winbindd/pipe
files_search_tmp($1)
- stream_connect_pattern($1,winbind_tmp_t,winbind_tmp_t,winbind_t)
+ stream_connect_pattern($1, winbind_tmp_t, winbind_tmp_t, winbind_t)
')
')
diff --git a/policy/modules/services/samba.te b/policy/modules/services/samba.te
index 587dd58..a6ba34a 100644
--- a/policy/modules/services/samba.te
+++ b/policy/modules/services/samba.te
@@ -13,7 +13,7 @@ policy_module(samba, 1.9.0)
## public_content_rw_t.
##
##
-gen_tunable(allow_smbd_anon_write,false)
+gen_tunable(allow_smbd_anon_write, false)
##
##
@@ -22,46 +22,46 @@ gen_tunable(allow_smbd_anon_write,false)
##
##
##
-gen_tunable(samba_domain_controller,false)
+gen_tunable(samba_domain_controller, false)
##
##
## Allow samba to share users home directories.
##
##
-gen_tunable(samba_enable_home_dirs,false)
+gen_tunable(samba_enable_home_dirs, false)
##
##
## Allow samba to share any file/directory read only.
##
##
-gen_tunable(samba_export_all_ro,false)
+gen_tunable(samba_export_all_ro, false)
##
##
## Allow samba to share any file/directory read/write.
##
##
-gen_tunable(samba_export_all_rw,false)
+gen_tunable(samba_export_all_rw, false)
##
##
## Allow samba to run unconfined scripts
##
##
-gen_tunable(samba_run_unconfined,false)
+gen_tunable(samba_run_unconfined, false)
##
##
## Allow samba to export NFS volumes.
##
##
-gen_tunable(samba_share_nfs,false)
+gen_tunable(samba_share_nfs, false)
type nmbd_t;
type nmbd_exec_t;
-init_daemon_domain(nmbd_t,nmbd_exec_t)
+init_daemon_domain(nmbd_t, nmbd_exec_t)
type nmbd_var_run_t;
files_pid_file(nmbd_var_run_t)
@@ -77,7 +77,7 @@ domain_type(samba_net_t)
role system_r types samba_net_t;
type samba_net_exec_t;
-domain_entry_file(samba_net_t,samba_net_exec_t)
+domain_entry_file(samba_net_t, samba_net_exec_t)
type samba_net_tmp_t;
files_tmp_file(samba_net_tmp_t)
@@ -93,7 +93,7 @@ files_type(samba_var_t)
type smbd_t;
type smbd_exec_t;
-init_daemon_domain(smbd_t,smbd_exec_t)
+init_daemon_domain(smbd_t, smbd_exec_t)
type smbd_tmp_t;
files_tmp_file(smbd_tmp_t)
@@ -105,12 +105,12 @@ type smbmount_t;
domain_type(smbmount_t)
type smbmount_exec_t;
-domain_entry_file(smbmount_t,smbmount_exec_t)
+domain_entry_file(smbmount_t, smbmount_exec_t)
type swat_t;
type swat_exec_t;
domain_type(swat_t)
-domain_entry_file(swat_t,swat_exec_t)
+domain_entry_file(swat_t, swat_exec_t)
role system_r types swat_t;
type swat_tmp_t;
@@ -121,14 +121,14 @@ files_pid_file(swat_var_run_t)
type winbind_t;
type winbind_exec_t;
-init_daemon_domain(winbind_t,winbind_exec_t)
+init_daemon_domain(winbind_t, winbind_exec_t)
type winbind_helper_t;
domain_type(winbind_helper_t)
role system_r types winbind_helper_t;
type winbind_helper_exec_t;
-domain_entry_file(winbind_helper_t,winbind_helper_exec_t)
+domain_entry_file(winbind_helper_t, winbind_helper_exec_t)
type winbind_log_t;
logging_log_file(winbind_log_t)
@@ -151,16 +151,16 @@ allow samba_net_t self:tcp_socket create_socket_perms;
allow samba_net_t samba_etc_t:file read_file_perms;
-manage_files_pattern(samba_net_t,samba_etc_t,samba_secrets_t)
-filetrans_pattern(samba_net_t,samba_etc_t,samba_secrets_t,file)
+manage_files_pattern(samba_net_t, samba_etc_t, samba_secrets_t)
+filetrans_pattern(samba_net_t, samba_etc_t, samba_secrets_t, file)
-manage_dirs_pattern(samba_net_t,samba_net_tmp_t,samba_net_tmp_t)
-manage_files_pattern(samba_net_t,samba_net_tmp_t,samba_net_tmp_t)
+manage_dirs_pattern(samba_net_t, samba_net_tmp_t, samba_net_tmp_t)
+manage_files_pattern(samba_net_t, samba_net_tmp_t, samba_net_tmp_t)
files_tmp_filetrans(samba_net_t, samba_net_tmp_t, { file dir })
allow samba_net_t samba_var_t:dir rw_dir_perms;
-manage_files_pattern(samba_net_t,samba_var_t,samba_var_t)
-manage_lnk_files_pattern(samba_net_t,samba_var_t,samba_var_t)
+manage_files_pattern(samba_net_t, samba_var_t, samba_var_t)
+manage_lnk_files_pattern(samba_net_t, samba_var_t, samba_var_t)
kernel_read_proc_symlinks(samba_net_t)
@@ -221,35 +221,35 @@ allow smbd_t self:unix_stream_socket { create_stream_socket_perms connectto };
allow smbd_t samba_etc_t:file { rw_file_perms setattr };
-create_dirs_pattern(smbd_t,samba_log_t,samba_log_t)
-manage_files_pattern(smbd_t,samba_log_t,samba_log_t)
+create_dirs_pattern(smbd_t, samba_log_t, samba_log_t)
+manage_files_pattern(smbd_t, samba_log_t, samba_log_t)
allow smbd_t samba_log_t:dir setattr;
dontaudit smbd_t samba_log_t:dir remove_name;
allow smbd_t samba_net_tmp_t:file getattr;
-manage_files_pattern(smbd_t,samba_secrets_t,samba_secrets_t)
-filetrans_pattern(smbd_t,samba_etc_t,samba_secrets_t,file)
+manage_files_pattern(smbd_t, samba_secrets_t, samba_secrets_t)
+filetrans_pattern(smbd_t, samba_etc_t, samba_secrets_t, file)
-manage_dirs_pattern(smbd_t,samba_share_t,samba_share_t)
-manage_files_pattern(smbd_t,samba_share_t,samba_share_t)
-manage_lnk_files_pattern(smbd_t,samba_share_t,samba_share_t)
+manage_dirs_pattern(smbd_t, samba_share_t, samba_share_t)
+manage_files_pattern(smbd_t, samba_share_t, samba_share_t)
+manage_lnk_files_pattern(smbd_t, samba_share_t, samba_share_t)
-manage_dirs_pattern(smbd_t,samba_var_t,samba_var_t)
-manage_files_pattern(smbd_t,samba_var_t,samba_var_t)
-manage_lnk_files_pattern(smbd_t,samba_var_t,samba_var_t)
-manage_sock_files_pattern(smbd_t,samba_var_t,samba_var_t)
+manage_dirs_pattern(smbd_t, samba_var_t, samba_var_t)
+manage_files_pattern(smbd_t, samba_var_t, samba_var_t)
+manage_lnk_files_pattern(smbd_t, samba_var_t, samba_var_t)
+manage_sock_files_pattern(smbd_t, samba_var_t, samba_var_t)
-manage_dirs_pattern(smbd_t,smbd_tmp_t,smbd_tmp_t)
-manage_files_pattern(smbd_t,smbd_tmp_t,smbd_tmp_t)
+manage_dirs_pattern(smbd_t, smbd_tmp_t, smbd_tmp_t)
+manage_files_pattern(smbd_t, smbd_tmp_t, smbd_tmp_t)
files_tmp_filetrans(smbd_t, smbd_tmp_t, { file dir })
allow smbd_t nmbd_var_run_t:file rw_file_perms;
-manage_dirs_pattern(smbd_t,smbd_var_run_t,smbd_var_run_t)
-manage_files_pattern(smbd_t,smbd_var_run_t,smbd_var_run_t)
-manage_sock_files_pattern(smbd_t,smbd_var_run_t,smbd_var_run_t)
-files_pid_filetrans(smbd_t,smbd_var_run_t,file)
+manage_dirs_pattern(smbd_t, smbd_var_run_t, smbd_var_run_t)
+manage_files_pattern(smbd_t, smbd_var_run_t, smbd_var_run_t)
+manage_sock_files_pattern(smbd_t, smbd_var_run_t, smbd_var_run_t)
+files_pid_filetrans(smbd_t, smbd_var_run_t, file)
allow smbd_t winbind_var_run_t:sock_file { read write getattr };
@@ -398,20 +398,20 @@ allow nmbd_t self:udp_socket create_socket_perms;
allow nmbd_t self:unix_dgram_socket { create_socket_perms sendto };
allow nmbd_t self:unix_stream_socket { create_stream_socket_perms connectto };
-manage_files_pattern(nmbd_t,nmbd_var_run_t,nmbd_var_run_t)
-files_pid_filetrans(nmbd_t,nmbd_var_run_t,file)
+manage_files_pattern(nmbd_t, nmbd_var_run_t, nmbd_var_run_t)
+files_pid_filetrans(nmbd_t, nmbd_var_run_t, file)
-read_files_pattern(nmbd_t,samba_etc_t,samba_etc_t)
+read_files_pattern(nmbd_t, samba_etc_t, samba_etc_t)
-manage_dirs_pattern(nmbd_t,samba_log_t,samba_log_t)
-append_files_pattern(nmbd_t,samba_log_t,samba_log_t)
+manage_dirs_pattern(nmbd_t, samba_log_t, samba_log_t)
+append_files_pattern(nmbd_t, samba_log_t, samba_log_t)
allow nmbd_t samba_log_t:file unlink;
-read_files_pattern(nmbd_t,samba_log_t,samba_log_t)
-create_files_pattern(nmbd_t,samba_log_t,samba_log_t)
+read_files_pattern(nmbd_t, samba_log_t, samba_log_t)
+create_files_pattern(nmbd_t, samba_log_t, samba_log_t)
allow nmbd_t samba_log_t:dir setattr;
-manage_files_pattern(nmbd_t,samba_var_t,samba_var_t)
+manage_files_pattern(nmbd_t, samba_var_t, samba_var_t)
allow nmbd_t smbd_var_run_t:dir rw_dir_perms;
@@ -493,8 +493,8 @@ allow smbmount_t samba_log_t:file manage_file_perms;
allow smbmount_t samba_secrets_t:file manage_file_perms;
-manage_files_pattern(smbmount_t,samba_var_t,samba_var_t)
-manage_lnk_files_pattern(smbmount_t,samba_var_t,samba_var_t)
+manage_files_pattern(smbmount_t, samba_var_t, samba_var_t)
+manage_lnk_files_pattern(smbmount_t, samba_var_t, samba_var_t)
files_list_var_lib(smbmount_t)
kernel_read_system_state(smbmount_t)
@@ -562,9 +562,9 @@ allow swat_t self:udp_socket create_socket_perms;
allow swat_t nmbd_exec_t:file { execute read };
-rw_files_pattern(swat_t,samba_etc_t,samba_etc_t)
+rw_files_pattern(swat_t, samba_etc_t, samba_etc_t)
-append_files_pattern(swat_t,samba_log_t,samba_log_t)
+append_files_pattern(swat_t, samba_log_t, samba_log_t)
allow swat_t smbd_exec_t:file execute ;
@@ -572,12 +572,12 @@ allow swat_t smbd_t:process signull;
allow swat_t smbd_var_run_t:file read;
-manage_dirs_pattern(swat_t,swat_tmp_t,swat_tmp_t)
-manage_files_pattern(swat_t,swat_tmp_t,swat_tmp_t)
+manage_dirs_pattern(swat_t, swat_tmp_t, swat_tmp_t)
+manage_files_pattern(swat_t, swat_tmp_t, swat_tmp_t)
files_tmp_filetrans(swat_t, swat_tmp_t, { file dir })
-manage_files_pattern(swat_t,swat_var_run_t,swat_var_run_t)
-files_pid_filetrans(swat_t,swat_var_run_t,file)
+manage_files_pattern(swat_t, swat_var_run_t, swat_var_run_t)
+files_pid_filetrans(swat_t, swat_var_run_t, file)
allow swat_t winbind_exec_t:file execute;
@@ -626,7 +626,7 @@ optional_policy(`
')
optional_policy(`
- inetd_service_domain(swat_t,swat_exec_t)
+ inetd_service_domain(swat_t, swat_exec_t)
')
optional_policy(`
@@ -653,33 +653,33 @@ allow winbind_t nmbd_t:process { signal signull };
allow winbind_t nmbd_var_run_t:file read_file_perms;
allow winbind_t samba_etc_t:dir list_dir_perms;
-read_files_pattern(winbind_t,samba_etc_t,samba_etc_t)
-read_lnk_files_pattern(winbind_t,samba_etc_t,samba_etc_t)
+read_files_pattern(winbind_t, samba_etc_t, samba_etc_t)
+read_lnk_files_pattern(winbind_t, samba_etc_t, samba_etc_t)
-manage_files_pattern(winbind_t,samba_etc_t,samba_secrets_t)
-filetrans_pattern(winbind_t,samba_etc_t,samba_secrets_t,file)
+manage_files_pattern(winbind_t, samba_etc_t, samba_secrets_t)
+filetrans_pattern(winbind_t, samba_etc_t, samba_secrets_t, file)
-manage_dirs_pattern(winbind_t,samba_log_t,samba_log_t)
-manage_files_pattern(winbind_t,samba_log_t,samba_log_t)
-manage_lnk_files_pattern(winbind_t,samba_log_t,samba_log_t)
+manage_dirs_pattern(winbind_t, samba_log_t, samba_log_t)
+manage_files_pattern(winbind_t, samba_log_t, samba_log_t)
+manage_lnk_files_pattern(winbind_t, samba_log_t, samba_log_t)
-manage_dirs_pattern(winbind_t,samba_var_t,samba_var_t)
-manage_files_pattern(winbind_t,samba_var_t,samba_var_t)
-manage_lnk_files_pattern(winbind_t,samba_var_t,samba_var_t)
+manage_dirs_pattern(winbind_t, samba_var_t, samba_var_t)
+manage_files_pattern(winbind_t, samba_var_t, samba_var_t)
+manage_lnk_files_pattern(winbind_t, samba_var_t, samba_var_t)
files_list_var_lib(winbind_t)
-rw_files_pattern(winbind_t,smbd_tmp_t,smbd_tmp_t)
+rw_files_pattern(winbind_t, smbd_tmp_t, smbd_tmp_t)
allow winbind_t winbind_log_t:file manage_file_perms;
logging_log_filetrans(winbind_t,winbind_log_t,file)
-manage_dirs_pattern(winbind_t,winbind_tmp_t,winbind_tmp_t)
-manage_files_pattern(winbind_t,winbind_tmp_t,winbind_tmp_t)
+manage_dirs_pattern(winbind_t, winbind_tmp_t, winbind_tmp_t)
+manage_files_pattern(winbind_t, winbind_tmp_t, winbind_tmp_t)
files_tmp_filetrans(winbind_t, winbind_tmp_t, { file dir })
-manage_files_pattern(winbind_t,winbind_var_run_t,winbind_var_run_t)
-manage_sock_files_pattern(winbind_t,winbind_var_run_t,winbind_var_run_t)
-files_pid_filetrans(winbind_t,winbind_var_run_t,file)
+manage_files_pattern(winbind_t, winbind_var_run_t, winbind_var_run_t)
+manage_sock_files_pattern(winbind_t, winbind_var_run_t, winbind_var_run_t)
+files_pid_filetrans(winbind_t, winbind_var_run_t, file)
kernel_read_kernel_sysctls(winbind_t)
kernel_list_proc(winbind_t)
@@ -745,13 +745,13 @@ allow winbind_helper_t self:unix_dgram_socket create_socket_perms;
allow winbind_helper_t self:unix_stream_socket create_stream_socket_perms;
allow winbind_helper_t samba_etc_t:dir list_dir_perms;
-read_files_pattern(winbind_helper_t,samba_etc_t,samba_etc_t)
-read_lnk_files_pattern(winbind_helper_t,samba_etc_t,samba_etc_t)
+read_files_pattern(winbind_helper_t, samba_etc_t, samba_etc_t)
+read_lnk_files_pattern(winbind_helper_t, samba_etc_t, samba_etc_t)
allow winbind_helper_t samba_var_t:dir search;
files_list_var_lib(winbind_helper_t)
-stream_connect_pattern(winbind_helper_t,winbind_var_run_t,winbind_var_run_t,winbind_t)
+stream_connect_pattern(winbind_helper_t, winbind_var_run_t, winbind_var_run_t, winbind_t)
term_list_ptys(winbind_helper_t)
@@ -780,7 +780,7 @@ optional_policy(`
type samba_unconfined_script_t;
type samba_unconfined_script_exec_t;
domain_type(samba_unconfined_script_t)
- domain_entry_file(samba_unconfined_script_t,samba_unconfined_script_exec_t)
+ domain_entry_file(samba_unconfined_script_t, samba_unconfined_script_exec_t)
corecmd_shell_entry_type(samba_unconfined_script_t)
role system_r types samba_unconfined_script_t;
diff --git a/policy/modules/services/sasl.if b/policy/modules/services/sasl.if
index b157ca5..90fb069 100644
--- a/policy/modules/services/sasl.if
+++ b/policy/modules/services/sasl.if
@@ -16,7 +16,7 @@ interface(`sasl_connect',`
')
files_search_pids($1)
- stream_connect_pattern($1,saslauthd_var_run_t,saslauthd_var_run_t,saslauthd_t)
+ stream_connect_pattern($1, saslauthd_var_run_t, saslauthd_var_run_t, saslauthd_t)
')
########################################
@@ -33,9 +33,7 @@ interface(`sasl_connect',`
#
interface(`sasl_admin',`
gen_require(`
- type saslauthd_t;
- type saslauthd_tmp_t;
- type saslauthd_var_run_t;
+ type saslauthd_t, saslauthd_tmp_t, saslauthd_var_run_t;
')
allow $1 saslauthd_t:process { ptrace signal_perms getattr };
diff --git a/policy/modules/services/sasl.te b/policy/modules/services/sasl.te
index e0ff009..2547e75 100644
--- a/policy/modules/services/sasl.te
+++ b/policy/modules/services/sasl.te
@@ -11,11 +11,11 @@ policy_module(sasl, 1.9.0)
## Allow sasl to read shadow
##
##
-gen_tunable(allow_saslauthd_read_shadow,false)
+gen_tunable(allow_saslauthd_read_shadow, false)
type saslauthd_t;
type saslauthd_exec_t;
-init_daemon_domain(saslauthd_t,saslauthd_exec_t)
+init_daemon_domain(saslauthd_t, saslauthd_exec_t)
type saslauthd_tmp_t;
files_tmp_file(saslauthd_tmp_t)
@@ -37,12 +37,12 @@ allow saslauthd_t self:unix_stream_socket create_stream_socket_perms;
allow saslauthd_t self:tcp_socket create_socket_perms;
allow saslauthd_t saslauthd_tmp_t:dir setattr;
-manage_files_pattern(saslauthd_t,saslauthd_tmp_t,saslauthd_tmp_t)
-files_tmp_filetrans(saslauthd_t,saslauthd_tmp_t,file)
+manage_files_pattern(saslauthd_t, saslauthd_tmp_t, saslauthd_tmp_t)
+files_tmp_filetrans(saslauthd_t, saslauthd_tmp_t, file)
-manage_files_pattern(saslauthd_t,saslauthd_var_run_t,saslauthd_var_run_t)
-manage_sock_files_pattern(saslauthd_t,saslauthd_var_run_t,saslauthd_var_run_t)
-files_pid_filetrans(saslauthd_t,saslauthd_var_run_t,file)
+manage_files_pattern(saslauthd_t, saslauthd_var_run_t, saslauthd_var_run_t)
+manage_sock_files_pattern(saslauthd_t, saslauthd_var_run_t, saslauthd_var_run_t)
+files_pid_filetrans(saslauthd_t, saslauthd_var_run_t, file)
kernel_read_kernel_sysctls(saslauthd_t)
kernel_read_system_state(saslauthd_t)
diff --git a/policy/modules/services/sendmail.if b/policy/modules/services/sendmail.if
index 9d638ca..8b58831 100644
--- a/policy/modules/services/sendmail.if
+++ b/policy/modules/services/sendmail.if
@@ -31,7 +31,7 @@ interface(`sendmail_domtrans',`
type sendmail_t;
')
- mta_sendmail_domtrans($1,sendmail_t)
+ mta_sendmail_domtrans($1, sendmail_t)
allow $1 sendmail_t:fd use;
allow sendmail_t $1:fd use;
@@ -147,5 +147,5 @@ interface(`sendmail_create_log',`
type sendmail_log_t;
')
- logging_log_filetrans($1,sendmail_log_t,file)
+ logging_log_filetrans($1, sendmail_log_t, file)
')
diff --git a/policy/modules/services/sendmail.te b/policy/modules/services/sendmail.te
index 189de8b..851d252 100644
--- a/policy/modules/services/sendmail.te
+++ b/policy/modules/services/sendmail.te
@@ -34,15 +34,15 @@ allow sendmail_t self:tcp_socket create_stream_socket_perms;
allow sendmail_t self:udp_socket create_socket_perms;
allow sendmail_t sendmail_log_t:dir setattr;
-manage_files_pattern(sendmail_t,sendmail_log_t,sendmail_log_t)
-logging_log_filetrans(sendmail_t,sendmail_log_t,{ file dir })
+manage_files_pattern(sendmail_t, sendmail_log_t, sendmail_log_t)
+logging_log_filetrans(sendmail_t, sendmail_log_t, { file dir })
-manage_dirs_pattern(sendmail_t,sendmail_tmp_t,sendmail_tmp_t)
-manage_files_pattern(sendmail_t,sendmail_tmp_t,sendmail_tmp_t)
+manage_dirs_pattern(sendmail_t, sendmail_tmp_t, sendmail_tmp_t)
+manage_files_pattern(sendmail_t, sendmail_tmp_t, sendmail_tmp_t)
files_tmp_filetrans(sendmail_t, sendmail_tmp_t, { file dir })
allow sendmail_t sendmail_var_run_t:file manage_file_perms;
-files_pid_filetrans(sendmail_t,sendmail_var_run_t,file)
+files_pid_filetrans(sendmail_t, sendmail_var_run_t, file)
kernel_read_kernel_sysctls(sendmail_t)
# for piping mail to a command
diff --git a/policy/modules/services/setroubleshoot.te b/policy/modules/services/setroubleshoot.te
index 2ab27b8..8b01d87 100644
--- a/policy/modules/services/setroubleshoot.te
+++ b/policy/modules/services/setroubleshoot.te
@@ -36,18 +36,18 @@ allow setroubleshootd_t self:unix_dgram_socket create_socket_perms;
# database files
allow setroubleshootd_t setroubleshoot_var_lib_t:dir setattr;
-manage_files_pattern(setroubleshootd_t,setroubleshoot_var_lib_t,setroubleshoot_var_lib_t)
-files_var_lib_filetrans(setroubleshootd_t,setroubleshoot_var_lib_t,{ file dir })
+manage_files_pattern(setroubleshootd_t, setroubleshoot_var_lib_t, setroubleshoot_var_lib_t)
+files_var_lib_filetrans(setroubleshootd_t, setroubleshoot_var_lib_t, { file dir })
# log files
allow setroubleshootd_t setroubleshoot_var_log_t:dir setattr;
-manage_files_pattern(setroubleshootd_t,setroubleshoot_var_log_t,setroubleshoot_var_log_t)
-manage_sock_files_pattern(setroubleshootd_t,setroubleshoot_var_log_t,setroubleshoot_var_log_t)
-logging_log_filetrans(setroubleshootd_t,setroubleshoot_var_log_t,{ file dir })
+manage_files_pattern(setroubleshootd_t, setroubleshoot_var_log_t, setroubleshoot_var_log_t)
+manage_sock_files_pattern(setroubleshootd_t, setroubleshoot_var_log_t, setroubleshoot_var_log_t)
+logging_log_filetrans(setroubleshootd_t, setroubleshoot_var_log_t, { file dir })
# pid file
-manage_files_pattern(setroubleshootd_t,setroubleshoot_var_run_t,setroubleshoot_var_run_t)
-manage_sock_files_pattern(setroubleshootd_t,setroubleshoot_var_run_t,setroubleshoot_var_run_t)
+manage_files_pattern(setroubleshootd_t, setroubleshoot_var_run_t, setroubleshoot_var_run_t)
+manage_sock_files_pattern(setroubleshootd_t, setroubleshoot_var_run_t, setroubleshoot_var_run_t)
files_pid_filetrans(setroubleshootd_t,setroubleshoot_var_run_t, { file sock_file })
kernel_read_kernel_sysctls(setroubleshootd_t)
diff --git a/policy/modules/services/slrnpull.if b/policy/modules/services/slrnpull.if
index 8ff82b3..66a80b3 100644
--- a/policy/modules/services/slrnpull.if
+++ b/policy/modules/services/slrnpull.if
@@ -36,7 +36,7 @@ interface(`slrnpull_manage_spool',`
')
files_search_spool($1)
- manage_dirs_pattern($1,slrnpull_spool_t,slrnpull_spool_t)
- manage_files_pattern($1,slrnpull_spool_t,slrnpull_spool_t)
- manage_lnk_files_pattern($1,slrnpull_spool_t,slrnpull_spool_t)
+ manage_dirs_pattern($1, slrnpull_spool_t, slrnpull_spool_t)
+ manage_files_pattern($1, slrnpull_spool_t, slrnpull_spool_t)
+ manage_lnk_files_pattern($1, slrnpull_spool_t, slrnpull_spool_t)
')
diff --git a/policy/modules/services/slrnpull.te b/policy/modules/services/slrnpull.te
index 14fce81..15f809c 100644
--- a/policy/modules/services/slrnpull.te
+++ b/policy/modules/services/slrnpull.te
@@ -8,7 +8,7 @@ policy_module(slrnpull, 1.3.0)
type slrnpull_t;
type slrnpull_exec_t;
-init_daemon_domain(slrnpull_t,slrnpull_exec_t)
+init_daemon_domain(slrnpull_t, slrnpull_exec_t)
type slrnpull_var_run_t;
files_pid_file(slrnpull_var_run_t)
@@ -28,15 +28,15 @@ dontaudit slrnpull_t self:capability sys_tty_config;
allow slrnpull_t self:process signal_perms;
allow slrnpull_t slrnpull_log_t:file manage_file_perms;
-logging_log_filetrans(slrnpull_t,slrnpull_log_t,file)
+logging_log_filetrans(slrnpull_t, slrnpull_log_t, file)
-manage_dirs_pattern(slrnpull_t,slrnpull_spool_t,slrnpull_spool_t)
-manage_files_pattern(slrnpull_t,slrnpull_spool_t,slrnpull_spool_t)
-manage_lnk_files_pattern(slrnpull_t,slrnpull_spool_t,slrnpull_spool_t)
+manage_dirs_pattern(slrnpull_t, slrnpull_spool_t, slrnpull_spool_t)
+manage_files_pattern(slrnpull_t, slrnpull_spool_t, slrnpull_spool_t)
+manage_lnk_files_pattern(slrnpull_t, slrnpull_spool_t, slrnpull_spool_t)
files_search_spool(slrnpull_t)
-manage_files_pattern(slrnpull_t,slrnpull_var_run_t,slrnpull_var_run_t)
-files_pid_filetrans(slrnpull_t,slrnpull_var_run_t,file)
+manage_files_pattern(slrnpull_t, slrnpull_var_run_t, slrnpull_var_run_t)
+files_pid_filetrans(slrnpull_t, slrnpull_var_run_t, file)
kernel_list_proc(slrnpull_t)
kernel_read_kernel_sysctls(slrnpull_t)
@@ -63,7 +63,7 @@ userdom_dontaudit_use_unpriv_user_fds(slrnpull_t)
sysadm_dontaudit_search_home_dirs(slrnpull_t)
optional_policy(`
- cron_system_entry(slrnpull_t,slrnpull_exec_t)
+ cron_system_entry(slrnpull_t, slrnpull_exec_t)
')
optional_policy(`
diff --git a/policy/modules/services/smartmon.te b/policy/modules/services/smartmon.te
index f6e9cd9..6bc6573 100644
--- a/policy/modules/services/smartmon.te
+++ b/policy/modules/services/smartmon.te
@@ -8,7 +8,7 @@ policy_module(smartmon, 1.6.0)
type fsdaemon_t;
type fsdaemon_exec_t;
-init_daemon_domain(fsdaemon_t,fsdaemon_exec_t)
+init_daemon_domain(fsdaemon_t, fsdaemon_exec_t)
type fsdaemon_var_run_t;
files_pid_file(fsdaemon_var_run_t)
@@ -29,12 +29,12 @@ allow fsdaemon_t self:unix_dgram_socket create_socket_perms;
allow fsdaemon_t self:unix_stream_socket create_stream_socket_perms;
allow fsdaemon_t self:udp_socket create_socket_perms;
-manage_dirs_pattern(fsdaemon_t,fsdaemon_tmp_t,fsdaemon_tmp_t)
-manage_files_pattern(fsdaemon_t,fsdaemon_tmp_t,fsdaemon_tmp_t)
+manage_dirs_pattern(fsdaemon_t, fsdaemon_tmp_t, fsdaemon_tmp_t)
+manage_files_pattern(fsdaemon_t, fsdaemon_tmp_t, fsdaemon_tmp_t)
files_tmp_filetrans(fsdaemon_t, fsdaemon_tmp_t, { file dir })
-manage_files_pattern(fsdaemon_t,fsdaemon_var_run_t,fsdaemon_var_run_t)
-files_pid_filetrans(fsdaemon_t,fsdaemon_var_run_t,file)
+manage_files_pattern(fsdaemon_t, fsdaemon_var_run_t, fsdaemon_var_run_t)
+files_pid_filetrans(fsdaemon_t, fsdaemon_var_run_t, file)
kernel_read_kernel_sysctls(fsdaemon_t)
kernel_read_software_raid_state(fsdaemon_t)
diff --git a/policy/modules/services/snmp.if b/policy/modules/services/snmp.if
index 2539d93..a36c74c 100644
--- a/policy/modules/services/snmp.if
+++ b/policy/modules/services/snmp.if
@@ -44,8 +44,8 @@ interface(`snmp_read_snmp_var_lib_files',`
')
allow $1 snmpd_var_lib_t:dir list_dir_perms;
- read_files_pattern($1,snmpd_var_lib_t,snmpd_var_lib_t)
- read_lnk_files_pattern($1,snmpd_var_lib_t,snmpd_var_lib_t)
+ read_files_pattern($1, snmpd_var_lib_t, snmpd_var_lib_t)
+ read_lnk_files_pattern($1, snmpd_var_lib_t, snmpd_var_lib_t)
')
########################################
diff --git a/policy/modules/services/snmp.te b/policy/modules/services/snmp.te
index b5979a6..4389ad9 100644
--- a/policy/modules/services/snmp.te
+++ b/policy/modules/services/snmp.te
@@ -7,7 +7,7 @@ policy_module(snmp, 1.8.0)
#
type snmpd_t;
type snmpd_exec_t;
-init_daemon_domain(snmpd_t,snmpd_exec_t)
+init_daemon_domain(snmpd_t, snmpd_exec_t)
type snmpd_log_t;
logging_log_file(snmpd_log_t)
@@ -33,15 +33,15 @@ allow snmpd_t self:udp_socket connected_stream_socket_perms;
allow snmpd_t snmpd_log_t:file manage_file_perms;
logging_log_filetrans(snmpd_t,snmpd_log_t,file)
-manage_dirs_pattern(snmpd_t,snmpd_var_lib_t,snmpd_var_lib_t)
-manage_files_pattern(snmpd_t,snmpd_var_lib_t,snmpd_var_lib_t)
-manage_sock_files_pattern(snmpd_t,snmpd_var_lib_t,snmpd_var_lib_t)
-files_usr_filetrans(snmpd_t,snmpd_var_lib_t,file)
-files_var_filetrans(snmpd_t,snmpd_var_lib_t,{ file dir sock_file })
-files_var_lib_filetrans(snmpd_t,snmpd_var_lib_t,file)
+manage_dirs_pattern(snmpd_t, snmpd_var_lib_t, snmpd_var_lib_t)
+manage_files_pattern(snmpd_t, snmpd_var_lib_t, snmpd_var_lib_t)
+manage_sock_files_pattern(snmpd_t, snmpd_var_lib_t, snmpd_var_lib_t)
+files_usr_filetrans(snmpd_t, snmpd_var_lib_t, file)
+files_var_filetrans(snmpd_t, snmpd_var_lib_t, { file dir sock_file })
+files_var_lib_filetrans(snmpd_t, snmpd_var_lib_t, file)
-manage_files_pattern(snmpd_t,snmpd_var_run_t,snmpd_var_run_t)
-files_pid_filetrans(snmpd_t,snmpd_var_run_t,file)
+manage_files_pattern(snmpd_t, snmpd_var_run_t, snmpd_var_run_t)
+files_pid_filetrans(snmpd_t, snmpd_var_run_t, file)
kernel_read_device_sysctls(snmpd_t)
kernel_read_kernel_sysctls(snmpd_t)
diff --git a/policy/modules/services/snort.te b/policy/modules/services/snort.te
index d21aa99..e3a4619 100644
--- a/policy/modules/services/snort.te
+++ b/policy/modules/services/snort.te
@@ -8,7 +8,7 @@ policy_module(snort, 1.5.0)
type snort_t;
type snort_exec_t;
-init_daemon_domain(snort_t,snort_exec_t)
+init_daemon_domain(snort_t, snort_exec_t)
type snort_etc_t;
files_type(snort_etc_t)
@@ -39,16 +39,16 @@ allow snort_t snort_etc_t:dir list_dir_perms;
allow snort_t snort_etc_t:file read_file_perms;
allow snort_t snort_etc_t:lnk_file { getattr read };
-manage_files_pattern(snort_t,snort_log_t,snort_log_t)
-create_dirs_pattern(snort_t,snort_log_t,snort_log_t)
-logging_log_filetrans(snort_t,snort_log_t,{ file dir })
+manage_files_pattern(snort_t, snort_log_t, snort_log_t)
+create_dirs_pattern(snort_t, snort_log_t, snort_log_t)
+logging_log_filetrans(snort_t, snort_log_t, { file dir })
-manage_dirs_pattern(snort_t,snort_tmp_t,snort_tmp_t)
-manage_files_pattern(snort_t,snort_tmp_t,snort_tmp_t)
+manage_dirs_pattern(snort_t, snort_tmp_t, snort_tmp_t)
+manage_files_pattern(snort_t, snort_tmp_t, snort_tmp_t)
files_tmp_filetrans(snort_t, snort_tmp_t, { file dir })
-manage_files_pattern(snort_t,snort_var_run_t,snort_var_run_t)
-files_pid_filetrans(snort_t,snort_var_run_t,file)
+manage_files_pattern(snort_t, snort_var_run_t, snort_var_run_t)
+files_pid_filetrans(snort_t, snort_var_run_t, file)
kernel_read_kernel_sysctls(snort_t)
kernel_list_proc(snort_t)
diff --git a/policy/modules/services/soundserver.te b/policy/modules/services/soundserver.te
index a8a4863..7c41c35 100644
--- a/policy/modules/services/soundserver.te
+++ b/policy/modules/services/soundserver.te
@@ -8,7 +8,7 @@ policy_module(soundserver, 1.5.0)
type soundd_t;
type soundd_exec_t;
-init_daemon_domain(soundd_t,soundd_exec_t)
+init_daemon_domain(soundd_t, soundd_exec_t)
type soundd_etc_t alias etc_soundd_t;
files_type(soundd_etc_t)
@@ -42,21 +42,21 @@ allow soundd_t soundd_etc_t:dir list_dir_perms;
allow soundd_t soundd_etc_t:file read_file_perms;
allow soundd_t soundd_etc_t:lnk_file { getattr read };
-manage_files_pattern(soundd_t,soundd_state_t,soundd_state_t)
-manage_lnk_files_pattern(soundd_t,soundd_state_t,soundd_state_t)
+manage_files_pattern(soundd_t, soundd_state_t, soundd_state_t)
+manage_lnk_files_pattern(soundd_t, soundd_state_t, soundd_state_t)
-manage_dirs_pattern(soundd_t,soundd_tmp_t,soundd_tmp_t)
-manage_files_pattern(soundd_t,soundd_tmp_t,soundd_tmp_t)
+manage_dirs_pattern(soundd_t, soundd_tmp_t, soundd_tmp_t)
+manage_files_pattern(soundd_t, soundd_tmp_t, soundd_tmp_t)
files_tmp_filetrans(soundd_t, soundd_tmp_t, { file dir })
-manage_files_pattern(soundd_t,soundd_tmpfs_t,soundd_tmpfs_t)
-manage_lnk_files_pattern(soundd_t,soundd_tmpfs_t,soundd_tmpfs_t)
-manage_fifo_files_pattern(soundd_t,soundd_tmpfs_t,soundd_tmpfs_t)
-manage_sock_files_pattern(soundd_t,soundd_tmpfs_t,soundd_tmpfs_t)
-fs_tmpfs_filetrans(soundd_t,soundd_tmpfs_t,{ dir file lnk_file sock_file fifo_file })
+manage_files_pattern(soundd_t, soundd_tmpfs_t, soundd_tmpfs_t)
+manage_lnk_files_pattern(soundd_t, soundd_tmpfs_t, soundd_tmpfs_t)
+manage_fifo_files_pattern(soundd_t, soundd_tmpfs_t, soundd_tmpfs_t)
+manage_sock_files_pattern(soundd_t, soundd_tmpfs_t, soundd_tmpfs_t)
+fs_tmpfs_filetrans(soundd_t, soundd_tmpfs_t, { dir file lnk_file sock_file fifo_file })
-manage_files_pattern(soundd_t,soundd_var_run_t,soundd_var_run_t)
-files_pid_filetrans(soundd_t,soundd_var_run_t,file)
+manage_files_pattern(soundd_t, soundd_var_run_t, soundd_var_run_t)
+files_pid_filetrans(soundd_t, soundd_var_run_t, file)
kernel_read_kernel_sysctls(soundd_t)
kernel_list_proc(soundd_t)
diff --git a/policy/modules/services/spamassassin.if b/policy/modules/services/spamassassin.if
index 81a8b2a..715eba1 100644
--- a/policy/modules/services/spamassassin.if
+++ b/policy/modules/services/spamassassin.if
@@ -46,18 +46,18 @@ template(`spamassassin_per_role_template',`
#
type $1_spamc_t;
- application_domain($1_spamc_t,spamc_exec_t)
+ application_domain($1_spamc_t, spamc_exec_t)
role $3 types $1_spamc_t;
type $1_spamc_tmp_t;
files_tmp_file($1_spamc_tmp_t)
type $1_spamassassin_t;
- application_domain($1_spamassassin_t,spamassassin_exec_t)
+ application_domain($1_spamassassin_t, spamassassin_exec_t)
role $3 types $1_spamassassin_t;
type $1_spamassassin_home_t alias $1_spamassassin_rw_t;
- userdom_user_home_content($1,$1_spamassassin_home_t)
+ userdom_user_home_content($1, $1_spamassassin_home_t)
files_poly_member($1_spamassassin_home_t)
type $1_spamassassin_tmp_t;
@@ -83,8 +83,8 @@ template(`spamassassin_per_role_template',`
allow $1_spamc_t self:tcp_socket create_stream_socket_perms;
allow $1_spamc_t self:udp_socket create_socket_perms;
- manage_dirs_pattern($1_spamc_t,$1_spamc_tmp_t,$1_spamc_tmp_t)
- manage_files_pattern($1_spamc_t,$1_spamc_tmp_t,$1_spamc_tmp_t)
+ manage_dirs_pattern($1_spamc_t, $1_spamc_tmp_t, $1_spamc_tmp_t)
+ manage_files_pattern($1_spamc_t, $1_spamc_tmp_t, $1_spamc_tmp_t)
files_tmp_filetrans($1_spamc_t, $1_spamc_tmp_t, { file dir })
# Allow connecting to a local spamd
@@ -152,7 +152,7 @@ template(`spamassassin_per_role_template',`
optional_policy(`
# Allow connection to spamd socket above
- evolution_stream_connect($1,$1_spamc_t)
+ evolution_stream_connect($1, $1_spamc_t)
')
optional_policy(`
@@ -186,32 +186,32 @@ template(`spamassassin_per_role_template',`
allow $1_spamassassin_t self:msgq create_msgq_perms;
allow $1_spamassassin_t self:msg { send receive };
- manage_dirs_pattern($1_spamassassin_t, $1_spamassassin_home_t,$1_spamassassin_home_t)
- manage_files_pattern($1_spamassassin_t, $1_spamassassin_home_t,$1_spamassassin_home_t)
- manage_lnk_files_pattern($1_spamassassin_t, $1_spamassassin_home_t,$1_spamassassin_home_t)
- manage_fifo_files_pattern($1_spamassassin_t, $1_spamassassin_home_t,$1_spamassassin_home_t)
- manage_sock_files_pattern($1_spamassassin_t, $1_spamassassin_home_t,$1_spamassassin_home_t)
- userdom_user_home_dir_filetrans($1,$1_spamassassin_t,$1_spamassassin_home_t,{ dir file lnk_file sock_file fifo_file })
+ manage_dirs_pattern($1_spamassassin_t, $1_spamassassin_home_t, $1_spamassassin_home_t)
+ manage_files_pattern($1_spamassassin_t, $1_spamassassin_home_t, $1_spamassassin_home_t)
+ manage_lnk_files_pattern($1_spamassassin_t, $1_spamassassin_home_t, $1_spamassassin_home_t)
+ manage_fifo_files_pattern($1_spamassassin_t, $1_spamassassin_home_t, $1_spamassassin_home_t)
+ manage_sock_files_pattern($1_spamassassin_t, $1_spamassassin_home_t, $1_spamassassin_home_t)
+ userdom_user_home_dir_filetrans($1,$1_spamassassin_t,$1_spamassassin_home_t, { dir file lnk_file sock_file fifo_file })
- manage_dirs_pattern($1_spamassassin_t, $1_spamassassin_tmp_t,$1_spamassassin_tmp_t)
- manage_files_pattern($1_spamassassin_t, $1_spamassassin_tmp_t,$1_spamassassin_tmp_t)
+ manage_dirs_pattern($1_spamassassin_t, $1_spamassassin_tmp_t, $1_spamassassin_tmp_t)
+ manage_files_pattern($1_spamassassin_t, $1_spamassassin_tmp_t, $1_spamassassin_tmp_t)
files_tmp_filetrans($1_spamassassin_t, $1_spamassassin_tmp_t, { file dir })
- manage_dirs_pattern($2, $1_spamassassin_home_t,$1_spamassassin_home_t)
- manage_files_pattern($2, $1_spamassassin_home_t,$1_spamassassin_home_t)
- manage_lnk_files_pattern($2, $1_spamassassin_home_t,$1_spamassassin_home_t)
- relabel_dirs_pattern($2, $1_spamassassin_home_t,$1_spamassassin_home_t)
- relabel_files_pattern($2, $1_spamassassin_home_t,$1_spamassassin_home_t)
- relabel_lnk_files_pattern($2, $1_spamassassin_home_t,$1_spamassassin_home_t)
+ manage_dirs_pattern($2, $1_spamassassin_home_t, $1_spamassassin_home_t)
+ manage_files_pattern($2, $1_spamassassin_home_t, $1_spamassassin_home_t)
+ manage_lnk_files_pattern($2, $1_spamassassin_home_t, $1_spamassassin_home_t)
+ relabel_dirs_pattern($2, $1_spamassassin_home_t, $1_spamassassin_home_t)
+ relabel_files_pattern($2, $1_spamassassin_home_t, $1_spamassassin_home_t)
+ relabel_lnk_files_pattern($2, $1_spamassassin_home_t, $1_spamassassin_home_t)
domtrans_pattern($2, spamassassin_exec_t, $1_spamassassin_t)
- manage_dirs_pattern(spamd_t, $1_spamassassin_home_t,$1_spamassassin_home_t)
- manage_files_pattern(spamd_t, $1_spamassassin_home_t,$1_spamassassin_home_t)
- manage_lnk_files_pattern(spamd_t, $1_spamassassin_home_t,$1_spamassassin_home_t)
- manage_fifo_files_pattern(spamd_t, $1_spamassassin_home_t,$1_spamassassin_home_t)
- manage_sock_files_pattern(spamd_t, $1_spamassassin_home_t,$1_spamassassin_home_t)
- userdom_user_home_dir_filetrans($1,spamd_t,$1_spamassassin_home_t,{ dir file lnk_file sock_file fifo_file })
+ manage_dirs_pattern(spamd_t, $1_spamassassin_home_t, $1_spamassassin_home_t)
+ manage_files_pattern(spamd_t, $1_spamassassin_home_t, $1_spamassassin_home_t)
+ manage_lnk_files_pattern(spamd_t, $1_spamassassin_home_t, $1_spamassassin_home_t)
+ manage_fifo_files_pattern(spamd_t, $1_spamassassin_home_t, $1_spamassassin_home_t)
+ manage_sock_files_pattern(spamd_t, $1_spamassassin_home_t, $1_spamassassin_home_t)
+ userdom_user_home_dir_filetrans($1, spamd_t, $1_spamassassin_home_t, { dir file lnk_file sock_file fifo_file })
kernel_read_kernel_sysctls($1_spamassassin_t)
@@ -300,7 +300,7 @@ template(`spamassassin_per_role_template',`
optional_policy(`
# Write pid file and socket in ~/.evolution/cache/tmp
- evolution_home_filetrans($1,spamd_t,spamd_tmp_t,{ file sock_file })
+ evolution_home_filetrans($1, spamd_t, spamd_tmp_t, { file sock_file })
')
optional_policy(`
@@ -335,7 +335,7 @@ interface(`spamassassin_exec',`
type spamassassin_exec_t;
')
- can_exec($1,spamassassin_exec_t)
+ can_exec($1, spamassassin_exec_t)
')
@@ -373,7 +373,7 @@ interface(`spamassassin_exec_spamd',`
type spamd_exec_t;
')
- can_exec($1,spamd_exec_t)
+ can_exec($1, spamd_exec_t)
')
########################################
@@ -402,7 +402,7 @@ template(`spamassassin_domtrans_user_client',`
type $1_spamc_t, spamc_exec_t;
')
- domtrans_pattern($2,spamc_exec_t,$1_spamc_t)
+ domtrans_pattern($2, spamc_exec_t, $1_spamc_t)
')
########################################
@@ -421,7 +421,7 @@ interface(`spamassassin_exec_client',`
type spamc_exec_t;
')
- can_exec($1,spamc_exec_t)
+ can_exec($1, spamc_exec_t)
')
########################################
@@ -450,7 +450,7 @@ template(`spamassassin_domtrans_user_local_client',`
type $1_spamassassin_t, spamassassin_exec_t;
')
- domtrans_pattern($2,spamassassin_exec_t,$1_spamassassin_t)
+ domtrans_pattern($2, spamassassin_exec_t, $1_spamassassin_t)
')
########################################
@@ -469,7 +469,7 @@ interface(`spamassassin_read_lib_files',`
')
files_search_var_lib($1)
- read_files_pattern($1,spamd_var_lib_t,spamd_var_lib_t)
+ read_files_pattern($1, spamd_var_lib_t, spamd_var_lib_t)
')
########################################
@@ -489,7 +489,7 @@ interface(`spamassassin_manage_lib_files',`
')
files_search_var_lib($1)
- manage_files_pattern($1,spamd_var_lib_t,spamd_var_lib_t)
+ manage_files_pattern($1, spamd_var_lib_t, spamd_var_lib_t)
')
########################################
diff --git a/policy/modules/services/spamassassin.te b/policy/modules/services/spamassassin.te
index 86aab85..0f64e02 100644
--- a/policy/modules/services/spamassassin.te
+++ b/policy/modules/services/spamassassin.te
@@ -11,14 +11,14 @@ policy_module(spamassassin, 1.10.0)
## Allow user spamassassin clients to use the network.
##
##
-gen_tunable(spamassassin_can_network,false)
+gen_tunable(spamassassin_can_network, false)
##
##
## Allow spamd to read/write user home directories.
##
##
-gen_tunable(spamd_enable_home_dirs,true)
+gen_tunable(spamd_enable_home_dirs, true)
# spamassassin client executable
type spamc_exec_t;
@@ -71,17 +71,17 @@ allow spamd_t self:tcp_socket create_stream_socket_perms;
allow spamd_t self:udp_socket create_socket_perms;
allow spamd_t self:netlink_route_socket r_netlink_socket_perms;
-manage_dirs_pattern(spamd_t,spamd_spool_t,spamd_spool_t)
-manage_files_pattern(spamd_t,spamd_spool_t,spamd_spool_t)
-files_spool_filetrans(spamd_t,spamd_spool_t, { file dir })
+manage_dirs_pattern(spamd_t, spamd_spool_t, spamd_spool_t)
+manage_files_pattern(spamd_t, spamd_spool_t, spamd_spool_t)
+files_spool_filetrans(spamd_t, spamd_spool_t, { file dir })
-manage_dirs_pattern(spamd_t,spamd_tmp_t,spamd_tmp_t)
-manage_files_pattern(spamd_t,spamd_tmp_t,spamd_tmp_t)
+manage_dirs_pattern(spamd_t, spamd_tmp_t, spamd_tmp_t)
+manage_files_pattern(spamd_t, spamd_tmp_t, spamd_tmp_t)
files_tmp_filetrans(spamd_t, spamd_tmp_t, { file dir })
# var/lib files for spamd
allow spamd_t spamd_var_lib_t:dir list_dir_perms;
-read_files_pattern(spamd_t,spamd_var_lib_t,spamd_var_lib_t)
+read_files_pattern(spamd_t, spamd_var_lib_t, spamd_var_lib_t)
manage_dirs_pattern(spamd_t, spamd_var_run_t, spamd_var_run_t)
manage_files_pattern(spamd_t, spamd_var_run_t, spamd_var_run_t)
@@ -163,11 +163,11 @@ optional_policy(`
')
optional_policy(`
- cron_system_entry(spamd_t,spamd_exec_t)
+ cron_system_entry(spamd_t, spamd_exec_t)
')
optional_policy(`
- daemontools_service_domain(spamd_t,spamd_exec_t)
+ daemontools_service_domain(spamd_t, spamd_exec_t)
')
optional_policy(`
diff --git a/policy/modules/services/speedtouch.te b/policy/modules/services/speedtouch.te
index 91af967..73dae07 100644
--- a/policy/modules/services/speedtouch.te
+++ b/policy/modules/services/speedtouch.te
@@ -8,7 +8,7 @@ policy_module(speedtouch, 1.3.0)
type speedmgmt_t;
type speedmgmt_exec_t;
-init_daemon_domain(speedmgmt_t,speedmgmt_exec_t)
+init_daemon_domain(speedmgmt_t, speedmgmt_exec_t)
type speedmgmt_tmp_t;
files_tmp_file(speedmgmt_tmp_t)
@@ -24,12 +24,12 @@ files_pid_file(speedmgmt_var_run_t)
dontaudit speedmgmt_t self:capability sys_tty_config;
allow speedmgmt_t self:process signal_perms;
-manage_dirs_pattern(speedmgmt_t,speedmgmt_tmp_t,speedmgmt_tmp_t)
-manage_files_pattern(speedmgmt_t,speedmgmt_tmp_t,speedmgmt_tmp_t)
+manage_dirs_pattern(speedmgmt_t, speedmgmt_tmp_t, speedmgmt_tmp_t)
+manage_files_pattern(speedmgmt_t, speedmgmt_tmp_t, speedmgmt_tmp_t)
files_tmp_filetrans(speedmgmt_t, speedmgmt_tmp_t, { file dir })
-manage_files_pattern(speedmgmt_t,speedmgmt_var_run_t,speedmgmt_var_run_t)
-files_pid_filetrans(speedmgmt_t,speedmgmt_var_run_t,file)
+manage_files_pattern(speedmgmt_t, speedmgmt_var_run_t, speedmgmt_var_run_t)
+files_pid_filetrans(speedmgmt_t, speedmgmt_var_run_t, file)
kernel_read_kernel_sysctls(speedmgmt_t)
kernel_list_proc(speedmgmt_t)
diff --git a/policy/modules/services/squid.if b/policy/modules/services/squid.if
index 959f98d..b155c2f 100644
--- a/policy/modules/services/squid.if
+++ b/policy/modules/services/squid.if
@@ -16,7 +16,7 @@ interface(`squid_domtrans',`
')
corecmd_search_bin($1)
- domtrans_pattern($1,squid_exec_t,squid_t)
+ domtrans_pattern($1, squid_exec_t, squid_t)
')
########################################
@@ -75,7 +75,7 @@ interface(`squid_read_log',`
')
logging_search_logs($1)
- read_files_pattern($1,squid_log_t,squid_log_t)
+ read_files_pattern($1, squid_log_t, squid_log_t)
')
########################################
@@ -94,7 +94,7 @@ interface(`squid_append_log',`
')
logging_search_logs($1)
- append_files_pattern($1,squid_log_t,squid_log_t)
+ append_files_pattern($1, squid_log_t, squid_log_t)
')
########################################
@@ -115,7 +115,7 @@ interface(`squid_manage_logs',`
')
logging_search_logs($1)
- manage_files_pattern($1,squid_log_t,squid_log_t)
+ manage_files_pattern($1, squid_log_t, squid_log_t)
')
########################################
diff --git a/policy/modules/services/squid.te b/policy/modules/services/squid.te
index b79eac7..f09c0c1 100644
--- a/policy/modules/services/squid.te
+++ b/policy/modules/services/squid.te
@@ -12,11 +12,11 @@ policy_module(squid, 1.6.0)
## HTTP, FTP, and Gopher ports.
##
##
-gen_tunable(squid_connect_any,false)
+gen_tunable(squid_connect_any, false)
type squid_t;
type squid_exec_t;
-init_daemon_domain(squid_t,squid_exec_t)
+init_daemon_domain(squid_t, squid_exec_t)
# type for /var/cache/squid
type squid_cache_t;
@@ -54,21 +54,21 @@ allow squid_t self:tcp_socket create_stream_socket_perms;
allow squid_t self:udp_socket create_socket_perms;
# Grant permissions to create, access, and delete cache files.
-manage_dirs_pattern(squid_t,squid_cache_t,squid_cache_t)
-manage_files_pattern(squid_t,squid_cache_t,squid_cache_t)
-manage_lnk_files_pattern(squid_t,squid_cache_t,squid_cache_t)
+manage_dirs_pattern(squid_t, squid_cache_t, squid_cache_t)
+manage_files_pattern(squid_t, squid_cache_t, squid_cache_t)
+manage_lnk_files_pattern(squid_t, squid_cache_t, squid_cache_t)
allow squid_t squid_conf_t:dir list_dir_perms;
-read_files_pattern(squid_t,squid_conf_t,squid_conf_t)
-read_lnk_files_pattern(squid_t,squid_conf_t,squid_conf_t)
+read_files_pattern(squid_t, squid_conf_t, squid_conf_t)
+read_lnk_files_pattern(squid_t, squid_conf_t, squid_conf_t)
-can_exec(squid_t,squid_exec_t)
+can_exec(squid_t, squid_exec_t)
-manage_files_pattern(squid_t,squid_log_t,squid_log_t)
-logging_log_filetrans(squid_t,squid_log_t,{ file dir })
+manage_files_pattern(squid_t, squid_log_t, squid_log_t)
+logging_log_filetrans(squid_t, squid_log_t, { file dir })
-manage_files_pattern(squid_t,squid_var_run_t,squid_var_run_t)
-files_pid_filetrans(squid_t,squid_var_run_t,file)
+manage_files_pattern(squid_t, squid_var_run_t, squid_var_run_t)
+files_pid_filetrans(squid_t, squid_var_run_t, file)
kernel_read_kernel_sysctls(squid_t)
kernel_read_system_state(squid_t)
diff --git a/policy/modules/services/ssh.if b/policy/modules/services/ssh.if
index 9279c9f..679cea2 100644
--- a/policy/modules/services/ssh.if
+++ b/policy/modules/services/ssh.if
@@ -44,7 +44,7 @@ template(`ssh_basic_client_template',`
#
type $1_ssh_t;
- application_domain($1_ssh_t,ssh_exec_t)
+ application_domain($1_ssh_t, ssh_exec_t)
role $3 types $1_ssh_t;
type $1_home_ssh_t;
@@ -90,21 +90,21 @@ template(`ssh_basic_client_template',`
allow $2 ssh_server:unix_stream_socket rw_stream_socket_perms;
# allow ps to show ssh
- ps_process_pattern($2,$1_ssh_t)
+ ps_process_pattern($2, $1_ssh_t)
# user can manage the keys and config
- manage_files_pattern($2,$1_home_ssh_t,$1_home_ssh_t)
- manage_lnk_files_pattern($2,$1_home_ssh_t,$1_home_ssh_t)
- manage_sock_files_pattern($2,$1_home_ssh_t,$1_home_ssh_t)
+ manage_files_pattern($2, $1_home_ssh_t, $1_home_ssh_t)
+ manage_lnk_files_pattern($2, $1_home_ssh_t, $1_home_ssh_t)
+ manage_sock_files_pattern($2, $1_home_ssh_t, $1_home_ssh_t)
# ssh client can manage the keys and config
- manage_files_pattern($1_ssh_t,$1_home_ssh_t,$1_home_ssh_t)
- read_lnk_files_pattern($1_ssh_t,$1_home_ssh_t,$1_home_ssh_t)
+ manage_files_pattern($1_ssh_t, $1_home_ssh_t, $1_home_ssh_t)
+ read_lnk_files_pattern($1_ssh_t, $1_home_ssh_t, $1_home_ssh_t)
# ssh servers can read the user keys and config
allow ssh_server $1_home_ssh_t:dir list_dir_perms;
- read_files_pattern(ssh_server,$1_home_ssh_t,$1_home_ssh_t)
- read_lnk_files_pattern(ssh_server,$1_home_ssh_t,$1_home_ssh_t)
+ read_files_pattern(ssh_server, $1_home_ssh_t, $1_home_ssh_t)
+ read_lnk_files_pattern(ssh_server, $1_home_ssh_t, $1_home_ssh_t)
kernel_read_kernel_sysctls($1_ssh_t)
@@ -210,12 +210,12 @@ template(`ssh_per_role_template',`
# Declarations
#
- ssh_basic_client_template($1,$2,$3)
+ ssh_basic_client_template($1, $2, $3)
- userdom_user_home_content($1,$1_home_ssh_t)
+ userdom_user_home_content($1, $1_home_ssh_t)
type $1_ssh_agent_t;
- application_domain($1_ssh_agent_t,ssh_agent_exec_t)
+ application_domain($1_ssh_agent_t, ssh_agent_exec_t)
domain_interactive_fd($1_ssh_agent_t)
role $3 types $1_ssh_agent_t;
@@ -223,7 +223,7 @@ template(`ssh_per_role_template',`
files_tmp_file($1_ssh_agent_tmp_t)
type $1_ssh_keysign_t;
- application_domain($1_ssh_keysign_t,ssh_keysign_exec_t)
+ application_domain($1_ssh_keysign_t, ssh_keysign_exec_t)
role $3 types $1_ssh_keysign_t;
type $1_ssh_tmpfs_t;
@@ -234,18 +234,18 @@ template(`ssh_per_role_template',`
# Client local policy
#
- manage_files_pattern($1_ssh_t,$1_ssh_tmpfs_t,$1_ssh_tmpfs_t)
- manage_lnk_files_pattern($1_ssh_t,$1_ssh_tmpfs_t,$1_ssh_tmpfs_t)
- manage_fifo_files_pattern($1_ssh_t,$1_ssh_tmpfs_t,$1_ssh_tmpfs_t)
- manage_sock_files_pattern($1_ssh_t,$1_ssh_tmpfs_t,$1_ssh_tmpfs_t)
- fs_tmpfs_filetrans($1_ssh_t,$1_ssh_tmpfs_t,{ dir file lnk_file sock_file fifo_file })
+ manage_files_pattern($1_ssh_t, $1_ssh_tmpfs_t, $1_ssh_tmpfs_t)
+ manage_lnk_files_pattern($1_ssh_t, $1_ssh_tmpfs_t, $1_ssh_tmpfs_t)
+ manage_fifo_files_pattern($1_ssh_t, $1_ssh_tmpfs_t, $1_ssh_tmpfs_t)
+ manage_sock_files_pattern($1_ssh_t, $1_ssh_tmpfs_t, $1_ssh_tmpfs_t)
+ fs_tmpfs_filetrans($1_ssh_t, $1_ssh_tmpfs_t, { dir file lnk_file sock_file fifo_file })
- manage_dirs_pattern($1_ssh_t,$1_home_ssh_t,$1_home_ssh_t)
- manage_sock_files_pattern($1_ssh_t,$1_home_ssh_t,$1_home_ssh_t)
- userdom_user_home_dir_filetrans($1,$1_ssh_t,$1_home_ssh_t,{ dir sock_file })
+ manage_dirs_pattern($1_ssh_t, $1_home_ssh_t, $1_home_ssh_t)
+ manage_sock_files_pattern($1_ssh_t, $1_home_ssh_t, $1_home_ssh_t)
+ userdom_user_home_dir_filetrans($1, $1_ssh_t, $1_home_ssh_t, { dir sock_file })
# Allow the ssh program to communicate with ssh-agent.
- stream_connect_pattern($1_ssh_t,$1_ssh_agent_tmp_t,$1_ssh_agent_tmp_t,$1_ssh_agent_t)
+ stream_connect_pattern($1_ssh_t, $1_ssh_agent_tmp_t, $1_ssh_agent_tmp_t, $1_ssh_agent_t)
allow $1_ssh_t sshd_t:unix_stream_socket connectto;
@@ -282,8 +282,8 @@ template(`ssh_per_role_template',`
')
optional_policy(`
- xserver_user_x_domain_template($1,$1_ssh,$1_ssh_t,$1_ssh_tmpfs_t)
- xserver_domtrans_user_xauth($1,$1_ssh_t)
+ xserver_user_x_domain_template($1, $1_ssh, $1_ssh_t, $1_ssh_tmpfs_t)
+ xserver_domtrans_user_xauth($1, $1_ssh_t)
')
ifdef(`TODO',`
@@ -309,18 +309,18 @@ template(`ssh_per_role_template',`
allow $1_ssh_agent_t self:unix_stream_socket { create_stream_socket_perms connectto };
- manage_dirs_pattern($1_ssh_agent_t,$1_ssh_agent_tmp_t,$1_ssh_agent_tmp_t)
- manage_sock_files_pattern($1_ssh_agent_t,$1_ssh_agent_tmp_t,$1_ssh_agent_tmp_t)
- files_tmp_filetrans($1_ssh_agent_t,$1_ssh_agent_tmp_t,{ dir sock_file })
+ manage_dirs_pattern($1_ssh_agent_t, $1_ssh_agent_tmp_t, $1_ssh_agent_tmp_t)
+ manage_sock_files_pattern($1_ssh_agent_t, $1_ssh_agent_tmp_t, $1_ssh_agent_tmp_t)
+ files_tmp_filetrans($1_ssh_agent_t, $1_ssh_agent_tmp_t, { dir sock_file })
# for ssh-add
- stream_connect_pattern($2,$1_ssh_agent_tmp_t,$1_ssh_agent_tmp_t,$1_ssh_agent_t)
+ stream_connect_pattern($2, $1_ssh_agent_tmp_t, $1_ssh_agent_tmp_t, $1_ssh_agent_t)
# Allow the user shell to signal the ssh program.
allow $2 $1_ssh_agent_t:process signal;
# allow ps to show ssh
- ps_process_pattern($2,$1_ssh_agent_t)
+ ps_process_pattern($2, $1_ssh_agent_t)
domtrans_pattern($2, ssh_agent_exec_t, $1_ssh_agent_t)
@@ -332,7 +332,7 @@ template(`ssh_per_role_template',`
fs_search_auto_mountpoints($1_ssh_agent_t)
# transition back to normal privs upon exec
- corecmd_shell_domtrans($1_ssh_agent_t,$1_t)
+ corecmd_shell_domtrans($1_ssh_agent_t, $1_t)
corecmd_bin_domtrans($1_ssh_agent_t, $1_t)
domain_use_interactive_fds($1_ssh_agent_t)
@@ -355,7 +355,7 @@ template(`ssh_per_role_template',`
userdom_use_user_terminals($1,$1_ssh_agent_t)
# for the transition back to normal privs upon exec
- userdom_user_home_domtrans($1,$1_ssh_agent_t,$2)
+ userdom_user_home_domtrans($1, $1_ssh_agent_t, $2)
allow $2 $1_ssh_agent_t:fd use;
allow $2 $1_ssh_agent_t:fifo_file rw_file_perms;
allow $2 $1_ssh_agent_t:process sigchld;
@@ -455,7 +455,7 @@ template(`ssh_server_template', `
term_create_pty($1_t,$1_devpts_t)
allow $1_t $1_var_run_t:file manage_file_perms;
- files_pid_filetrans($1_t,$1_var_run_t,file)
+ files_pid_filetrans($1_t, $1_var_run_t, file)
can_exec($1_t, sshd_exec_t)
@@ -653,7 +653,7 @@ interface(`ssh_domtrans',`
type sshd_t, sshd_exec_t;
')
- domtrans_pattern($1,sshd_exec_t,sshd_t)
+ domtrans_pattern($1, sshd_exec_t, sshd_t)
')
########################################
@@ -672,7 +672,7 @@ interface(`ssh_exec',`
')
corecmd_search_bin($1)
- can_exec($1,ssh_exec_t)
+ can_exec($1, ssh_exec_t)
')
########################################
@@ -690,7 +690,7 @@ interface(`ssh_domtrans_keygen',`
type ssh_keygen_t, ssh_keygen_exec_t;
')
- domtrans_pattern($1,ssh_keygen_exec_t,ssh_keygen_t)
+ domtrans_pattern($1, ssh_keygen_exec_t, ssh_keygen_t)
')
########################################
diff --git a/policy/modules/services/ssh.te b/policy/modules/services/ssh.te
index 554609b..d893e05 100644
--- a/policy/modules/services/ssh.te
+++ b/policy/modules/services/ssh.te
@@ -1,5 +1,5 @@
-policy_module(ssh,1.10.0)
+policy_module(ssh, 1.10.0)
########################################
#
@@ -11,14 +11,14 @@ policy_module(ssh,1.10.0)
## allow host key based authentication
##
##
-gen_tunable(allow_ssh_keysign,false)
+gen_tunable(allow_ssh_keysign, false)
##
##
## Allow ssh logins as sysadm_r:sysadm_t
##
##
-gen_tunable(ssh_sysadm_login,false)
+gen_tunable(ssh_sysadm_login, false)
attribute ssh_server;
@@ -32,7 +32,7 @@ application_executable_file(ssh_exec_t)
type ssh_keygen_t;
type ssh_keygen_exec_t;
-init_system_domain(ssh_keygen_t,ssh_keygen_exec_t)
+init_system_domain(ssh_keygen_t, ssh_keygen_exec_t)
role system_r types ssh_keygen_t;
type ssh_keysign_exec_t;
@@ -42,7 +42,7 @@ type sshd_exec_t;
corecmd_executable_file(sshd_exec_t)
ssh_server_template(sshd)
-init_daemon_domain(sshd_t,sshd_exec_t)
+init_daemon_domain(sshd_t, sshd_exec_t)
ssh_server_template(sshd_extern)
@@ -68,9 +68,9 @@ ifdef(`enable_mcs',`
allow sshd_t self:netlink_route_socket r_netlink_socket_perms;
allow sshd_t self:key { search link write };
-manage_dirs_pattern(sshd_t,sshd_tmp_t,sshd_tmp_t)
-manage_files_pattern(sshd_t,sshd_tmp_t,sshd_tmp_t)
-manage_sock_files_pattern(sshd_t,sshd_tmp_t,sshd_tmp_t)
+manage_dirs_pattern(sshd_t, sshd_tmp_t, sshd_tmp_t)
+manage_files_pattern(sshd_t, sshd_tmp_t, sshd_tmp_t)
+manage_sock_files_pattern(sshd_t, sshd_tmp_t, sshd_tmp_t)
files_tmp_filetrans(sshd_t, sshd_tmp_t, { dir file sock_file })
kernel_search_key(sshd_t)
@@ -199,7 +199,7 @@ allow ssh_keygen_t self:process { sigchld sigkill sigstop signull signal };
allow ssh_keygen_t self:unix_stream_socket create_stream_socket_perms;
allow ssh_keygen_t sshd_key_t:file manage_file_perms;
-files_etc_filetrans(ssh_keygen_t,sshd_key_t,file)
+files_etc_filetrans(ssh_keygen_t, sshd_key_t, file)
kernel_read_kernel_sysctls(ssh_keygen_t)
diff --git a/policy/modules/services/stunnel.te b/policy/modules/services/stunnel.te
index 437f6c5..9c281fa 100644
--- a/policy/modules/services/stunnel.te
+++ b/policy/modules/services/stunnel.te
@@ -11,12 +11,12 @@ domain_type(stunnel_t)
role system_r types stunnel_t;
type stunnel_exec_t;
-domain_entry_file(stunnel_t,stunnel_exec_t)
+domain_entry_file(stunnel_t, stunnel_exec_t)
ifdef(`distro_gentoo',`
- init_daemon_domain(stunnel_t,stunnel_exec_t)
+ init_daemon_domain(stunnel_t, stunnel_exec_t)
',`
- inetd_tcp_service_domain(stunnel_t,stunnel_exec_t)
+ inetd_tcp_service_domain(stunnel_t, stunnel_exec_t)
')
type stunnel_etc_t;
@@ -43,12 +43,12 @@ allow stunnel_t stunnel_etc_t:dir { getattr read search };
allow stunnel_t stunnel_etc_t:file { read getattr };
allow stunnel_t stunnel_etc_t:lnk_file { getattr read };
-manage_dirs_pattern(stunnel_t,stunnel_tmp_t,stunnel_tmp_t)
-manage_files_pattern(stunnel_t,stunnel_tmp_t,stunnel_tmp_t)
+manage_dirs_pattern(stunnel_t, stunnel_tmp_t, stunnel_tmp_t)
+manage_files_pattern(stunnel_t, stunnel_tmp_t, stunnel_tmp_t)
files_tmp_filetrans(stunnel_t, stunnel_tmp_t, { file dir })
-manage_files_pattern(stunnel_t,stunnel_var_run_t,stunnel_var_run_t)
-files_pid_filetrans(stunnel_t,stunnel_var_run_t,file)
+manage_files_pattern(stunnel_t, stunnel_var_run_t, stunnel_var_run_t)
+files_pid_filetrans(stunnel_t, stunnel_var_run_t, file)
kernel_read_kernel_sysctls(stunnel_t)
kernel_read_system_state(stunnel_t)
diff --git a/policy/modules/services/sysstat.if b/policy/modules/services/sysstat.if
index cc47dcd..a5fad30 100644
--- a/policy/modules/services/sysstat.if
+++ b/policy/modules/services/sysstat.if
@@ -17,5 +17,5 @@ interface(`sysstat_manage_log',`
')
logging_search_logs($1)
- manage_files_pattern($1,sysstat_log_t,sysstat_log_t)
+ manage_files_pattern($1, sysstat_log_t, sysstat_log_t)
')
diff --git a/policy/modules/services/sysstat.te b/policy/modules/services/sysstat.te
index 80e8051..cf8b2fc 100644
--- a/policy/modules/services/sysstat.te
+++ b/policy/modules/services/sysstat.te
@@ -8,7 +8,7 @@ policy_module(sysstat, 1.3.0)
type sysstat_t;
type sysstat_exec_t;
-init_system_domain(sysstat_t,sysstat_exec_t)
+init_system_domain(sysstat_t, sysstat_exec_t)
role system_r types sysstat_t;
type sysstat_log_t;
@@ -25,8 +25,8 @@ allow sysstat_t self:fifo_file rw_fifo_file_perms;
can_exec(sysstat_t, sysstat_exec_t)
-manage_files_pattern(sysstat_t,sysstat_log_t,sysstat_log_t)
-logging_log_filetrans(sysstat_t,sysstat_log_t,{ file dir })
+manage_files_pattern(sysstat_t, sysstat_log_t, sysstat_log_t)
+logging_log_filetrans(sysstat_t, sysstat_log_t, { file dir })
# get info from /proc
kernel_read_system_state(sysstat_t)
@@ -63,7 +63,7 @@ miscfiles_read_localization(sysstat_t)
sysadm_dontaudit_list_home_dirs(sysstat_t)
optional_policy(`
- cron_system_entry(sysstat_t,sysstat_exec_t)
+ cron_system_entry(sysstat_t, sysstat_exec_t)
')
optional_policy(`
diff --git a/policy/modules/services/tcpd.te b/policy/modules/services/tcpd.te
index eecbe4d..30ed666 100644
--- a/policy/modules/services/tcpd.te
+++ b/policy/modules/services/tcpd.te
@@ -1,5 +1,5 @@
-policy_module(tcpd,1.3.0)
+policy_module(tcpd, 1.3.0)
########################################
#
diff --git a/policy/modules/services/telnet.te b/policy/modules/services/telnet.te
index bb993b4..6a702e5 100644
--- a/policy/modules/services/telnet.te
+++ b/policy/modules/services/telnet.te
@@ -8,7 +8,7 @@ policy_module(telnet, 1.7.0)
type telnetd_t;
type telnetd_exec_t;
-inetd_service_domain(telnetd_t,telnetd_exec_t)
+inetd_service_domain(telnetd_t, telnetd_exec_t)
role system_r types telnetd_t;
type telnetd_devpts_t; #, userpty_type;
@@ -35,14 +35,14 @@ allow telnetd_t self:netlink_tcpdiag_socket r_netlink_socket_perms;
allow telnetd_t self:capability { setuid setgid };
allow telnetd_t telnetd_devpts_t:chr_file { rw_chr_file_perms setattr };
-term_create_pty(telnetd_t,telnetd_devpts_t)
+term_create_pty(telnetd_t, telnetd_devpts_t)
-manage_dirs_pattern(telnetd_t,telnetd_tmp_t,telnetd_tmp_t)
-manage_files_pattern(telnetd_t,telnetd_tmp_t,telnetd_tmp_t)
+manage_dirs_pattern(telnetd_t, telnetd_tmp_t, telnetd_tmp_t)
+manage_files_pattern(telnetd_t, telnetd_tmp_t, telnetd_tmp_t)
files_tmp_filetrans(telnetd_t, telnetd_tmp_t, { file dir })
-manage_files_pattern(telnetd_t,telnetd_var_run_t,telnetd_var_run_t)
-files_pid_filetrans(telnetd_t,telnetd_var_run_t,file)
+manage_files_pattern(telnetd_t, telnetd_var_run_t, telnetd_var_run_t)
+files_pid_filetrans(telnetd_t, telnetd_var_run_t, file)
kernel_read_kernel_sysctls(telnetd_t)
kernel_read_system_state(telnetd_t)
diff --git a/policy/modules/services/tftp.if b/policy/modules/services/tftp.if
index 4357c1c..ea34c2a 100644
--- a/policy/modules/services/tftp.if
+++ b/policy/modules/services/tftp.if
@@ -14,8 +14,7 @@
#
interface(`tftp_admin',`
gen_require(`
- type tftpd_t, tftpdir_t;
- type tftpdir_rw_t, tftpd_var_run_t;
+ type tftpd_t, tftpdir_t, tftpdir_rw_t, tftpd_var_run_t;
')
allow $1 tftpd_t:process { ptrace signal_perms getattr };
diff --git a/policy/modules/services/tftp.te b/policy/modules/services/tftp.te
index d9ff724..00c2052 100644
--- a/policy/modules/services/tftp.te
+++ b/policy/modules/services/tftp.te
@@ -12,11 +12,11 @@ policy_module(tftp, 1.8.0)
## used for public file transfer services.
##
##
-gen_tunable(tftp_anon_write,false)
+gen_tunable(tftp_anon_write, false)
type tftpd_t;
type tftpd_exec_t;
-init_daemon_domain(tftpd_t,tftpd_exec_t)
+init_daemon_domain(tftpd_t, tftpd_exec_t)
type tftpd_var_run_t;
files_pid_file(tftpd_var_run_t)
@@ -48,8 +48,8 @@ manage_dirs_pattern(tftpd_t, tftpdir_rw_t, tftpdir_rw_t)
manage_files_pattern(tftpd_t, tftpdir_rw_t, tftpdir_rw_t)
manage_lnk_files_pattern(tftpd_t, tftpdir_rw_t, tftpdir_rw_t)
-manage_files_pattern(tftpd_t,tftpd_var_run_t,tftpd_var_run_t)
-files_pid_filetrans(tftpd_t,tftpd_var_run_t,file)
+manage_files_pattern(tftpd_t, tftpd_var_run_t, tftpd_var_run_t)
+files_pid_filetrans(tftpd_t, tftpd_var_run_t, file)
kernel_read_kernel_sysctls(tftpd_t)
kernel_list_proc(tftpd_t)
@@ -101,7 +101,7 @@ tunable_policy(`tftp_anon_write',`
')
optional_policy(`
- inetd_udp_service_domain(tftpd_t,tftpd_exec_t)
+ inetd_udp_service_domain(tftpd_t, tftpd_exec_t)
')
optional_policy(`
diff --git a/policy/modules/services/timidity.te b/policy/modules/services/timidity.te
index 3f5f3c9..23adcb9 100644
--- a/policy/modules/services/timidity.te
+++ b/policy/modules/services/timidity.te
@@ -10,8 +10,8 @@ policy_module(timidity, 1.7.0)
type timidity_t;
type timidity_exec_t;
-init_daemon_domain(timidity_t,timidity_exec_t)
-application_domain(timidity_t,timidity_exec_t)
+init_daemon_domain(timidity_t, timidity_exec_t)
+application_domain(timidity_t, timidity_exec_t)
type timidity_tmpfs_t;
files_tmpfs_file(timidity_tmpfs_t)
@@ -29,12 +29,12 @@ allow timidity_t self:unix_stream_socket create_stream_socket_perms;
allow timidity_t self:tcp_socket create_stream_socket_perms;
allow timidity_t self:udp_socket create_socket_perms;
-manage_dirs_pattern(timidity_t,timidity_tmpfs_t,timidity_tmpfs_t)
-manage_files_pattern(timidity_t,timidity_tmpfs_t,timidity_tmpfs_t)
-manage_lnk_files_pattern(timidity_t,timidity_tmpfs_t,timidity_tmpfs_t)
-manage_fifo_files_pattern(timidity_t,timidity_tmpfs_t,timidity_tmpfs_t)
-manage_sock_files_pattern(timidity_t,timidity_tmpfs_t,timidity_tmpfs_t)
-fs_tmpfs_filetrans(timidity_t,timidity_tmpfs_t,{ dir file lnk_file sock_file fifo_file })
+manage_dirs_pattern(timidity_t, timidity_tmpfs_t, timidity_tmpfs_t)
+manage_files_pattern(timidity_t, timidity_tmpfs_t, timidity_tmpfs_t)
+manage_lnk_files_pattern(timidity_t, timidity_tmpfs_t, timidity_tmpfs_t)
+manage_fifo_files_pattern(timidity_t, timidity_tmpfs_t, timidity_tmpfs_t)
+manage_sock_files_pattern(timidity_t, timidity_tmpfs_t, timidity_tmpfs_t)
+fs_tmpfs_filetrans(timidity_t, timidity_tmpfs_t, { dir file lnk_file sock_file fifo_file })
kernel_read_kernel_sysctls(timidity_t)
# read /proc/cpuinfo
diff --git a/policy/modules/services/tor.if b/policy/modules/services/tor.if
index 15146c0..95b88c6 100644
--- a/policy/modules/services/tor.if
+++ b/policy/modules/services/tor.if
@@ -15,7 +15,7 @@ interface(`tor_domtrans',`
type tor_t, tor_exec_t;
')
- domtrans_pattern($1,tor_exec_t,tor_t)
+ domtrans_pattern($1, tor_exec_t, tor_t)
')
########################################
diff --git a/policy/modules/services/tor.te b/policy/modules/services/tor.te
index 7ab20c0..2d5ac0e 100644
--- a/policy/modules/services/tor.te
+++ b/policy/modules/services/tor.te
@@ -1,5 +1,5 @@
-policy_module(tor,1.4.0)
+policy_module(tor, 1.4.0)
########################################
#
@@ -38,27 +38,27 @@ allow tor_t self:tcp_socket create_stream_socket_perms;
# configuration files
allow tor_t tor_etc_t:dir list_dir_perms;
-read_files_pattern(tor_t,tor_etc_t,tor_etc_t)
-read_lnk_files_pattern(tor_t,tor_etc_t,tor_etc_t)
+read_files_pattern(tor_t, tor_etc_t, tor_etc_t)
+read_lnk_files_pattern(tor_t, tor_etc_t, tor_etc_t)
# var/lib/tor files
-manage_dirs_pattern(tor_t,tor_var_lib_t,tor_var_lib_t)
-manage_files_pattern(tor_t,tor_var_lib_t,tor_var_lib_t)
-manage_sock_files_pattern(tor_t,tor_var_lib_t,tor_var_lib_t)
-files_usr_filetrans(tor_t,tor_var_lib_t,file)
-files_var_filetrans(tor_t,tor_var_lib_t,{ file dir sock_file })
-files_var_lib_filetrans(tor_t,tor_var_lib_t,file)
+manage_dirs_pattern(tor_t, tor_var_lib_t, tor_var_lib_t)
+manage_files_pattern(tor_t, tor_var_lib_t, tor_var_lib_t)
+manage_sock_files_pattern(tor_t, tor_var_lib_t, tor_var_lib_t)
+files_usr_filetrans(tor_t, tor_var_lib_t, file)
+files_var_filetrans(tor_t, tor_var_lib_t, { file dir sock_file })
+files_var_lib_filetrans(tor_t, tor_var_lib_t, file)
# log files
allow tor_t tor_var_log_t:dir setattr;
-manage_files_pattern(tor_t,tor_var_log_t,tor_var_log_t)
-manage_sock_files_pattern(tor_t,tor_var_log_t,tor_var_log_t)
-logging_log_filetrans(tor_t,tor_var_log_t,{ sock_file file dir })
+manage_files_pattern(tor_t, tor_var_log_t, tor_var_log_t)
+manage_sock_files_pattern(tor_t, tor_var_log_t, tor_var_log_t)
+logging_log_filetrans(tor_t, tor_var_log_t, { sock_file file dir })
# pid file
-manage_files_pattern(tor_t,tor_var_run_t,tor_var_run_t)
-manage_sock_files_pattern(tor_t,tor_var_run_t,tor_var_run_t)
-files_pid_filetrans(tor_t,tor_var_run_t, { file sock_file })
+manage_files_pattern(tor_t, tor_var_run_t, tor_var_run_t)
+manage_sock_files_pattern(tor_t, tor_var_run_t, tor_var_run_t)
+files_pid_filetrans(tor_t, tor_var_run_t, { file sock_file })
kernel_read_system_state(tor_t)
diff --git a/policy/modules/services/transproxy.te b/policy/modules/services/transproxy.te
index 9ef2083..d18f957 100644
--- a/policy/modules/services/transproxy.te
+++ b/policy/modules/services/transproxy.te
@@ -8,7 +8,7 @@ policy_module(transproxy, 1.5.0)
type transproxy_t;
type transproxy_exec_t;
-init_daemon_domain(transproxy_t,transproxy_exec_t)
+init_daemon_domain(transproxy_t, transproxy_exec_t)
type transproxy_var_run_t;
files_pid_file(transproxy_var_run_t)
@@ -23,8 +23,8 @@ dontaudit transproxy_t self:capability sys_tty_config;
allow transproxy_t self:process signal_perms;
allow transproxy_t self:tcp_socket create_stream_socket_perms;
-manage_files_pattern(transproxy_t,transproxy_var_run_t,transproxy_var_run_t)
-files_pid_filetrans(transproxy_t,transproxy_var_run_t,file)
+manage_files_pattern(transproxy_t, transproxy_var_run_t, transproxy_var_run_t)
+files_pid_filetrans(transproxy_t, transproxy_var_run_t, file)
kernel_read_kernel_sysctls(transproxy_t)
kernel_list_proc(transproxy_t)
diff --git a/policy/modules/services/ucspitcp.if b/policy/modules/services/ucspitcp.if
index 259c13e..6607dcb 100644
--- a/policy/modules/services/ucspitcp.if
+++ b/policy/modules/services/ucspitcp.if
@@ -1,8 +1,8 @@
## ucspitcp policy
##
-##
-## Policy for DJB's ucspi-tcpd
-##
+##
+## Policy for DJB's ucspi-tcpd
+##
##
########################################
@@ -27,7 +27,7 @@ interface(`ucspitcp_service_domain', `
')
domain_type($1)
- domain_entry_file($1,$2)
+ domain_entry_file($1, $2)
role system_r types $1;
diff --git a/policy/modules/services/ucspitcp.te b/policy/modules/services/ucspitcp.te
index 3c976e3..0077c4c 100644
--- a/policy/modules/services/ucspitcp.te
+++ b/policy/modules/services/ucspitcp.te
@@ -1,5 +1,5 @@
-policy_module(ucspitcp,1.2.0)
+policy_module(ucspitcp, 1.2.0)
########################################
#
@@ -8,12 +8,12 @@ policy_module(ucspitcp,1.2.0)
type rblsmtpd_t;
type rblsmtpd_exec_t;
-init_system_domain(rblsmtpd_t,rblsmtpd_exec_t)
+init_system_domain(rblsmtpd_t, rblsmtpd_exec_t)
role system_r types rblsmtpd_t;
type ucspitcp_t;
type ucspitcp_exec_t;
-init_system_domain(ucspitcp_t,ucspitcp_exec_t)
+init_system_domain(ucspitcp_t, ucspitcp_exec_t)
role system_r types ucspitcp_t;
########################################
diff --git a/policy/modules/services/uptime.te b/policy/modules/services/uptime.te
index 1065e4e..4840ab3 100644
--- a/policy/modules/services/uptime.te
+++ b/policy/modules/services/uptime.te
@@ -8,7 +8,7 @@ policy_module(uptime, 1.3.0)
type uptimed_t;
type uptimed_exec_t;
-init_daemon_domain(uptimed_t,uptimed_exec_t)
+init_daemon_domain(uptimed_t, uptimed_exec_t)
type uptimed_etc_t alias etc_uptimed_t;
files_config_file(uptimed_etc_t)
@@ -33,12 +33,12 @@ files_search_etc(uptimed_t)
allow uptimed_t uptimed_spool_t:file manage_file_perms;
-manage_files_pattern(uptimed_t,uptimed_var_run_t,uptimed_var_run_t)
-files_pid_filetrans(uptimed_t,uptimed_var_run_t,file)
+manage_files_pattern(uptimed_t, uptimed_var_run_t, uptimed_var_run_t)
+files_pid_filetrans(uptimed_t, uptimed_var_run_t, file)
-manage_dirs_pattern(uptimed_t,uptimed_spool_t,uptimed_spool_t)
-manage_files_pattern(uptimed_t,uptimed_spool_t,uptimed_spool_t)
-files_spool_filetrans(uptimed_t,uptimed_spool_t,{ dir file })
+manage_dirs_pattern(uptimed_t, uptimed_spool_t, uptimed_spool_t)
+manage_files_pattern(uptimed_t, uptimed_spool_t, uptimed_spool_t)
+files_spool_filetrans(uptimed_t, uptimed_spool_t, { dir file })
kernel_read_system_state(uptimed_t)
kernel_read_kernel_sysctls(uptimed_t)
diff --git a/policy/modules/services/uucp.if b/policy/modules/services/uucp.if
index 12d11f6..92b58fe 100644
--- a/policy/modules/services/uucp.if
+++ b/policy/modules/services/uucp.if
@@ -18,7 +18,7 @@ interface(`uucp_append_log',`
logging_search_logs($1)
allow $1 uucpd_log_t:dir list_dir_perms;
- append_files_pattern($1,uucpd_log_t,uucpd_log_t)
+ append_files_pattern($1, uucpd_log_t, uucpd_log_t)
')
########################################
@@ -37,9 +37,9 @@ interface(`uucp_manage_spool',`
')
files_search_spool($1)
- manage_dirs_pattern($1,uucpd_spool_t,uucpd_spool_t)
- manage_files_pattern($1,uucpd_spool_t,uucpd_spool_t)
- manage_lnk_files_pattern($1,uucpd_spool_t,uucpd_spool_t)
+ manage_dirs_pattern($1, uucpd_spool_t, uucpd_spool_t)
+ manage_files_pattern($1, uucpd_spool_t, uucpd_spool_t)
+ manage_lnk_files_pattern($1, uucpd_spool_t, uucpd_spool_t)
')
########################################
@@ -58,7 +58,7 @@ interface(`uucp_domtrans_uux',`
type uux_t, uux_exec_t;
')
- domtrans_pattern($1,uux_exec_t,uux_t)
+ domtrans_pattern($1, uux_exec_t, uux_t)
')
########################################
diff --git a/policy/modules/services/uucp.te b/policy/modules/services/uucp.te
index 817b564..127887d 100644
--- a/policy/modules/services/uucp.te
+++ b/policy/modules/services/uucp.te
@@ -1,5 +1,5 @@
-policy_module(uucp,1.7.0)
+policy_module(uucp, 1.7.0)
########################################
#
@@ -7,7 +7,7 @@ policy_module(uucp,1.7.0)
#
type uucpd_t;
type uucpd_exec_t;
-inetd_tcp_service_domain(uucpd_t,uucpd_exec_t)
+inetd_tcp_service_domain(uucpd_t, uucpd_exec_t)
role system_r types uucpd_t;
type uucpd_tmp_t;
@@ -30,7 +30,7 @@ logging_log_file(uucpd_log_t)
type uux_t;
type uux_exec_t;
-application_domain(uux_t,uux_exec_t)
+application_domain(uux_t, uux_exec_t)
role system_r types uux_t;
########################################
@@ -45,25 +45,25 @@ allow uucpd_t self:udp_socket create_socket_perms;
allow uucpd_t self:netlink_tcpdiag_socket r_netlink_socket_perms;
allow uucpd_t uucpd_log_t:dir setattr;
-manage_files_pattern(uucpd_t,uucpd_log_t,uucpd_log_t)
-logging_log_filetrans(uucpd_t,uucpd_log_t,{ file dir })
+manage_files_pattern(uucpd_t, uucpd_log_t, uucpd_log_t)
+logging_log_filetrans(uucpd_t, uucpd_log_t, { file dir })
allow uucpd_t uucpd_ro_t:dir list_dir_perms;
-read_files_pattern(uucpd_t,uucpd_ro_t,uucpd_ro_t)
-read_lnk_files_pattern(uucpd_t,uucpd_ro_t,uucpd_ro_t)
+read_files_pattern(uucpd_t, uucpd_ro_t, uucpd_ro_t)
+read_lnk_files_pattern(uucpd_t, uucpd_ro_t, uucpd_ro_t)
-manage_dirs_pattern(uucpd_t,uucpd_rw_t,uucpd_rw_t)
-manage_files_pattern(uucpd_t,uucpd_rw_t,uucpd_rw_t)
-manage_lnk_files_pattern(uucpd_t,uucpd_rw_t,uucpd_rw_t)
+manage_dirs_pattern(uucpd_t, uucpd_rw_t, uucpd_rw_t)
+manage_files_pattern(uucpd_t, uucpd_rw_t, uucpd_rw_t)
+manage_lnk_files_pattern(uucpd_t, uucpd_rw_t, uucpd_rw_t)
uucp_manage_spool(uucpd_t)
-manage_dirs_pattern(uucpd_t,uucpd_tmp_t,uucpd_tmp_t)
-manage_files_pattern(uucpd_t,uucpd_tmp_t,uucpd_tmp_t)
+manage_dirs_pattern(uucpd_t, uucpd_tmp_t, uucpd_tmp_t)
+manage_files_pattern(uucpd_t, uucpd_tmp_t, uucpd_tmp_t)
files_tmp_filetrans(uucpd_t, uucpd_tmp_t, { file dir })
-manage_files_pattern(uucpd_t,uucpd_var_run_t,uucpd_var_run_t)
-files_pid_filetrans(uucpd_t,uucpd_var_run_t,file)
+manage_files_pattern(uucpd_t, uucpd_var_run_t, uucpd_var_run_t)
+files_pid_filetrans(uucpd_t, uucpd_var_run_t, file)
kernel_read_kernel_sysctls(uucpd_t)
kernel_read_system_state(uucpd_t)
diff --git a/policy/modules/services/uwimap.if b/policy/modules/services/uwimap.if
index 3623f97..4334b28 100644
--- a/policy/modules/services/uwimap.if
+++ b/policy/modules/services/uwimap.if
@@ -16,5 +16,5 @@ interface(`uwimap_domtrans',`
')
corecmd_search_bin($1)
- domtrans_pattern($1,imapd_exec_t,imapd_t)
+ domtrans_pattern($1, imapd_exec_t, imapd_t)
')
diff --git a/policy/modules/services/watchdog.te b/policy/modules/services/watchdog.te
index e30ba4e..2d885ba 100644
--- a/policy/modules/services/watchdog.te
+++ b/policy/modules/services/watchdog.te
@@ -8,7 +8,7 @@ policy_module(watchdog, 1.5.0)
type watchdog_t;
type watchdog_exec_t;
-init_daemon_domain(watchdog_t,watchdog_exec_t)
+init_daemon_domain(watchdog_t, watchdog_exec_t)
type watchdog_log_t;
logging_log_file(watchdog_log_t)
@@ -30,10 +30,10 @@ allow watchdog_t self:tcp_socket create_stream_socket_perms;
allow watchdog_t self:udp_socket create_socket_perms;
allow watchdog_t watchdog_log_t:file manage_file_perms;
-logging_log_filetrans(watchdog_t,watchdog_log_t,file)
+logging_log_filetrans(watchdog_t, watchdog_log_t, file)
-manage_files_pattern(watchdog_t,watchdog_var_run_t,watchdog_var_run_t)
-files_pid_filetrans(watchdog_t,watchdog_var_run_t,file)
+manage_files_pattern(watchdog_t, watchdog_var_run_t, watchdog_var_run_t)
+files_pid_filetrans(watchdog_t, watchdog_var_run_t, file)
kernel_read_system_state(watchdog_t)
kernel_read_kernel_sysctls(watchdog_t)
diff --git a/policy/modules/services/xfs.if b/policy/modules/services/xfs.if
index 9513df3..aa6e5a8 100644
--- a/policy/modules/services/xfs.if
+++ b/policy/modules/services/xfs.if
@@ -16,7 +16,7 @@ interface(`xfs_read_sockets',`
')
files_search_tmp($1)
- read_sock_files_pattern($1,xfs_tmp_t,xfs_tmp_t)
+ read_sock_files_pattern($1, xfs_tmp_t, xfs_tmp_t)
')
########################################
@@ -36,7 +36,7 @@ interface(`xfs_stream_connect',`
')
files_search_tmp($1)
- stream_connect_pattern($1,xfs_tmp_t,xfs_tmp_t,xfs_t)
+ stream_connect_pattern($1, xfs_tmp_t, xfs_tmp_t, xfs_t)
')
########################################
@@ -55,5 +55,5 @@ interface(`xfs_exec',`
type xfs_exec_t;
')
- can_exec($1,xfs_exec_t)
+ can_exec($1, xfs_exec_t)
')
diff --git a/policy/modules/services/xfs.te b/policy/modules/services/xfs.te
index f1c775c..2a2939c 100644
--- a/policy/modules/services/xfs.te
+++ b/policy/modules/services/xfs.te
@@ -8,7 +8,7 @@ policy_module(xfs, 1.4.0)
type xfs_t;
type xfs_exec_t;
-init_daemon_domain(xfs_t,xfs_exec_t)
+init_daemon_domain(xfs_t, xfs_exec_t)
type xfs_tmp_t;
files_tmp_file(xfs_tmp_t)
@@ -28,12 +28,12 @@ allow xfs_t self:unix_stream_socket create_stream_socket_perms;
allow xfs_t self:unix_dgram_socket create_socket_perms;
allow xfs_t self:tcp_socket create_stream_socket_perms;
-manage_dirs_pattern(xfs_t,xfs_tmp_t,xfs_tmp_t)
-manage_sock_files_pattern(xfs_t,xfs_tmp_t,xfs_tmp_t)
+manage_dirs_pattern(xfs_t, xfs_tmp_t, xfs_tmp_t)
+manage_sock_files_pattern(xfs_t, xfs_tmp_t, xfs_tmp_t)
files_tmp_filetrans(xfs_t, xfs_tmp_t, { sock_file dir })
-manage_files_pattern(xfs_t,xfs_var_run_t,xfs_var_run_t)
-files_pid_filetrans(xfs_t,xfs_var_run_t,file)
+manage_files_pattern(xfs_t, xfs_var_run_t, xfs_var_run_t)
+files_pid_filetrans(xfs_t, xfs_var_run_t, file)
kernel_read_kernel_sysctls(xfs_t)
kernel_read_system_state(xfs_t)
@@ -80,7 +80,7 @@ xfs_exec(xfs_t)
ifdef(`distro_debian',`
# for /tmp/.font-unix/fs7100
- init_script_tmp_filetrans(xfs_t,xfs_tmp_t,sock_file)
+ init_script_tmp_filetrans(xfs_t, xfs_tmp_t, sock_file)
')
optional_policy(`
diff --git a/policy/modules/services/xprint.te b/policy/modules/services/xprint.te
index b12103d..9026f57 100644
--- a/policy/modules/services/xprint.te
+++ b/policy/modules/services/xprint.te
@@ -8,7 +8,7 @@ policy_module(xprint, 1.5.0)
type xprint_t;
type xprint_exec_t;
-init_daemon_domain(xprint_t,xprint_exec_t)
+init_daemon_domain(xprint_t, xprint_exec_t)
type xprint_var_run_t;
files_pid_file(xprint_var_run_t)
@@ -24,8 +24,8 @@ allow xprint_t self:fifo_file rw_file_perms;
allow xprint_t self:tcp_socket create_stream_socket_perms;
allow xprint_t self:udp_socket create_socket_perms;
-manage_files_pattern(xprint_t,xprint_var_run_t,xprint_var_run_t)
-files_pid_filetrans(xprint_t,xprint_var_run_t,file)
+manage_files_pattern(xprint_t, xprint_var_run_t, xprint_var_run_t)
+files_pid_filetrans(xprint_t, xprint_var_run_t, file)
kernel_read_system_state(xprint_t)
kernel_read_kernel_sysctls(xprint_t)
diff --git a/policy/modules/services/xserver.if b/policy/modules/services/xserver.if
index 6037a2f..8300c4e 100644
--- a/policy/modules/services/xserver.if
+++ b/policy/modules/services/xserver.if
@@ -34,7 +34,7 @@ template(`xserver_common_domain_template',`
type $1_xserver_t, x_server_domain;
domain_type($1_xserver_t)
- domain_entry_file($1_xserver_t,xserver_exec_t)
+ domain_entry_file($1_xserver_t, xserver_exec_t)
type $1_xserver_tmp_t;
files_tmp_file($1_xserver_tmp_t)
@@ -71,27 +71,27 @@ template(`xserver_common_domain_template',`
allow $1_xserver_t self:tcp_socket create_stream_socket_perms;
allow $1_xserver_t self:udp_socket create_socket_perms;
- manage_dirs_pattern($1_xserver_t,$1_xserver_tmp_t,$1_xserver_tmp_t)
- manage_files_pattern($1_xserver_t,$1_xserver_tmp_t,$1_xserver_tmp_t)
- manage_sock_files_pattern($1_xserver_t,$1_xserver_tmp_t,$1_xserver_tmp_t)
+ manage_dirs_pattern($1_xserver_t, $1_xserver_tmp_t, $1_xserver_tmp_t)
+ manage_files_pattern($1_xserver_t, $1_xserver_tmp_t, $1_xserver_tmp_t)
+ manage_sock_files_pattern($1_xserver_t, $1_xserver_tmp_t, $1_xserver_tmp_t)
files_tmp_filetrans($1_xserver_t, $1_xserver_tmp_t, { file dir sock_file })
- filetrans_pattern($1_xserver_t,xdm_xserver_tmp_t,$1_xserver_tmp_t,sock_file)
+ filetrans_pattern($1_xserver_t, xdm_xserver_tmp_t, $1_xserver_tmp_t, sock_file)
- manage_dirs_pattern($1_xserver_t,$1_xserver_tmpfs_t,$1_xserver_tmpfs_t)
- manage_files_pattern($1_xserver_t,$1_xserver_tmpfs_t,$1_xserver_tmpfs_t)
- manage_lnk_files_pattern($1_xserver_t,$1_xserver_tmpfs_t,$1_xserver_tmpfs_t)
- manage_fifo_files_pattern($1_xserver_t,$1_xserver_tmpfs_t,$1_xserver_tmpfs_t)
- manage_sock_files_pattern($1_xserver_t,$1_xserver_tmpfs_t,$1_xserver_tmpfs_t)
- fs_tmpfs_filetrans($1_xserver_t,$1_xserver_tmpfs_t,{ dir file lnk_file sock_file fifo_file })
+ manage_dirs_pattern($1_xserver_t, $1_xserver_tmpfs_t, $1_xserver_tmpfs_t)
+ manage_files_pattern($1_xserver_t, $1_xserver_tmpfs_t, $1_xserver_tmpfs_t)
+ manage_lnk_files_pattern($1_xserver_t, $1_xserver_tmpfs_t, $1_xserver_tmpfs_t)
+ manage_fifo_files_pattern($1_xserver_t, $1_xserver_tmpfs_t, $1_xserver_tmpfs_t)
+ manage_sock_files_pattern($1_xserver_t, $1_xserver_tmpfs_t, $1_xserver_tmpfs_t)
+ fs_tmpfs_filetrans($1_xserver_t, $1_xserver_tmpfs_t, { dir file lnk_file sock_file fifo_file })
- manage_files_pattern($1_xserver_t,xkb_var_lib_t,xkb_var_lib_t)
- manage_lnk_files_pattern($1_xserver_t,xkb_var_lib_t,xkb_var_lib_t)
+ manage_files_pattern($1_xserver_t, xkb_var_lib_t, xkb_var_lib_t)
+ manage_lnk_files_pattern($1_xserver_t, xkb_var_lib_t, xkb_var_lib_t)
files_search_var_lib($1_xserver_t)
# Create files in /var/log with the xserver_log_t type.
- manage_files_pattern($1_xserver_t,xserver_log_t,xserver_log_t)
- logging_log_filetrans($1_xserver_t,xserver_log_t,file)
+ manage_files_pattern($1_xserver_t, xserver_log_t, xserver_log_t)
+ logging_log_filetrans($1_xserver_t, xserver_log_t, file)
# Labeling rules for default windows and colormaps
type_transition $1_xserver_t $1_xserver_t:{ x_drawable x_colormap } $1_rootwindow_t;
@@ -281,31 +281,31 @@ template(`xserver_per_role_template',`
role $3 types $1_xserver_t;
type $1_fonts_t, fonts_type;
- userdom_user_home_content($1,$1_fonts_t)
+ userdom_user_home_content($1, $1_fonts_t)
type $1_fonts_cache_t, fonts_cache_type;
- userdom_user_home_content($1,$1_fonts_cache_t)
+ userdom_user_home_content($1, $1_fonts_cache_t)
type $1_fonts_config_t, fonts_config_type;
- userdom_user_home_content($1,$1_fonts_cache_t)
+ userdom_user_home_content($1, $1_fonts_cache_t)
type $1_iceauth_t;
domain_type($1_iceauth_t)
- domain_entry_file($1_iceauth_t,iceauth_exec_t)
+ domain_entry_file($1_iceauth_t, iceauth_exec_t)
role $3 types $1_iceauth_t;
type $1_iceauth_home_t alias $1_iceauth_rw_t;
files_poly_member($1_iceauth_home_t)
- userdom_user_home_content($1,$1_iceauth_home_t)
+ userdom_user_home_content($1, $1_iceauth_home_t)
type $1_xauth_t;
domain_type($1_xauth_t)
- domain_entry_file($1_xauth_t,xauth_exec_t)
+ domain_entry_file($1_xauth_t, xauth_exec_t)
role $3 types $1_xauth_t;
type $1_xauth_home_t alias $1_xauth_rw_t, xauth_home_type;
files_poly_member($1_xauth_home_t)
- userdom_user_home_content($1,$1_xauth_home_t)
+ userdom_user_home_content($1, $1_xauth_home_t)
type $1_xauth_tmp_t;
files_tmp_file($1_xauth_tmp_t)
@@ -324,19 +324,19 @@ template(`xserver_per_role_template',`
allow $1_xserver_t $2:shm rw_shm_perms;
- manage_dirs_pattern($2,$1_fonts_t,$1_fonts_t)
- manage_files_pattern($2,$1_fonts_t,$1_fonts_t)
- relabel_dirs_pattern($2,$1_fonts_t,$1_fonts_t)
- relabel_files_pattern($2,$1_fonts_t,$1_fonts_t)
+ manage_dirs_pattern($2, $1_fonts_t, $1_fonts_t)
+ manage_files_pattern($2, $1_fonts_t, $1_fonts_t)
+ relabel_dirs_pattern($2, $1_fonts_t, $1_fonts_t)
+ relabel_files_pattern($2, $1_fonts_t, $1_fonts_t)
- manage_dirs_pattern($2,$1_fonts_config_t,$1_fonts_config_t)
- manage_files_pattern($2,$1_fonts_config_t,$1_fonts_config_t)
- relabel_files_pattern($2,$1_fonts_config_t,$1_fonts_config_t)
+ manage_dirs_pattern($2, $1_fonts_config_t, $1_fonts_config_t)
+ manage_files_pattern($2, $1_fonts_config_t, $1_fonts_config_t)
+ relabel_files_pattern($2, $1_fonts_config_t, $1_fonts_config_t)
# For startup relabel
allow $2 $1_fonts_cache_t:{ dir file } { relabelto relabelfrom };
- stream_connect_pattern($2,$1_xserver_tmp_t,$1_xserver_tmp_t,$1_xserver_t)
+ stream_connect_pattern($2, $1_xserver_tmp_t, $1_xserver_tmp_t, $1_xserver_t)
allow $2 $1_xserver_tmpfs_t:file rw_file_perms;
@@ -348,12 +348,12 @@ template(`xserver_per_role_template',`
locallogin_use_fds($1_xserver_t)
- userdom_search_user_home_dirs($1,$1_xserver_t)
- userdom_use_user_ttys($1,$1_xserver_t)
- userdom_setattr_user_ttys($1,$1_xserver_t)
- userdom_rw_user_tmpfs_files($1,$1_xserver_t)
+ userdom_search_user_home_dirs($1, $1_xserver_t)
+ userdom_use_user_ttys($1, $1_xserver_t)
+ userdom_setattr_user_ttys($1, $1_xserver_t)
+ userdom_rw_user_tmpfs_files($1, $1_xserver_t)
- xserver_use_user_fonts($1,$1_xserver_t)
+ xserver_use_user_fonts($1, $1_xserver_t)
xserver_rw_xdm_tmp_files($1_xauth_t)
optional_policy(`
@@ -376,10 +376,10 @@ template(`xserver_per_role_template',`
allow $1_xauth_t self:unix_stream_socket create_stream_socket_perms;
allow $1_xauth_t $1_xauth_home_t:file manage_file_perms;
- userdom_user_home_dir_filetrans($1,$1_xauth_t,$1_xauth_home_t,file)
+ userdom_user_home_dir_filetrans($1, $1_xauth_t, $1_xauth_home_t,file)
- manage_dirs_pattern($1_xauth_t,$1_xauth_tmp_t,$1_xauth_tmp_t)
- manage_files_pattern($1_xauth_t,$1_xauth_tmp_t,$1_xauth_tmp_t)
+ manage_dirs_pattern($1_xauth_t, $1_xauth_tmp_t, $1_xauth_tmp_t)
+ manage_files_pattern($1_xauth_t, $1_xauth_tmp_t, $1_xauth_tmp_t)
files_tmp_filetrans($1_xauth_t, $1_xauth_tmp_t, { file dir })
domtrans_pattern($2, xauth_exec_t, $1_xauth_t)
@@ -393,7 +393,7 @@ template(`xserver_per_role_template',`
allow $2 $1_xauth_home_t:file { relabelfrom relabelto };
allow xdm_t $1_xauth_home_t:file manage_file_perms;
- userdom_user_home_dir_filetrans($1,xdm_t,$1_xauth_home_t,file)
+ userdom_user_home_dir_filetrans($1, xdm_t, $1_xauth_home_t, file)
domain_use_interactive_fds($1_xauth_t)
@@ -411,8 +411,8 @@ template(`xserver_per_role_template',`
libs_use_ld_so($1_xauth_t)
libs_use_shared_libs($1_xauth_t)
- userdom_use_user_terminals($1,$1_xauth_t)
- userdom_read_user_tmp_files($1,$1_xauth_t)
+ userdom_use_user_terminals($1, $1_xauth_t)
+ userdom_read_user_tmp_files($1, $1_xauth_t)
tunable_policy(`use_nfs_home_dirs',`
fs_manage_nfs_files($1_xauth_t)
@@ -436,10 +436,10 @@ template(`xserver_per_role_template',`
domtrans_pattern($2, iceauth_exec_t, $1_iceauth_t)
allow $1_iceauth_t $1_iceauth_home_t:file manage_file_perms;
- userdom_user_home_dir_filetrans($1,$1_iceauth_t,$1_iceauth_home_t,file)
+ userdom_user_home_dir_filetrans($1, $1_iceauth_t, $1_iceauth_home_t, file)
# allow ps to show iceauth
- ps_process_pattern($2,$1_iceauth_t)
+ ps_process_pattern($2, $1_iceauth_t)
allow $2 $1_iceauth_home_t:file manage_file_perms;
allow $2 $1_iceauth_home_t:file { relabelfrom relabelto };
@@ -451,7 +451,7 @@ template(`xserver_per_role_template',`
libs_use_ld_so($1_iceauth_t)
libs_use_shared_libs($1_iceauth_t)
- userdom_use_user_terminals($1,$1_iceauth_t)
+ userdom_use_user_terminals($1, $1_iceauth_t)
tunable_policy(`use_nfs_home_dirs',`
fs_manage_nfs_files($1_iceauth_t)
@@ -500,7 +500,7 @@ template(`xserver_per_role_template',`
mls_xwin_read_to_clearance($1_xserver_t)
- xserver_common_x_domain_template($1,$1,$2)
+ xserver_common_x_domain_template($1, $1, $2)
')
#######################################
@@ -579,7 +579,7 @@ template(`xserver_rw_session_template',`
type $1_xserver_t, $1_xserver_tmpfs_t;
')
- xserver_ro_session_template($1,$2,$3)
+ xserver_ro_session_template($1, $2, $3)
allow $2 $1_xserver_t:shm rw_shm_perms;
allow $2 $1_xserver_tmpfs_t:file rw_file_perms;
')
@@ -633,13 +633,13 @@ template(`xserver_user_client_template',`
miscfiles_read_fonts($2)
- userdom_search_user_home_dirs($1,$2)
+ userdom_search_user_home_dirs($1, $2)
# for .xsession-errors
- userdom_dontaudit_write_user_home_content_files($1,$2)
+ userdom_dontaudit_write_user_home_content_files($1, $2)
- xserver_ro_session_template(xdm,$2,$3)
- xserver_rw_session_template($1,$2,$3)
- xserver_use_user_fonts($1,$2)
+ xserver_ro_session_template(xdm, $2, $3)
+ xserver_rw_session_template($1, $2, $3)
+ xserver_use_user_fonts($1, $2)
xserver_read_xdm_tmp_files($2)
@@ -903,18 +903,18 @@ template(`xserver_user_x_domain_template',`
miscfiles_read_fonts($3)
- userdom_search_user_home_dirs($1,$3)
+ userdom_search_user_home_dirs($1, $3)
# for .xsession-errors
- userdom_dontaudit_write_user_home_content_files($1,$3)
+ userdom_dontaudit_write_user_home_content_files($1, $3)
- xserver_ro_session_template(xdm,$3,$4)
- xserver_rw_session_template($1,$3,$4)
- xserver_use_user_fonts($1,$3)
+ xserver_ro_session_template(xdm, $3, $4)
+ xserver_rw_session_template($1, $3, $4)
+ xserver_use_user_fonts($1, $3)
xserver_read_xdm_tmp_files($3)
# X object manager
- xserver_common_x_domain_template($1,$2,$3)
+ xserver_common_x_domain_template($1, $2, $3)
# Client write xserver shm
tunable_policy(`allow_write_xshm',`
@@ -960,14 +960,14 @@ template(`xserver_use_user_fonts',`
allow $2 $1_fonts_t:file read_file_perms;
# Manipulate the global font cache
- manage_dirs_pattern($2,$1_fonts_cache_t,$1_fonts_cache_t)
- manage_files_pattern($2,$1_fonts_cache_t,$1_fonts_cache_t)
+ manage_dirs_pattern($2, $1_fonts_cache_t, $1_fonts_cache_t)
+ manage_files_pattern($2, $1_fonts_cache_t, $1_fonts_cache_t)
# Read per user font config
allow $2 $1_fonts_config_t:dir list_dir_perms;
allow $2 $1_fonts_config_t:file read_file_perms;
- userdom_search_user_home_dirs($1,$2)
+ userdom_search_user_home_dirs($1, $2)
')
########################################
@@ -1057,8 +1057,8 @@ interface(`xserver_use_all_users_fonts',`
allow $1 fonts_type:file read_file_perms;
# Manipulate the global font cache
- manage_dirs_pattern($1,fonts_cache_type,fonts_cache_type)
- manage_files_pattern($1,fonts_cache_type,fonts_cache_type)
+ manage_dirs_pattern($1, fonts_cache_type, fonts_cache_type)
+ manage_files_pattern($1, fonts_cache_type, fonts_cache_type)
# Read per user font config
allow $1 fonts_config_type:dir list_dir_perms;
@@ -1214,7 +1214,7 @@ interface(`xserver_stream_connect_xdm',`
')
files_search_tmp($1)
- stream_connect_pattern($1,xdm_tmp_t,xdm_tmp_t,xdm_t)
+ stream_connect_pattern($1, xdm_tmp_t, xdm_tmp_t, xdm_t)
')
########################################
@@ -1272,7 +1272,7 @@ interface(`xserver_create_xdm_tmp_sockets',`
files_search_tmp($1)
allow $1 xdm_tmp_t:dir list_dir_perms;
- create_sock_files_pattern($1,xdm_tmp_t,xdm_tmp_t)
+ create_sock_files_pattern($1, xdm_tmp_t, xdm_tmp_t)
')
########################################
@@ -1328,7 +1328,7 @@ interface(`xserver_domtrans_xdm_xserver',`
')
allow $1 xdm_xserver_t:process siginh;
- domtrans_pattern($1,xserver_exec_t,xdm_xserver_t)
+ domtrans_pattern($1, xserver_exec_t, xdm_xserver_t)
')
########################################
@@ -1346,7 +1346,7 @@ interface(`xserver_xsession_entry_type',`
type xsession_exec_t;
')
- domain_entry_file($1,xsession_exec_t)
+ domain_entry_file($1, xsession_exec_t)
')
########################################
@@ -1383,7 +1383,7 @@ interface(`xserver_xsession_spec_domtrans',`
type xsession_exec_t;
')
- domain_trans($1,xsession_exec_t,$2)
+ domain_trans($1, xsession_exec_t, $2)
')
########################################
@@ -1442,8 +1442,8 @@ interface(`xserver_delete_log',`
logging_search_logs($1)
allow $1 xserver_log_t:dir list_dir_perms;
- delete_files_pattern($1,xserver_log_t,xserver_log_t)
- delete_fifo_files_pattern($1,xserver_log_t,xserver_log_t)
+ delete_files_pattern($1, xserver_log_t, xserver_log_t)
+ delete_fifo_files_pattern($1, xserver_log_t, xserver_log_t)
')
########################################
@@ -1463,8 +1463,8 @@ interface(`xserver_read_xkb_libs',`
files_search_var_lib($1)
allow $1 xkb_var_lib_t:dir list_dir_perms;
- read_files_pattern($1,xkb_var_lib_t,xkb_var_lib_t)
- read_lnk_files_pattern($1,xkb_var_lib_t,xkb_var_lib_t)
+ read_files_pattern($1, xkb_var_lib_t, xkb_var_lib_t)
+ read_lnk_files_pattern($1, xkb_var_lib_t, xkb_var_lib_t)
')
########################################
@@ -1501,7 +1501,7 @@ interface(`xserver_read_xdm_tmp_files',`
')
files_search_tmp($1)
- read_files_pattern($1,xdm_tmp_t,xdm_tmp_t)
+ read_files_pattern($1, xdm_tmp_t, xdm_tmp_t)
')
########################################
@@ -1557,7 +1557,7 @@ interface(`xserver_manage_xdm_tmp_files',`
type xdm_tmp_t;
')
- manage_files_pattern($1,xdm_tmp_t,xdm_tmp_t)
+ manage_files_pattern($1, xdm_tmp_t, xdm_tmp_t)
')
########################################
@@ -1669,7 +1669,7 @@ interface(`xserver_stream_connect_xdm_xserver',`
')
files_search_tmp($1)
- stream_connect_pattern($1,xdm_xserver_tmp_t,xdm_xserver_tmp_t,xdm_xserver_t)
+ stream_connect_pattern($1, xdm_xserver_tmp_t, xdm_xserver_tmp_t, xdm_xserver_t)
')
########################################
diff --git a/policy/modules/services/xserver.te b/policy/modules/services/xserver.te
index 99418fc..01757d4 100644
--- a/policy/modules/services/xserver.te
+++ b/policy/modules/services/xserver.te
@@ -12,21 +12,21 @@ policy_module(xserver, 2.1.0)
## memory segments.
##
##
-gen_tunable(allow_write_xshm,false)
+gen_tunable(allow_write_xshm, false)
##
##
## Allow xdm logins as sysadm
##
##
-gen_tunable(xdm_sysadm_login,false)
+gen_tunable(xdm_sysadm_login, false)
##
##
## Support X userspace object manager
##
##
-gen_tunable(xserver_object_manager,false)
+gen_tunable(xserver_object_manager, false)
attribute fonts_type;
attribute fonts_cache_type;
@@ -85,8 +85,8 @@ files_associate_tmp(xconsole_device_t)
type xdm_t;
type xdm_exec_t;
auth_login_pgm_domain(xdm_t)
-init_domain(xdm_t,xdm_exec_t)
-init_daemon_domain(xdm_t,xdm_exec_t)
+init_domain(xdm_t, xdm_exec_t)
+init_daemon_domain(xdm_t, xdm_exec_t)
type xdm_lock_t;
files_lock_file(xdm_lock_t)
@@ -123,8 +123,8 @@ type xserver_log_t;
logging_log_file(xserver_log_t)
xserver_common_domain_template(xdm)
-xserver_common_x_domain_template(xdm,xdm,xdm_t)
-init_system_domain(xdm_xserver_t,xserver_exec_t)
+xserver_common_x_domain_template(xdm, xdm, xdm_t)
+init_system_domain(xdm_xserver_t, xserver_exec_t)
ifdef(`enable_mcs',`
init_ranged_domain(xdm_t,xdm_exec_t,s0 - mcs_systemhigh)
@@ -159,32 +159,32 @@ allow xdm_t xconsole_device_t:fifo_file { getattr setattr };
can_exec(xdm_t, xdm_exec_t)
allow xdm_t xdm_lock_t:file manage_file_perms;
-files_lock_filetrans(xdm_t,xdm_lock_t,file)
+files_lock_filetrans(xdm_t, xdm_lock_t, file)
# wdm has its own config dir /etc/X11/wdm
# this is ugly, daemons should not create files under /etc!
-manage_files_pattern(xdm_t,xdm_rw_etc_t,xdm_rw_etc_t)
+manage_files_pattern(xdm_t, xdm_rw_etc_t, xdm_rw_etc_t)
-manage_dirs_pattern(xdm_t,xdm_tmp_t,xdm_tmp_t)
-manage_files_pattern(xdm_t,xdm_tmp_t,xdm_tmp_t)
-manage_sock_files_pattern(xdm_t,xdm_tmp_t,xdm_tmp_t)
+manage_dirs_pattern(xdm_t, xdm_tmp_t, xdm_tmp_t)
+manage_files_pattern(xdm_t, xdm_tmp_t, xdm_tmp_t)
+manage_sock_files_pattern(xdm_t, xdm_tmp_t, xdm_tmp_t)
files_tmp_filetrans(xdm_t, xdm_tmp_t, { file dir sock_file })
-manage_dirs_pattern(xdm_t,xdm_tmpfs_t,xdm_tmpfs_t)
-manage_files_pattern(xdm_t,xdm_tmpfs_t,xdm_tmpfs_t)
-manage_lnk_files_pattern(xdm_t,xdm_tmpfs_t,xdm_tmpfs_t)
-manage_fifo_files_pattern(xdm_t,xdm_tmpfs_t,xdm_tmpfs_t)
-manage_sock_files_pattern(xdm_t,xdm_tmpfs_t,xdm_tmpfs_t)
-fs_tmpfs_filetrans(xdm_t,xdm_tmpfs_t,{ dir file lnk_file sock_file fifo_file })
+manage_dirs_pattern(xdm_t, xdm_tmpfs_t, xdm_tmpfs_t)
+manage_files_pattern(xdm_t, xdm_tmpfs_t, xdm_tmpfs_t)
+manage_lnk_files_pattern(xdm_t, xdm_tmpfs_t, xdm_tmpfs_t)
+manage_fifo_files_pattern(xdm_t, xdm_tmpfs_t, xdm_tmpfs_t)
+manage_sock_files_pattern(xdm_t, xdm_tmpfs_t, xdm_tmpfs_t)
+fs_tmpfs_filetrans(xdm_t, xdm_tmpfs_t,{ dir file lnk_file sock_file fifo_file })
-manage_dirs_pattern(xdm_t,xdm_var_lib_t,xdm_var_lib_t)
-manage_files_pattern(xdm_t,xdm_var_lib_t,xdm_var_lib_t)
-files_var_lib_filetrans(xdm_t,xdm_var_lib_t,file)
+manage_dirs_pattern(xdm_t, xdm_var_lib_t, xdm_var_lib_t)
+manage_files_pattern(xdm_t, xdm_var_lib_t, xdm_var_lib_t)
+files_var_lib_filetrans(xdm_t, xdm_var_lib_t, file)
-manage_dirs_pattern(xdm_t,xdm_var_run_t,xdm_var_run_t)
-manage_files_pattern(xdm_t,xdm_var_run_t,xdm_var_run_t)
-manage_fifo_files_pattern(xdm_t,xdm_var_run_t,xdm_var_run_t)
-files_pid_filetrans(xdm_t,xdm_var_run_t,{ dir file fifo_file })
+manage_dirs_pattern(xdm_t, xdm_var_run_t, xdm_var_run_t)
+manage_files_pattern(xdm_t, xdm_var_run_t, xdm_var_run_t)
+manage_fifo_files_pattern(xdm_t, xdm_var_run_t, xdm_var_run_t)
+files_pid_filetrans(xdm_t, xdm_var_run_t, { dir file fifo_file })
allow xdm_t xdm_xserver_t:process signal;
allow xdm_t xdm_xserver_t:unix_stream_socket connectto;
@@ -200,16 +200,16 @@ allow xdm_t xdm_xserver_t:process { noatsecure siginh rlimitinh signal sigkill }
allow xdm_t xdm_xserver_t:shm rw_shm_perms;
# connect to xdm xserver over stream socket
-stream_connect_pattern(xdm_t,xdm_xserver_tmp_t,xdm_xserver_tmp_t,xdm_xserver_t)
+stream_connect_pattern(xdm_t, xdm_xserver_tmp_t, xdm_xserver_tmp_t, xdm_xserver_t)
# Remove /tmp/.X11-unix/X0.
-delete_files_pattern(xdm_t,xdm_xserver_tmp_t,xdm_xserver_tmp_t)
-delete_sock_files_pattern(xdm_t,xdm_xserver_tmp_t,xdm_xserver_tmp_t)
+delete_files_pattern(xdm_t, xdm_xserver_tmp_t, xdm_xserver_tmp_t)
+delete_sock_files_pattern(xdm_t, xdm_xserver_tmp_t, xdm_xserver_tmp_t)
-manage_dirs_pattern(xdm_t,xserver_log_t,xserver_log_t)
-manage_files_pattern(xdm_t,xserver_log_t,xserver_log_t)
-manage_fifo_files_pattern(xdm_t,xserver_log_t,xserver_log_t)
-logging_log_filetrans(xdm_t,xserver_log_t,file)
+manage_dirs_pattern(xdm_t, xserver_log_t, xserver_log_t)
+manage_files_pattern(xdm_t, xserver_log_t, xserver_log_t)
+manage_fifo_files_pattern(xdm_t, xserver_log_t, xserver_log_t)
+logging_log_filetrans(xdm_t, xserver_log_t, file)
kernel_read_system_state(xdm_t)
kernel_read_kernel_sysctls(xdm_t)
@@ -317,7 +317,7 @@ userdom_signal_all_users(xdm_t)
sysadm_dontaudit_search_home_dirs(xdm_t)
-xserver_rw_session_template(xdm,xdm_t,xdm_tmpfs_t)
+xserver_rw_session_template(xdm, xdm_t, xdm_tmpfs_t)
xserver_unconfined(xdm_t)
tunable_policy(`use_nfs_home_dirs',`
@@ -430,9 +430,9 @@ dontaudit xdm_xserver_t xdm_var_lib_t:dir search;
allow xdm_xserver_t xdm_var_run_t:file { getattr read };
# Label pid and temporary files with derived types.
-manage_files_pattern(xdm_xserver_t,xdm_tmp_t,xdm_tmp_t)
-manage_lnk_files_pattern(xdm_xserver_t,xdm_tmp_t,xdm_tmp_t)
-manage_sock_files_pattern(xdm_xserver_t,xdm_tmp_t,xdm_tmp_t)
+manage_files_pattern(xdm_xserver_t, xdm_tmp_t, xdm_tmp_t)
+manage_lnk_files_pattern(xdm_xserver_t, xdm_tmp_t, xdm_tmp_t)
+manage_sock_files_pattern(xdm_xserver_t, xdm_tmp_t, xdm_tmp_t)
# Run xkbcomp.
allow xdm_xserver_t xkb_var_lib_t:lnk_file read;
diff --git a/policy/modules/services/zabbix.if b/policy/modules/services/zabbix.if
index 0f87847..7a83ada 100644
--- a/policy/modules/services/zabbix.if
+++ b/policy/modules/services/zabbix.if
@@ -15,7 +15,7 @@ interface(`zabbix_domtrans',`
type zabbix_t, zabbix_exec_t;
')
- domtrans_pattern($1,zabbix_exec_t,zabbix_t)
+ domtrans_pattern($1, zabbix_exec_t, zabbix_t)
')
########################################
@@ -35,7 +35,7 @@ interface(`zabbix_read_log',`
')
logging_search_logs($1)
- read_files_pattern($1,zabbix_log_t,zabbix_log_t)
+ read_files_pattern($1, zabbix_log_t, zabbix_log_t)
')
########################################
@@ -55,7 +55,7 @@ interface(`zabbix_append_log',`
')
logging_search_logs($1)
- append_files_pattern($1,zabbix_log_t,zabbix_log_t)
+ append_files_pattern($1, zabbix_log_t, zabbix_log_t)
')
########################################
diff --git a/policy/modules/services/zabbix.te b/policy/modules/services/zabbix.te
index 3bbed20..370d5f2 100644
--- a/policy/modules/services/zabbix.te
+++ b/policy/modules/services/zabbix.te
@@ -1,5 +1,5 @@
-policy_module(zabbix,1.1.0)
+policy_module(zabbix, 1.1.0)
########################################
#
@@ -29,12 +29,12 @@ allow zabbix_t self:unix_stream_socket create_stream_socket_perms;
# log files
allow zabbix_t zabbix_log_t:dir setattr;
-manage_files_pattern(zabbix_t,zabbix_log_t,zabbix_log_t)
-logging_log_filetrans(zabbix_t,zabbix_log_t,file)
+manage_files_pattern(zabbix_t, zabbix_log_t, zabbix_log_t)
+logging_log_filetrans(zabbix_t, zabbix_log_t, file)
# pid file
-manage_files_pattern(zabbix_t,zabbix_var_run_t,zabbix_var_run_t)
-files_pid_filetrans(zabbix_t,zabbix_var_run_t, file)
+manage_files_pattern(zabbix_t, zabbix_var_run_t, zabbix_var_run_t)
+files_pid_filetrans(zabbix_t, zabbix_var_run_t, file)
files_read_etc_files(zabbix_t)
diff --git a/policy/modules/services/zebra.te b/policy/modules/services/zebra.te
index 751ccb0..5b29a09 100644
--- a/policy/modules/services/zebra.te
+++ b/policy/modules/services/zebra.te
@@ -47,7 +47,7 @@ allow zebra_t self:udp_socket create_socket_perms;
allow zebra_t self:rawip_socket create_socket_perms;
allow zebra_t zebra_conf_t:dir list_dir_perms;
-read_files_pattern(zebra_t,zebra_conf_t,zebra_conf_t)
+read_files_pattern(zebra_t, zebra_conf_t, zebra_conf_t)
read_lnk_files_pattern(zebra_t, zebra_conf_t, zebra_conf_t)
allow zebra_t zebra_log_t:dir setattr;
@@ -57,7 +57,7 @@ logging_log_filetrans(zebra_t, zebra_log_t, { sock_file file dir })
# /tmp/.bgpd is such a bad idea!
allow zebra_t zebra_tmp_t:sock_file manage_sock_file_perms;
-files_tmp_filetrans(zebra_t,zebra_tmp_t,sock_file)
+files_tmp_filetrans(zebra_t, zebra_tmp_t, sock_file)
manage_files_pattern(zebra_t, zebra_var_run_t, zebra_var_run_t)
manage_sock_files_pattern(zebra_t, zebra_var_run_t, zebra_var_run_t)