diff --git a/policy/modules/admin/amanda.te b/policy/modules/admin/amanda.te
index 668cc49..78eb5d4 100644
--- a/policy/modules/admin/amanda.te
+++ b/policy/modules/admin/amanda.te
@@ -97,8 +97,8 @@ allow amanda_t amanda_gnutarlists_t:dir rw_dir_perms;
allow amanda_t amanda_gnutarlists_t:file manage_file_perms;
allow amanda_t amanda_gnutarlists_t:lnk_file manage_lnk_file_perms;
-manage_dirs_pattern(amanda_t,amanda_var_lib_t,amanda_var_lib_t)
-manage_files_pattern(amanda_t,amanda_var_lib_t,amanda_var_lib_t)
+manage_dirs_pattern(amanda_t, amanda_var_lib_t, amanda_var_lib_t)
+manage_files_pattern(amanda_t, amanda_var_lib_t, amanda_var_lib_t)
manage_files_pattern(amanda_t, amanda_log_t, amanda_log_t)
manage_dirs_pattern(amanda_t, amanda_log_t, amanda_log_t)
diff --git a/policy/modules/admin/dpkg.if b/policy/modules/admin/dpkg.if
index 560d021..c9a03ff 100644
--- a/policy/modules/admin/dpkg.if
+++ b/policy/modules/admin/dpkg.if
@@ -38,7 +38,7 @@ interface(`dpkg_domtrans_script',`
')
# transition to dpkg script:
- corecmd_shell_domtrans($1,dpkg_script_t)
+ corecmd_shell_domtrans($1, dpkg_script_t)
allow dpkg_script_t $1:fd use;
allow dpkg_script_t $1:fifo_file rw_file_perms;
allow dpkg_script_t $1:process sigchld;
diff --git a/policy/modules/admin/kudzu.te b/policy/modules/admin/kudzu.te
index d393751..dfc2e4a 100644
--- a/policy/modules/admin/kudzu.te
+++ b/policy/modules/admin/kudzu.te
@@ -89,7 +89,7 @@ files_search_var(kudzu_t)
files_search_locks(kudzu_t)
files_manage_etc_files(kudzu_t)
files_manage_etc_runtime_files(kudzu_t)
-files_etc_filetrans_etc_runtime(kudzu_t,file)
+files_etc_filetrans_etc_runtime(kudzu_t, file)
files_manage_mnt_files(kudzu_t)
files_manage_mnt_symlinks(kudzu_t)
files_dontaudit_search_src(kudzu_t)
diff --git a/policy/modules/admin/logrotate.te b/policy/modules/admin/logrotate.te
index fe696de..402cb7f 100644
--- a/policy/modules/admin/logrotate.te
+++ b/policy/modules/admin/logrotate.te
@@ -132,7 +132,7 @@ ifdef(`distro_debian', `
# for syslogd-listfiles
logging_read_syslog_config(logrotate_t)
- # for "test -x /sbin/syslogd"
+ # for "test -x /sbin/syslogd"
logging_check_exec_syslog(logrotate_t)
')
diff --git a/policy/modules/admin/logwatch.te b/policy/modules/admin/logwatch.te
index cb86035..ade2bb0 100644
--- a/policy/modules/admin/logwatch.te
+++ b/policy/modules/admin/logwatch.te
@@ -34,7 +34,7 @@ manage_dirs_pattern(logwatch_t, logwatch_cache_t, logwatch_cache_t)
manage_files_pattern(logwatch_t, logwatch_cache_t, logwatch_cache_t)
allow logwatch_t logwatch_lock_t:file manage_file_perms;
-files_lock_filetrans(logwatch_t,logwatch_lock_t,file)
+files_lock_filetrans(logwatch_t, logwatch_lock_t, file)
manage_dirs_pattern(logwatch_t, logwatch_tmp_t, logwatch_tmp_t)
manage_files_pattern(logwatch_t, logwatch_tmp_t, logwatch_tmp_t)
diff --git a/policy/modules/admin/mrtg.te b/policy/modules/admin/mrtg.te
index bd7d518..46c1f52 100644
--- a/policy/modules/admin/mrtg.te
+++ b/policy/modules/admin/mrtg.te
@@ -54,7 +54,7 @@ manage_files_pattern(mrtg_t, mrtg_var_lib_t, mrtg_var_lib_t)
manage_lnk_files_pattern(mrtg_t, mrtg_var_lib_t, mrtg_var_lib_t)
allow mrtg_t mrtg_var_run_t:file manage_file_perms;
-files_pid_filetrans(mrtg_t,mrtg_var_run_t,file)
+files_pid_filetrans(mrtg_t, mrtg_var_run_t, file)
kernel_read_system_state(mrtg_t)
kernel_read_network_state(mrtg_t)
diff --git a/policy/modules/admin/portage.if b/policy/modules/admin/portage.if
index b6547f3..83a36fc 100644
--- a/policy/modules/admin/portage.if
+++ b/policy/modules/admin/portage.if
@@ -99,7 +99,7 @@ interface(`portage_compile_domain',`
allow $1 self:dbus send_msg;
allow $1 portage_devpts_t:chr_file { rw_chr_file_perms setattr };
- term_create_pty($1,portage_devpts_t)
+ term_create_pty($1, portage_devpts_t)
# write compile logs
allow $1 portage_log_t:dir setattr;
diff --git a/policy/modules/admin/rpm.if b/policy/modules/admin/rpm.if
index 36f9fa8..c7b136a 100644
--- a/policy/modules/admin/rpm.if
+++ b/policy/modules/admin/rpm.if
@@ -36,7 +36,7 @@ interface(`rpm_domtrans_script',`
')
# transition to rpm script:
- corecmd_shell_domtrans($1,rpm_script_t)
+ corecmd_shell_domtrans($1, rpm_script_t)
allow rpm_script_t $1:fd use;
allow rpm_script_t $1:fifo_file rw_file_perms;
allow rpm_script_t $1:process sigchld;
diff --git a/policy/modules/admin/su.if b/policy/modules/admin/su.if
index 6c82b49..6c779dc 100644
--- a/policy/modules/admin/su.if
+++ b/policy/modules/admin/su.if
@@ -166,7 +166,7 @@ template(`su_role_template',`
')
type $1_su_t, su_domain_type;
- domain_entry_file($1_su_t,su_exec_t)
+ domain_entry_file($1_su_t, su_exec_t)
domain_type($1_su_t)
domain_interactive_fd($1_su_t)
ubac_constrained($1_su_t)
diff --git a/policy/modules/admin/sxid.te b/policy/modules/admin/sxid.te
index a253e91..46f5394 100644
--- a/policy/modules/admin/sxid.te
+++ b/policy/modules/admin/sxid.te
@@ -29,7 +29,7 @@ allow sxid_t self:tcp_socket create_stream_socket_perms;
allow sxid_t self:udp_socket create_socket_perms;
allow sxid_t sxid_log_t:file manage_file_perms;
-logging_log_filetrans(sxid_t,sxid_log_t,file)
+logging_log_filetrans(sxid_t, sxid_log_t, file)
manage_dirs_pattern(sxid_t, sxid_tmp_t, sxid_tmp_t)
manage_files_pattern(sxid_t, sxid_tmp_t, sxid_tmp_t)
diff --git a/policy/modules/admin/usermanage.te b/policy/modules/admin/usermanage.te
index ac4e7ff..508014f 100644
--- a/policy/modules/admin/usermanage.te
+++ b/policy/modules/admin/usermanage.te
@@ -49,7 +49,7 @@ files_tmp_file(sysadm_passwd_tmp_t)
type useradd_t;
type useradd_exec_t;
domain_obj_id_change_exemption(useradd_t)
-init_system_domain(useradd_t,useradd_exec_t)
+init_system_domain(useradd_t, useradd_exec_t)
role system_r types useradd_t;
########################################
@@ -210,7 +210,7 @@ files_manage_etc_files(groupadd_t)
files_relabel_etc_files(groupadd_t)
files_read_etc_runtime_files(groupadd_t)
-# Execute /usr/bin/{passwd,chfn,chsh} and /usr/sbin/{useradd,vipw}.
+# Execute /usr/bin/{passwd, chfn, chsh} and /usr/sbin/{useradd, vipw}.
corecmd_exec_bin(groupadd_t)
logging_send_audit_msgs(groupadd_t)
diff --git a/policy/modules/apps/evolution.te b/policy/modules/apps/evolution.te
index 8e56d61..0361144 100644
--- a/policy/modules/apps/evolution.te
+++ b/policy/modules/apps/evolution.te
@@ -480,7 +480,7 @@ userdom_search_user_home_dirs(evolution_exchange_t)
# until properly implemented
userdom_dontaudit_read_user_home_content_files(evolution_exchange_t)
-xserver_user_x_domain_template(evolution_exchange,evolution_exchange_t, evolution_exchange_tmpfs_t)
+xserver_user_x_domain_template(evolution_exchange, evolution_exchange_t, evolution_exchange_tmpfs_t)
# Access evolution home
tunable_policy(`use_nfs_home_dirs',`
diff --git a/policy/modules/apps/mplayer.fc b/policy/modules/apps/mplayer.fc
index e1fe850..5a37c50 100644
--- a/policy/modules/apps/mplayer.fc
+++ b/policy/modules/apps/mplayer.fc
@@ -11,4 +11,4 @@
/usr/bin/vlc -- gen_context(system_u:object_r:mplayer_exec_t,s0)
/usr/bin/xine -- gen_context(system_u:object_r:mplayer_exec_t,s0)
-HOME_DIR/\.mplayer(/.*)? gen_context(system_u:object_r:mplayer_home_t,s0)
+HOME_DIR/\.mplayer(/.*)? gen_context(system_u:object_r:mplayer_home_t,s0)
diff --git a/policy/modules/apps/mplayer.if b/policy/modules/apps/mplayer.if
index 1f9adca..c7ad0f5 100644
--- a/policy/modules/apps/mplayer.if
+++ b/policy/modules/apps/mplayer.if
@@ -67,12 +67,12 @@ interface(`mplayer_domtrans',`
########################################
##
-## Execute mplayer in the caller domain.
+## Execute mplayer in the caller domain.
##
##
-##
-## Domain allowed access.
-##
+##
+## Domain allowed access.
+##
##
#
#
diff --git a/policy/modules/apps/slocate.if b/policy/modules/apps/slocate.if
index d8aec96..b7505a0 100644
--- a/policy/modules/apps/slocate.if
+++ b/policy/modules/apps/slocate.if
@@ -35,7 +35,7 @@ interface(`locate_read_lib_files',`
type locate_var_lib_t;
')
- read_files_pattern($1,locate_var_lib_t,locate_var_lib_t)
+ read_files_pattern($1, locate_var_lib_t, locate_var_lib_t)
allow $1 locate_var_lib_t:dir list_dir_perms;
files_search_var_lib($1)
')
diff --git a/policy/modules/apps/wireshark.te b/policy/modules/apps/wireshark.te
index 9a03cb6..0a1901a 100644
--- a/policy/modules/apps/wireshark.te
+++ b/policy/modules/apps/wireshark.te
@@ -54,7 +54,7 @@ corecmd_search_bin(wireshark_t)
manage_dirs_pattern(wireshark_t, wireshark_home_t, wireshark_home_t)
manage_files_pattern(wireshark_t, wireshark_home_t, wireshark_home_t)
manage_lnk_files_pattern(wireshark_t, wireshark_home_t, wireshark_home_t)
-userdom_user_home_dir_filetrans(wireshark_t, wireshark_home_t,dir)
+userdom_user_home_dir_filetrans(wireshark_t, wireshark_home_t, dir)
# Store temporary files
manage_dirs_pattern(wireshark_t, wireshark_tmp_t, wireshark_tmp_t)
diff --git a/policy/modules/kernel/corecommands.fc b/policy/modules/kernel/corecommands.fc
index 07d0a84..5052a09 100644
--- a/policy/modules/kernel/corecommands.fc
+++ b/policy/modules/kernel/corecommands.fc
@@ -74,7 +74,7 @@ ifdef(`distro_redhat',`
/etc/rc\.d/init\.d/functions -- gen_context(system_u:object_r:bin_t,s0)
-/etc/security/namespace.init -- gen_context(system_u:object_r:bin_t,s0)
+/etc/security/namespace.init -- gen_context(system_u:object_r:bin_t,s0)
/etc/sysconfig/crond -- gen_context(system_u:object_r:bin_t,s0)
/etc/sysconfig/init -- gen_context(system_u:object_r:bin_t,s0)
@@ -218,11 +218,11 @@ ifdef(`distro_gentoo',`
/usr/share/PackageKit/pk-upgrade-distro\.sh -- gen_context(system_u:object_r:bin_t,s0)
/usr/share/PackageKit/helpers(/.*)? gen_context(system_u:object_r:bin_t,s0)
/usr/share/selinux/devel/policygentool -- gen_context(system_u:object_r:bin_t,s0)
-/usr/share/shorewall/configpath -- gen_context(system_u:object_r:bin_t,s0)
-/usr/share/shorewall-perl(/.*)? gen_context(system_u:object_r:bin_t,s0)
-/usr/share/shorewall-shell(/.*)? gen_context(system_u:object_r:bin_t,s0)
+/usr/share/shorewall/configpath -- gen_context(system_u:object_r:bin_t,s0)
+/usr/share/shorewall-perl(/.*)? gen_context(system_u:object_r:bin_t,s0)
+/usr/share/shorewall-shell(/.*)? gen_context(system_u:object_r:bin_t,s0)
/usr/share/shorewall-lite(/.*)? gen_context(system_u:object_r:bin_t,s0)
-/usr/share/shorewall6-lite(/.*)? gen_context(system_u:object_r:bin_t,s0)
+/usr/share/shorewall6-lite(/.*)? gen_context(system_u:object_r:bin_t,s0)
/usr/share/turboprint/lib(/.*)? -- gen_context(system_u:object_r:bin_t,s0)
/usr/X11R6/lib(64)?/X11/xkb/xkbcomp -- gen_context(system_u:object_r:bin_t,s0)
@@ -241,8 +241,8 @@ ifdef(`distro_redhat', `
/usr/lib64/.*/program(/.*)? gen_context(system_u:object_r:bin_t,s0)
/usr/lib/bluetooth(/.*)? -- gen_context(system_u:object_r:bin_t,s0)
/usr/lib64/bluetooth(/.*)? -- gen_context(system_u:object_r:bin_t,s0)
-/usr/lib/vmware-tools/(s)?bin32(/.*)? gen_context(system_u:object_r:bin_t,s0)
-/usr/lib/vmware-tools/(s)?bin64(/.*)? gen_context(system_u:object_r:bin_t,s0)
+/usr/lib/vmware-tools/(s)?bin32(/.*)? gen_context(system_u:object_r:bin_t,s0)
+/usr/lib/vmware-tools/(s)?bin64(/.*)? gen_context(system_u:object_r:bin_t,s0)
/usr/share/authconfig/authconfig-gtk\.py -- gen_context(system_u:object_r:bin_t,s0)
/usr/share/authconfig/authconfig-tui\.py -- gen_context(system_u:object_r:bin_t,s0)
/usr/share/authconfig/authconfig\.py -- gen_context(system_u:object_r:bin_t,s0)
@@ -305,7 +305,7 @@ ifdef(`distro_suse', `
/usr/lib/yp/.+ -- gen_context(system_u:object_r:bin_t,s0)
/usr/lib64/yp/.+ -- gen_context(system_u:object_r:bin_t,s0)
-/var/qmail/bin -d gen_context(system_u:object_r:bin_t,s0)
+/var/qmail/bin -d gen_context(system_u:object_r:bin_t,s0)
/var/qmail/bin(/.*)? gen_context(system_u:object_r:bin_t,s0)
/var/qmail/rc -- gen_context(system_u:object_r:bin_t,s0)
diff --git a/policy/modules/kernel/corecommands.if b/policy/modules/kernel/corecommands.if
index 49f2e94..52bb593 100644
--- a/policy/modules/kernel/corecommands.if
+++ b/policy/modules/kernel/corecommands.if
@@ -70,7 +70,7 @@ interface(`corecmd_bin_entry_type',`
type bin_t;
')
- domain_entry_file($1,bin_t)
+ domain_entry_file($1, bin_t)
')
########################################
diff --git a/policy/modules/kernel/corenetwork.te.in b/policy/modules/kernel/corenetwork.te.in
index 7e624f8..96887cf 100644
--- a/policy/modules/kernel/corenetwork.te.in
+++ b/policy/modules/kernel/corenetwork.te.in
@@ -230,7 +230,7 @@ type netif_t, netif_type;
sid netif gen_context(system_u:object_r:netif_t,s0 - mls_systemhigh)
build_option(`enable_mls',`
-network_interface(lo, lo,s0 - mls_systemhigh)
+network_interface(lo, lo, s0 - mls_systemhigh)
',`
typealias netif_t alias { lo_netif_t netif_lo_t };
')
diff --git a/policy/modules/kernel/devices.if b/policy/modules/kernel/devices.if
index 7ddb8e2..a4bb416 100644
--- a/policy/modules/kernel/devices.if
+++ b/policy/modules/kernel/devices.if
@@ -68,8 +68,8 @@ interface(`dev_relabel_all_dev_nodes',`
relabelfrom_lnk_files_pattern($1, device_t, { device_t device_node })
relabelfrom_fifo_files_pattern($1, device_t, device_node)
relabelfrom_sock_files_pattern($1, device_t, device_node)
- relabel_blk_files_pattern($1,device_t,{ device_t device_node })
- relabel_chr_files_pattern($1,device_t,{ device_t device_node })
+ relabel_blk_files_pattern($1, device_t,{ device_t device_node })
+ relabel_chr_files_pattern($1, device_t,{ device_t device_node })
')
########################################
@@ -1247,7 +1247,7 @@ interface(`dev_create_cardmgr_dev',`
create_chr_files_pattern($1, device_t, cardmgr_dev_t)
create_blk_files_pattern($1, device_t, cardmgr_dev_t)
- filetrans_pattern($1,device_t, cardmgr_dev_t, { chr_file blk_file })
+ filetrans_pattern($1, device_t, cardmgr_dev_t, { chr_file blk_file })
')
########################################
@@ -1709,11 +1709,11 @@ interface(`dev_read_kvm',`
########################################
##
-## Read and write to kvm devices.
+## Read and write to kvm devices.
##
##
##
-## Domain allowed access.
+## Domain allowed access.
##
##
#
diff --git a/policy/modules/kernel/files.if b/policy/modules/kernel/files.if
index d76b28b..87442ec 100644
--- a/policy/modules/kernel/files.if
+++ b/policy/modules/kernel/files.if
@@ -2138,7 +2138,7 @@ interface(`files_create_boot_flag',`
')
allow $1 etc_runtime_t:file manage_file_perms;
- filetrans_pattern($1,root_t,etc_runtime_t,file)
+ filetrans_pattern($1, root_t, etc_runtime_t, file)
')
########################################
@@ -4662,7 +4662,7 @@ interface(`files_rw_generic_pids',`
type var_t, var_run_t;
')
- list_dirs_pattern($1,var_t,var_run_t)
+ list_dirs_pattern($1, var_t, var_run_t)
rw_files_pattern($1, var_run_t, var_run_t)
')
diff --git a/policy/modules/kernel/filesystem.if b/policy/modules/kernel/filesystem.if
index b9b367a..b2c058a 100644
--- a/policy/modules/kernel/filesystem.if
+++ b/policy/modules/kernel/filesystem.if
@@ -103,7 +103,7 @@ interface(`fs_exec_noxattr',`
attribute noxattrfs;
')
- can_exec($1,noxattrfs)
+ can_exec($1, noxattrfs)
')
########################################
@@ -1455,7 +1455,7 @@ interface(`fs_read_fusefs_files',`
type fusefs_t;
')
- read_files_pattern($1,fusefs_t,fusefs_t)
+ read_files_pattern($1, fusefs_t, fusefs_t)
')
########################################
diff --git a/policy/modules/kernel/mls.if b/policy/modules/kernel/mls.if
index af86516..d178478 100644
--- a/policy/modules/kernel/mls.if
+++ b/policy/modules/kernel/mls.if
@@ -959,7 +959,7 @@ interface(`mls_dbus_send_all_levels',`
attribute mlsdbussend;
')
- typeattribute $1 mlsdbussend;
+ typeattribute $1 mlsdbussend;
')
########################################
@@ -980,5 +980,5 @@ interface(`mls_dbus_recv_all_levels',`
attribute mlsdbusrecv;
')
- typeattribute $1 mlsdbusrecv;
+ typeattribute $1 mlsdbusrecv;
')
diff --git a/policy/modules/roles/guest.if b/policy/modules/roles/guest.if
index ab01ad2..8906a32 100644
--- a/policy/modules/roles/guest.if
+++ b/policy/modules/roles/guest.if
@@ -6,7 +6,7 @@
##
##
##
-## Role allowed access.
+## Role allowed access.
##
##
##
diff --git a/policy/modules/roles/logadm.if b/policy/modules/roles/logadm.if
index 6bd00f9..c9740e5 100644
--- a/policy/modules/roles/logadm.if
+++ b/policy/modules/roles/logadm.if
@@ -6,7 +6,7 @@
##
##
##
-## Role allowed access.
+## Role allowed access.
##
##
##
diff --git a/policy/modules/roles/xguest.if b/policy/modules/roles/xguest.if
index 0f05b1c..d2234e3 100644
--- a/policy/modules/roles/xguest.if
+++ b/policy/modules/roles/xguest.if
@@ -6,7 +6,7 @@
##
##
##
-## Role allowed access.
+## Role allowed access.
##
##
##
diff --git a/policy/modules/services/afs.te b/policy/modules/services/afs.te
index 2114d00..b7403e0 100644
--- a/policy/modules/services/afs.te
+++ b/policy/modules/services/afs.te
@@ -65,7 +65,7 @@ allow afs_bosserver_t self:process { setsched signal_perms };
allow afs_bosserver_t self:tcp_socket create_stream_socket_perms;
allow afs_bosserver_t self:udp_socket create_socket_perms;
-can_exec(afs_bosserver_t,afs_bosserver_exec_t)
+can_exec(afs_bosserver_t, afs_bosserver_exec_t)
manage_dirs_pattern(afs_bosserver_t, afs_config_t, afs_config_t)
manage_files_pattern(afs_bosserver_t, afs_config_t, afs_config_t)
@@ -236,7 +236,7 @@ allow afs_ptserver_t self:unix_stream_socket create_stream_socket_perms;
allow afs_ptserver_t self:tcp_socket create_stream_socket_perms;
allow afs_ptserver_t self:udp_socket create_socket_perms;
-read_files_pattern(afs_ptserver_t,afs_config_t,afs_config_t)
+read_files_pattern(afs_ptserver_t, afs_config_t, afs_config_t)
allow afs_ptserver_t afs_config_t:dir list_dir_perms;
manage_dirs_pattern(afs_ptserver_t, afs_logfile_t, afs_logfile_t)
@@ -274,14 +274,14 @@ allow afs_vlserver_t self:unix_stream_socket create_stream_socket_perms;
allow afs_vlserver_t self:tcp_socket create_stream_socket_perms;
allow afs_vlserver_t self:udp_socket create_socket_perms;
-read_files_pattern(afs_vlserver_t,afs_config_t,afs_config_t)
+read_files_pattern(afs_vlserver_t, afs_config_t, afs_config_t)
allow afs_vlserver_t afs_config_t:dir list_dir_perms;
manage_dirs_pattern(afs_vlserver_t, afs_logfile_t, afs_logfile_t)
manage_files_pattern(afs_vlserver_t, afs_logfile_t, afs_logfile_t)
manage_files_pattern(afs_vlserver_t, afs_dbdir_t, afs_vl_db_t)
-filetrans_pattern(afs_vlserver_t, afs_dbdir_t,afs_vl_db_t, file)
+filetrans_pattern(afs_vlserver_t, afs_dbdir_t, afs_vl_db_t, file)
corenet_all_recvfrom_unlabeled(afs_vlserver_t)
corenet_all_recvfrom_netlabel(afs_vlserver_t)
diff --git a/policy/modules/services/amavis.te b/policy/modules/services/amavis.te
index 04d430a..294f4e0 100644
--- a/policy/modules/services/amavis.te
+++ b/policy/modules/services/amavis.te
@@ -78,7 +78,7 @@ files_search_spool(amavis_t)
# tmp files
manage_files_pattern(amavis_t, amavis_tmp_t, amavis_tmp_t)
allow amavis_t amavis_tmp_t:dir setattr;
-files_tmp_filetrans(amavis_t,amavis_tmp_t,file)
+files_tmp_filetrans(amavis_t, amavis_tmp_t, file)
# var/lib files for amavis
manage_dirs_pattern(amavis_t, amavis_var_lib_t, amavis_var_lib_t)
diff --git a/policy/modules/services/apache.if b/policy/modules/services/apache.if
index 6e42924..4b6be37 100644
--- a/policy/modules/services/apache.if
+++ b/policy/modules/services/apache.if
@@ -79,8 +79,8 @@ template(`apache_content_template',`
read_lnk_files_pattern(httpd_$1_script_t, httpd_$1_script_ra_t, httpd_$1_script_ra_t)
allow httpd_$1_script_t httpd_$1_script_ro_t:dir list_dir_perms;
- read_files_pattern(httpd_$1_script_t,httpd_$1_script_ro_t,httpd_$1_script_ro_t)
- read_lnk_files_pattern(httpd_$1_script_t,httpd_$1_script_ro_t,httpd_$1_script_ro_t)
+ read_files_pattern(httpd_$1_script_t, httpd_$1_script_ro_t, httpd_$1_script_ro_t)
+ read_lnk_files_pattern(httpd_$1_script_t, httpd_$1_script_ro_t, httpd_$1_script_ro_t)
manage_dirs_pattern(httpd_$1_script_t, httpd_$1_script_rw_t, httpd_$1_script_rw_t)
manage_files_pattern(httpd_$1_script_t, httpd_$1_script_rw_t, httpd_$1_script_rw_t)
@@ -268,33 +268,33 @@ interface(`apache_role',`
allow $2 httpd_user_htaccess_t:file { manage_file_perms relabelto relabelfrom };
- manage_dirs_pattern($2,httpd_user_script_ra_t,httpd_user_script_ra_t)
- manage_files_pattern($2,httpd_user_script_ra_t,httpd_user_script_ra_t)
- manage_lnk_files_pattern($2,httpd_user_script_ra_t,httpd_user_script_ra_t)
- relabel_dirs_pattern($2,httpd_user_script_ra_t,httpd_user_script_ra_t)
- relabel_files_pattern($2,httpd_user_script_ra_t,httpd_user_script_ra_t)
- relabel_lnk_files_pattern($2,httpd_user_script_ra_t,httpd_user_script_ra_t)
-
- manage_dirs_pattern($2,httpd_user_script_ro_t,httpd_user_script_ro_t)
- manage_files_pattern($2,httpd_user_script_ro_t,httpd_user_script_ro_t)
- manage_lnk_files_pattern($2,httpd_user_script_ro_t,httpd_user_script_ro_t)
- relabel_dirs_pattern($2,httpd_user_script_ro_t,httpd_user_script_ro_t)
- relabel_files_pattern($2,httpd_user_script_ro_t,httpd_user_script_ro_t)
- relabel_lnk_files_pattern($2,httpd_user_script_ro_t,httpd_user_script_ro_t)
-
- manage_dirs_pattern($2,httpd_user_script_rw_t,httpd_user_script_rw_t)
- manage_files_pattern($2,httpd_user_script_rw_t,httpd_user_script_rw_t)
- manage_lnk_files_pattern($2,httpd_user_script_rw_t,httpd_user_script_rw_t)
- relabel_dirs_pattern($2,httpd_user_script_rw_t,httpd_user_script_rw_t)
- relabel_files_pattern($2,httpd_user_script_rw_t,httpd_user_script_rw_t)
- relabel_lnk_files_pattern($2,httpd_user_script_rw_t,httpd_user_script_rw_t)
-
- manage_dirs_pattern($2,httpd_user_script_exec_t,httpd_user_script_exec_t)
- manage_files_pattern($2,httpd_user_script_exec_t,httpd_user_script_exec_t)
- manage_lnk_files_pattern($2,httpd_user_script_exec_t,httpd_user_script_exec_t)
- relabel_dirs_pattern($2,httpd_user_script_exec_t,httpd_user_script_exec_t)
- relabel_files_pattern($2,httpd_user_script_exec_t,httpd_user_script_exec_t)
- relabel_lnk_files_pattern($2,httpd_user_script_exec_t,httpd_user_script_exec_t)
+ manage_dirs_pattern($2, httpd_user_script_ra_t, httpd_user_script_ra_t)
+ manage_files_pattern($2, httpd_user_script_ra_t, httpd_user_script_ra_t)
+ manage_lnk_files_pattern($2, httpd_user_script_ra_t, httpd_user_script_ra_t)
+ relabel_dirs_pattern($2, httpd_user_script_ra_t, httpd_user_script_ra_t)
+ relabel_files_pattern($2, httpd_user_script_ra_t, httpd_user_script_ra_t)
+ relabel_lnk_files_pattern($2, httpd_user_script_ra_t, httpd_user_script_ra_t)
+
+ manage_dirs_pattern($2, httpd_user_script_ro_t, httpd_user_script_ro_t)
+ manage_files_pattern($2, httpd_user_script_ro_t, httpd_user_script_ro_t)
+ manage_lnk_files_pattern($2, httpd_user_script_ro_t, httpd_user_script_ro_t)
+ relabel_dirs_pattern($2, httpd_user_script_ro_t, httpd_user_script_ro_t)
+ relabel_files_pattern($2, httpd_user_script_ro_t, httpd_user_script_ro_t)
+ relabel_lnk_files_pattern($2, httpd_user_script_ro_t, httpd_user_script_ro_t)
+
+ manage_dirs_pattern($2, httpd_user_script_rw_t, httpd_user_script_rw_t)
+ manage_files_pattern($2, httpd_user_script_rw_t, httpd_user_script_rw_t)
+ manage_lnk_files_pattern($2, httpd_user_script_rw_t, httpd_user_script_rw_t)
+ relabel_dirs_pattern($2, httpd_user_script_rw_t, httpd_user_script_rw_t)
+ relabel_files_pattern($2, httpd_user_script_rw_t, httpd_user_script_rw_t)
+ relabel_lnk_files_pattern($2, httpd_user_script_rw_t, httpd_user_script_rw_t)
+
+ manage_dirs_pattern($2, httpd_user_script_exec_t, httpd_user_script_exec_t)
+ manage_files_pattern($2, httpd_user_script_exec_t, httpd_user_script_exec_t)
+ manage_lnk_files_pattern($2, httpd_user_script_exec_t, httpd_user_script_exec_t)
+ relabel_dirs_pattern($2, httpd_user_script_exec_t, httpd_user_script_exec_t)
+ relabel_files_pattern($2, httpd_user_script_exec_t, httpd_user_script_exec_t)
+ relabel_lnk_files_pattern($2, httpd_user_script_exec_t, httpd_user_script_exec_t)
tunable_policy(`httpd_enable_cgi',`
# If a user starts a script by hand it gets the proper context
@@ -735,7 +735,7 @@ interface(`apache_exec_modules',`
allow $1 httpd_modules_t:dir list_dir_perms;
allow $1 httpd_modules_t:lnk_file read_lnk_file_perms;
- can_exec($1,httpd_modules_t)
+ can_exec($1, httpd_modules_t)
')
########################################
diff --git a/policy/modules/services/apache.te b/policy/modules/services/apache.te
index cf86f52..aa63901 100644
--- a/policy/modules/services/apache.te
+++ b/policy/modules/services/apache.te
@@ -430,7 +430,7 @@ tunable_policy(`httpd_enable_homedirs && use_samba_home_dirs',`
')
tunable_policy(`httpd_ssi_exec',`
- corecmd_shell_domtrans(httpd_t,httpd_sys_script_t)
+ corecmd_shell_domtrans(httpd_t, httpd_sys_script_t)
allow httpd_sys_script_t httpd_t:fd use;
allow httpd_sys_script_t httpd_t:fifo_file rw_file_perms;
allow httpd_sys_script_t httpd_t:process sigchld;
diff --git a/policy/modules/services/apcupsd.te b/policy/modules/services/apcupsd.te
index ee8cf51..b037ba9 100644
--- a/policy/modules/services/apcupsd.te
+++ b/policy/modules/services/apcupsd.te
@@ -37,7 +37,7 @@ allow apcupsd_t self:unix_stream_socket create_stream_socket_perms;
allow apcupsd_t self:tcp_socket create_stream_socket_perms;
allow apcupsd_t apcupsd_lock_t:file manage_file_perms;
-files_lock_filetrans(apcupsd_t,apcupsd_lock_t,file)
+files_lock_filetrans(apcupsd_t, apcupsd_lock_t, file)
allow apcupsd_t apcupsd_log_t:dir setattr;
manage_files_pattern(apcupsd_t, apcupsd_log_t, apcupsd_log_t)
@@ -47,7 +47,7 @@ manage_files_pattern(apcupsd_t, apcupsd_tmp_t, apcupsd_tmp_t)
files_tmp_filetrans(apcupsd_t, apcupsd_tmp_t, file)
manage_files_pattern(apcupsd_t, apcupsd_var_run_t, apcupsd_var_run_t)
-files_pid_filetrans(apcupsd_t,apcupsd_var_run_t, file)
+files_pid_filetrans(apcupsd_t, apcupsd_var_run_t, file)
kernel_read_system_state(apcupsd_t)
@@ -73,7 +73,7 @@ files_read_etc_files(apcupsd_t)
files_search_locks(apcupsd_t)
# Creates /etc/nologin
files_manage_etc_runtime_files(apcupsd_t)
-files_etc_filetrans_etc_runtime(apcupsd_t,file)
+files_etc_filetrans_etc_runtime(apcupsd_t, file)
# https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=240805
term_use_unallocated_ttys(apcupsd_t)
diff --git a/policy/modules/services/apm.te b/policy/modules/services/apm.te
index 5dd72f7..46cee51 100644
--- a/policy/modules/services/apm.te
+++ b/policy/modules/services/apm.te
@@ -67,7 +67,7 @@ allow apmd_t self:unix_dgram_socket create_socket_perms;
allow apmd_t self:unix_stream_socket create_stream_socket_perms;
allow apmd_t apmd_log_t:file manage_file_perms;
-logging_log_filetrans(apmd_t,apmd_log_t,file)
+logging_log_filetrans(apmd_t, apmd_log_t, file)
manage_dirs_pattern(apmd_t, apmd_tmp_t, apmd_tmp_t)
manage_files_pattern(apmd_t, apmd_tmp_t, apmd_tmp_t)
@@ -139,7 +139,7 @@ userdom_dontaudit_search_user_home_content(apmd_t) # Excessive?
ifdef(`distro_redhat',`
allow apmd_t apmd_lock_t:file manage_file_perms;
- files_lock_filetrans(apmd_t,apmd_lock_t,file)
+ files_lock_filetrans(apmd_t, apmd_lock_t, file)
can_exec(apmd_t, apmd_var_run_t)
diff --git a/policy/modules/services/avahi.te b/policy/modules/services/avahi.te
index d1c43f9..a03336e 100644
--- a/policy/modules/services/avahi.te
+++ b/policy/modules/services/avahi.te
@@ -40,7 +40,7 @@ files_var_lib_filetrans(avahi_t, avahi_var_lib_t, { dir file })
manage_files_pattern(avahi_t, avahi_var_run_t, avahi_var_run_t)
manage_sock_files_pattern(avahi_t, avahi_var_run_t, avahi_var_run_t)
allow avahi_t avahi_var_run_t:dir setattr;
-files_pid_filetrans(avahi_t,avahi_var_run_t,file)
+files_pid_filetrans(avahi_t, avahi_var_run_t, file)
kernel_read_kernel_sysctls(avahi_t)
kernel_list_proc(avahi_t)
diff --git a/policy/modules/services/bind.te b/policy/modules/services/bind.te
index 2c43859..f5f80a8 100644
--- a/policy/modules/services/bind.te
+++ b/policy/modules/services/bind.te
@@ -151,7 +151,7 @@ userdom_dontaudit_search_user_home_dirs(named_t)
tunable_policy(`named_write_master_zones',`
manage_dirs_pattern(named_t, named_zone_t, named_zone_t)
- manage_files_pattern(named_t, named_zone_t,named_zone_t)
+ manage_files_pattern(named_t, named_zone_t, named_zone_t)
manage_lnk_files_pattern(named_t, named_zone_t, named_zone_t)
')
diff --git a/policy/modules/services/bluetooth.te b/policy/modules/services/bluetooth.te
index c5d67be..9b131e1 100644
--- a/policy/modules/services/bluetooth.te
+++ b/policy/modules/services/bluetooth.te
@@ -77,7 +77,7 @@ filetrans_pattern(bluetooth_t, bluetooth_conf_t, bluetooth_conf_rw_t, { dir file
can_exec(bluetooth_t, bluetooth_helper_exec_t)
allow bluetooth_t bluetooth_lock_t:file manage_file_perms;
-files_lock_filetrans(bluetooth_t,bluetooth_lock_t,file)
+files_lock_filetrans(bluetooth_t, bluetooth_lock_t, file)
manage_dirs_pattern(bluetooth_t, bluetooth_tmp_t, bluetooth_tmp_t)
manage_files_pattern(bluetooth_t, bluetooth_tmp_t, bluetooth_tmp_t)
diff --git a/policy/modules/services/canna.if b/policy/modules/services/canna.if
index af2e6a0..4a26b0c 100644
--- a/policy/modules/services/canna.if
+++ b/policy/modules/services/canna.if
@@ -16,7 +16,7 @@ interface(`canna_stream_connect',`
')
files_search_pids($1)
- stream_connect_pattern($1, canna_var_run_t, canna_var_run_t,canna_t)
+ stream_connect_pattern($1, canna_var_run_t, canna_var_run_t, canna_t)
')
########################################
diff --git a/policy/modules/services/certmaster.fc b/policy/modules/services/certmaster.fc
index 914a184..f27a584 100644
--- a/policy/modules/services/certmaster.fc
+++ b/policy/modules/services/certmaster.fc
@@ -1,7 +1,7 @@
/etc/certmaster(/.*)? gen_context(system_u:object_r:certmaster_etc_rw_t,s0)
-/etc/rc\.d/init\.d/certmaster -- gen_context(system_u:object_r:certmaster_initrc_exec_t,s0)
+/etc/rc\.d/init\.d/certmaster -- gen_context(system_u:object_r:certmaster_initrc_exec_t,s0)
/usr/bin/certmaster -- gen_context(system_u:object_r:certmaster_exec_t,s0)
-/var/log/certmaster(/.*)? gen_context(system_u:object_r:certmaster_var_log_t,s0)
+/var/log/certmaster(/.*)? gen_context(system_u:object_r:certmaster_var_log_t,s0)
/var/run/certmaster.* gen_context(system_u:object_r:certmaster_var_run_t,s0)
diff --git a/policy/modules/services/certmaster.if b/policy/modules/services/certmaster.if
index b9dd5e3..27fe7ca 100644
--- a/policy/modules/services/certmaster.if
+++ b/policy/modules/services/certmaster.if
@@ -20,60 +20,60 @@ interface(`certmaster_domtrans',`
#######################################
##
-## read certmaster logs.
+## read certmaster logs.
##
##
-##
-## Domain allowed access.
-##
+##
+## Domain allowed access.
+##
##
#
interface(`certmaster_read_log',`
- gen_require(`
- type certmaster_var_log_t;
- ')
+ gen_require(`
+ type certmaster_var_log_t;
+ ')
- read_files_pattern($1, certmaster_var_log_t, certmaster_var_log_t)
+ read_files_pattern($1, certmaster_var_log_t, certmaster_var_log_t)
logging_search_logs($1)
')
#######################################
##
-## Append to certmaster logs.
+## Append to certmaster logs.
##
##
-##
-## Domain allowed access.
-##
+##
+## Domain allowed access.
+##
##
#
interface(`certmaster_append_log',`
- gen_require(`
- type certmaster_var_log_t;
- ')
+ gen_require(`
+ type certmaster_var_log_t;
+ ')
- append_files_pattern($1, certmaster_var_log_t, certmaster_var_log_t)
+ append_files_pattern($1, certmaster_var_log_t, certmaster_var_log_t)
logging_search_logs($1)
')
#######################################
##
-## Create, read, write, and delete
-## certmaster logs.
+## Create, read, write, and delete
+## certmaster logs.
##
##
-##
-## Domain allowed access.
-##
+##
+## Domain allowed access.
+##
##
#
interface(`certmaster_manage_log',`
- gen_require(`
- type certmaster_var_log_t;
- ')
+ gen_require(`
+ type certmaster_var_log_t;
+ ')
- manage_files_pattern($1, certmaster_var_log_t, certmaster_var_log_t)
- manage_lnk_files_pattern($1, certmaster_var_log_t, certmaster_var_log_t)
+ manage_files_pattern($1, certmaster_var_log_t, certmaster_var_log_t)
+ manage_lnk_files_pattern($1, certmaster_var_log_t, certmaster_var_log_t)
logging_search_logs($1)
')
diff --git a/policy/modules/services/clamav.te b/policy/modules/services/clamav.te
index 904098a..0ecdf66 100644
--- a/policy/modules/services/clamav.te
+++ b/policy/modules/services/clamav.te
@@ -120,7 +120,7 @@ cron_rw_pipes(clamd_t)
optional_policy(`
amavis_read_lib_files(clamd_t)
amavis_read_spool_files(clamd_t)
- amavis_spool_filetrans(clamd_t,clamd_var_run_t,sock_file)
+ amavis_spool_filetrans(clamd_t, clamd_var_run_t, sock_file)
amavis_create_pid_files(clamd_t)
')
diff --git a/policy/modules/services/courier.if b/policy/modules/services/courier.if
index 9354611..529c6d8 100644
--- a/policy/modules/services/courier.if
+++ b/policy/modules/services/courier.if
@@ -35,7 +35,7 @@ template(`courier_domain_template',`
can_exec(courier_$1_t, courier_$1_exec_t)
- read_files_pattern(courier_$1_t,courier_etc_t,courier_etc_t)
+ read_files_pattern(courier_$1_t, courier_etc_t, courier_etc_t)
allow courier_$1_t courier_etc_t:dir list_dir_perms;
manage_files_pattern(courier_$1_t, courier_var_run_t, courier_var_run_t)
diff --git a/policy/modules/services/cron.if b/policy/modules/services/cron.if
index e75526a..8933f6d 100644
--- a/policy/modules/services/cron.if
+++ b/policy/modules/services/cron.if
@@ -34,7 +34,7 @@ template(`cron_common_crontab_template',`
allow $1_t self:process signal_perms;
allow $1_t $1_tmp_t:file manage_file_perms;
- files_tmp_filetrans($1_t,$1_tmp_t,file)
+ files_tmp_filetrans($1_t,$1_tmp_t, file)
# create files in /var/spool/cron
# cjp: change this to a role transition
@@ -411,7 +411,7 @@ interface(`cron_anacron_domtrans_system_job',`
type system_cronjob_t, anacron_exec_t;
')
- domtrans_pattern($1,anacron_exec_t,system_cronjob_t)
+ domtrans_pattern($1, anacron_exec_t, system_cronjob_t)
')
########################################
diff --git a/policy/modules/services/cron.te b/policy/modules/services/cron.te
index 9b0d6cc..7daabfb 100644
--- a/policy/modules/services/cron.te
+++ b/policy/modules/services/cron.te
@@ -90,7 +90,7 @@ type system_cronjob_tmp_t alias system_crond_tmp_t;
files_tmp_file(system_cronjob_tmp_t)
ifdef(`enable_mcs',`
- init_ranged_daemon_domain(crond_t,crond_exec_t,s0 - mcs_systemhigh)
+ init_ranged_daemon_domain(crond_t, crond_exec_t, s0 - mcs_systemhigh)
')
type unconfined_cronjob_t;
@@ -147,7 +147,7 @@ allow crond_t self:msg { send receive };
allow crond_t self:key { search write link };
allow crond_t crond_var_run_t:file manage_file_perms;
-files_pid_filetrans(crond_t,crond_var_run_t,file)
+files_pid_filetrans(crond_t, crond_var_run_t, file)
allow crond_t cron_spool_t:dir rw_dir_perms;
allow crond_t cron_spool_t:file read_file_perms;
@@ -306,7 +306,7 @@ allow system_cronjob_t crond_t:process sigchld;
# Write /var/lock/makewhatis.lock.
allow system_cronjob_t system_cronjob_lock_t:file manage_file_perms;
-files_lock_filetrans(system_cronjob_t,system_cronjob_lock_t,file)
+files_lock_filetrans(system_cronjob_t, system_cronjob_lock_t, file)
# write temporary files
manage_files_pattern(system_cronjob_t, crond_tmp_t, system_cronjob_tmp_t)
diff --git a/policy/modules/services/cups.te b/policy/modules/services/cups.te
index 96a0f04..ced61ac 100644
--- a/policy/modules/services/cups.te
+++ b/policy/modules/services/cups.te
@@ -66,11 +66,11 @@ type ptal_var_run_t;
files_pid_file(ptal_var_run_t)
ifdef(`enable_mcs',`
- init_ranged_daemon_domain(cupsd_t,cupsd_exec_t,s0 - mcs_systemhigh)
+ init_ranged_daemon_domain(cupsd_t, cupsd_exec_t, s0 - mcs_systemhigh)
')
ifdef(`enable_mls',`
- init_ranged_daemon_domain(cupsd_t,cupsd_exec_t,mls_systemhigh)
+ init_ranged_daemon_domain(cupsd_t, cupsd_exec_t, mls_systemhigh)
')
########################################
diff --git a/policy/modules/services/ddclient.te b/policy/modules/services/ddclient.te
index 60430a4..f19030a 100644
--- a/policy/modules/services/ddclient.te
+++ b/policy/modules/services/ddclient.te
@@ -42,7 +42,7 @@ allow ddclient_t self:udp_socket create_socket_perms;
allow ddclient_t ddclient_etc_t:file read_file_perms;
allow ddclient_t ddclient_log_t:file manage_file_perms;
-logging_log_filetrans(ddclient_t,ddclient_log_t,file)
+logging_log_filetrans(ddclient_t, ddclient_log_t, file)
manage_dirs_pattern(ddclient_t, ddclient_var_t, ddclient_var_t)
manage_files_pattern(ddclient_t, ddclient_var_t, ddclient_var_t)
diff --git a/policy/modules/services/dnsmasq.te b/policy/modules/services/dnsmasq.te
index bb77a2f..3c3e624 100644
--- a/policy/modules/services/dnsmasq.te
+++ b/policy/modules/services/dnsmasq.te
@@ -36,7 +36,7 @@ allow dnsmasq_t self:rawip_socket create_socket_perms;
# dhcp leases
manage_files_pattern(dnsmasq_t, dnsmasq_lease_t, dnsmasq_lease_t)
-files_var_lib_filetrans(dnsmasq_t,dnsmasq_lease_t,file)
+files_var_lib_filetrans(dnsmasq_t, dnsmasq_lease_t, file)
manage_files_pattern(dnsmasq_t, dnsmasq_var_run_t, dnsmasq_var_run_t)
files_pid_filetrans(dnsmasq_t, dnsmasq_var_run_t, file)
diff --git a/policy/modules/services/exim.te b/policy/modules/services/exim.te
index d757887..b9525ce 100644
--- a/policy/modules/services/exim.te
+++ b/policy/modules/services/exim.te
@@ -53,14 +53,14 @@ files_pid_file(exim_var_run_t)
# exim local policy
#
-allow exim_t self:capability { chown dac_override dac_read_search fowner setuid setgid sys_resource };
+allow exim_t self:capability { chown dac_override dac_read_search fowner setuid setgid sys_resource };
allow exim_t self:process { setrlimit setpgid };
allow exim_t self:fifo_file rw_fifo_file_perms;
allow exim_t self:unix_stream_socket create_stream_socket_perms;
allow exim_t self:tcp_socket create_stream_socket_perms;
allow exim_t self:udp_socket create_socket_perms;
-can_exec(exim_t,exim_exec_t)
+can_exec(exim_t, exim_exec_t)
manage_files_pattern(exim_t, exim_log_t, exim_log_t)
logging_log_filetrans(exim_t, exim_log_t, { file dir })
@@ -132,8 +132,8 @@ mta_mailserver_delivery(exim_t)
tunable_policy(`exim_can_connect_db',`
corenet_tcp_connect_mysqld_port(exim_t)
corenet_sendrecv_mysqld_client_packets(exim_t)
- corenet_tcp_connect_postgresql_port(exim_t)
- corenet_sendrecv_postgresql_client_packets(exim_t)
+ corenet_tcp_connect_postgresql_port(exim_t)
+ corenet_sendrecv_postgresql_client_packets(exim_t)
')
tunable_policy(`exim_read_user_files',`
diff --git a/policy/modules/services/ftp.te b/policy/modules/services/ftp.te
index a8b00fd..e86e9c6 100644
--- a/policy/modules/services/ftp.te
+++ b/policy/modules/services/ftp.te
@@ -246,7 +246,7 @@ optional_policy(`
files_read_usr_files(ftpd_t)
- cron_system_entry(ftpd_t, ftpd_exec_t)
+ cron_system_entry(ftpd_t, ftpd_exec_t)
optional_policy(`
logrotate_exec(ftpd_t)
diff --git a/policy/modules/services/gpm.te b/policy/modules/services/gpm.te
index 70ec2ab..24884e8 100644
--- a/policy/modules/services/gpm.te
+++ b/policy/modules/services/gpm.te
@@ -39,7 +39,7 @@ manage_files_pattern(gpm_t, gpm_tmp_t, gpm_tmp_t)
files_tmp_filetrans(gpm_t, gpm_tmp_t, { file dir })
allow gpm_t gpm_var_run_t:file manage_file_perms;
-files_pid_filetrans(gpm_t,gpm_var_run_t,file)
+files_pid_filetrans(gpm_t, gpm_var_run_t, file)
allow gpm_t gpmctl_t:sock_file manage_sock_file_perms;
allow gpm_t gpmctl_t:fifo_file manage_fifo_file_perms;
diff --git a/policy/modules/services/gpsd.fc b/policy/modules/services/gpsd.fc
index 200f834..e7bbeb1 100644
--- a/policy/modules/services/gpsd.fc
+++ b/policy/modules/services/gpsd.fc
@@ -1 +1 @@
-/usr/sbin/gpsd -- gen_context(system_u:object_r:gpsd_exec_t,s0)
+/usr/sbin/gpsd -- gen_context(system_u:object_r:gpsd_exec_t,s0)
diff --git a/policy/modules/services/gpsd.if b/policy/modules/services/gpsd.if
index 96018c7..7597332 100644
--- a/policy/modules/services/gpsd.if
+++ b/policy/modules/services/gpsd.if
@@ -2,71 +2,71 @@
########################################
##
-## Execute a domain transition to run gpsd.
+## Execute a domain transition to run gpsd.
##
##
##
-## Domain allowed to transition.
+## Domain allowed to transition.
##
##
#
interface(`gpsd_domtrans',`
- gen_require(`
- type gpsd_t, gpsd_exec_t;
- ')
+ gen_require(`
+ type gpsd_t, gpsd_exec_t;
+ ')
- domtrans_pattern($1, gpsd_exec_t, gpsd_t)
+ domtrans_pattern($1, gpsd_exec_t, gpsd_t)
')
########################################
##
-## Execute gpsd in the gpsd domain, and
-## allow the specified role the gpsd domain.
+## Execute gpsd in the gpsd domain, and
+## allow the specified role the gpsd domain.
##
##
-##
-## Domain allowed access
-##
+##
+## Domain allowed access
+##
##
##
-##
-## The role to be allowed the gpsd domain.
-##
+##
+## The role to be allowed the gpsd domain.
+##
##
##
-##
-## The type of the role's terminal.
-##
+##
+## The type of the role's terminal.
+##
##
#
interface(`gpsd_run',`
- gen_require(`
- type gpsd_t;
- ')
+ gen_require(`
+ type gpsd_t;
+ ')
- gpsd_domtrans($1)
- role $2 types gpsd_t;
- allow gpsd_t $3:chr_file rw_term_perms;
+ gpsd_domtrans($1)
+ role $2 types gpsd_t;
+ allow gpsd_t $3:chr_file rw_term_perms;
')
########################################
##
-## Read and write gpsd shared memory.
+## Read and write gpsd shared memory.
##
##
-##
-## Domain allowed access.
-##
+##
+## Domain allowed access.
+##
##
#
interface(`gpsd_rw_shm',`
- gen_require(`
- type gpsd_t, gpsd_tmpfs_t;
- ')
+ gen_require(`
+ type gpsd_t, gpsd_tmpfs_t;
+ ')
- allow $1 gpsd_t:shm rw_shm_perms;
- allow $1 gpsd_tmpfs_t:dir list_dir_perms;
- rw_files_pattern($1, gpsd_tmpfs_t, gpsd_tmpfs_t)
- read_lnk_files_pattern($1, gpsd_tmpfs_t, gpsd_tmpfs_t)
- fs_search_tmpfs($1)
+ allow $1 gpsd_t:shm rw_shm_perms;
+ allow $1 gpsd_tmpfs_t:dir list_dir_perms;
+ rw_files_pattern($1, gpsd_tmpfs_t, gpsd_tmpfs_t)
+ read_lnk_files_pattern($1, gpsd_tmpfs_t, gpsd_tmpfs_t)
+ fs_search_tmpfs($1)
')
diff --git a/policy/modules/services/gpsd.te b/policy/modules/services/gpsd.te
index 2095e49..9cdc1f1 100644
--- a/policy/modules/services/gpsd.te
+++ b/policy/modules/services/gpsd.te
@@ -47,7 +47,7 @@ logging_send_syslog_msg(gpsd_t)
miscfiles_read_localization(gpsd_t)
optional_policy(`
- dbus_system_bus_client(gpsd_t)
+ dbus_system_bus_client(gpsd_t)
')
optional_policy(`
diff --git a/policy/modules/services/ifplugd.fc b/policy/modules/services/ifplugd.fc
index 8172803..2eda96f 100644
--- a/policy/modules/services/ifplugd.fc
+++ b/policy/modules/services/ifplugd.fc
@@ -1,6 +1,6 @@
-/etc/ifplugd(/.*)? gen_context(system_u:object_r:ifplugd_etc_t,s0)
+/etc/ifplugd(/.*)? gen_context(system_u:object_r:ifplugd_etc_t,s0)
-/etc/rc\.d/init\.d/ifplugd -- gen_context(system_u:object_r:ifplugd_initrc_exec_t,s0)
+/etc/rc\.d/init\.d/ifplugd -- gen_context(system_u:object_r:ifplugd_initrc_exec_t,s0)
/usr/sbin/ifplugd -- gen_context(system_u:object_r:ifplugd_exec_t,s0)
diff --git a/policy/modules/services/ifplugd.te b/policy/modules/services/ifplugd.te
index b663169..2941443 100644
--- a/policy/modules/services/ifplugd.te
+++ b/policy/modules/services/ifplugd.te
@@ -73,5 +73,5 @@ sysnet_read_dhcpc_pid(ifplugd_t)
sysnet_signal_dhcpc(ifplugd_t)
optional_policy(`
- consoletype_exec(ifplugd_t)
+ consoletype_exec(ifplugd_t)
')
diff --git a/policy/modules/services/inetd.te b/policy/modules/services/inetd.te
index 60a34f1..b0d82ba 100644
--- a/policy/modules/services/inetd.te
+++ b/policy/modules/services/inetd.te
@@ -31,7 +31,7 @@ type inetd_child_var_run_t;
files_pid_file(inetd_child_var_run_t)
ifdef(`enable_mcs',`
- init_ranged_daemon_domain(inetd_t, inetd_exec_t,s0 - mcs_systemhigh)
+ init_ranged_daemon_domain(inetd_t, inetd_exec_t, s0 - mcs_systemhigh)
')
########################################
diff --git a/policy/modules/services/kerberos.if b/policy/modules/services/kerberos.if
index 1433ed7..82b9929 100644
--- a/policy/modules/services/kerberos.if
+++ b/policy/modules/services/kerberos.if
@@ -281,7 +281,7 @@ interface(`kerberos_connect_524',`
tunable_policy(`allow_kerberos',`
allow $1 self:udp_socket create_socket_perms;
- corenet_all_recvfrom_unlabeled($1)
+ corenet_all_recvfrom_unlabeled($1)
corenet_udp_sendrecv_generic_if($1)
corenet_udp_sendrecv_generic_node($1)
corenet_udp_sendrecv_kerberos_master_port($1)
diff --git a/policy/modules/services/kerberos.te b/policy/modules/services/kerberos.te
index a66fb18..da70318 100644
--- a/policy/modules/services/kerberos.te
+++ b/policy/modules/services/kerberos.te
@@ -84,7 +84,7 @@ allow kadmind_t self:tcp_socket connected_stream_socket_perms;
allow kadmind_t self:udp_socket create_socket_perms;
allow kadmind_t kadmind_log_t:file manage_file_perms;
-logging_log_filetrans(kadmind_t,kadmind_log_t,file)
+logging_log_filetrans(kadmind_t, kadmind_log_t, file)
allow kadmind_t krb5_conf_t:file read_file_perms;
dontaudit kadmind_t krb5_conf_t:file write;
diff --git a/policy/modules/services/ldap.te b/policy/modules/services/ldap.te
index 4830af9..91c6746 100644
--- a/policy/modules/services/ldap.te
+++ b/policy/modules/services/ldap.te
@@ -61,7 +61,7 @@ manage_lnk_files_pattern(slapd_t, slapd_db_t, slapd_db_t)
allow slapd_t slapd_etc_t:file read_file_perms;
allow slapd_t slapd_lock_t:file manage_file_perms;
-files_lock_filetrans(slapd_t,slapd_lock_t,file)
+files_lock_filetrans(slapd_t, slapd_lock_t, file)
# Allow access to write the replication log (should tighten this)
manage_dirs_pattern(slapd_t, slapd_replog_t, slapd_replog_t)
diff --git a/policy/modules/services/lircd.if b/policy/modules/services/lircd.if
index a24b7cd..2cd228a 100644
--- a/policy/modules/services/lircd.if
+++ b/policy/modules/services/lircd.if
@@ -21,39 +21,39 @@ interface(`lircd_domtrans',`
######################################
##
-## Connect to lircd over a unix domain
-## stream socket.
+## Connect to lircd over a unix domain
+## stream socket.
##
##
-##
-## Domain allowed access.
-##
+##
+## Domain allowed access.
+##
##
#
interface(`lircd_stream_connect',`
- gen_require(`
- type lircd_sock_t, lircd_t;
- ')
+ gen_require(`
+ type lircd_sock_t, lircd_t;
+ ')
- allow $1 lircd_t:unix_stream_socket connectto;
- allow $1 lircd_sock_t:sock_file write_sock_file_perms;
- files_search_pids($1)
+ allow $1 lircd_t:unix_stream_socket connectto;
+ allow $1 lircd_sock_t:sock_file write_sock_file_perms;
+ files_search_pids($1)
')
#######################################
##
-## Read lircd etc file
+## Read lircd etc file
##
##
##
-## The type of the process performing this action.
+## The type of the process performing this action.
##
##
#
interface(`lircd_read_config',`
gen_require(`
type lircd_etc_t;
- ')
+ ')
read_files_pattern($1, lircd_etc_t, lircd_etc_t)
')
diff --git a/policy/modules/services/lpd.te b/policy/modules/services/lpd.te
index 9c6b9ce..39915eb 100644
--- a/policy/modules/services/lpd.te
+++ b/policy/modules/services/lpd.te
@@ -148,7 +148,7 @@ files_tmp_filetrans(lpd_t, lpd_tmp_t, { file dir })
manage_files_pattern(lpd_t, lpd_var_run_t, lpd_var_run_t)
manage_sock_files_pattern(lpd_t, lpd_var_run_t, lpd_var_run_t)
-files_pid_filetrans(lpd_t, lpd_var_run_t,file)
+files_pid_filetrans(lpd_t, lpd_var_run_t, file)
# Write to /var/spool/lpd.
manage_files_pattern(lpd_t, print_spool_t, print_spool_t)
@@ -304,14 +304,14 @@ tunable_policy(`use_lpd_server',`
manage_files_pattern(lpr_t, lpr_tmp_t, lpr_tmp_t)
files_tmp_filetrans(lpr_t, lpr_tmp_t, { file dir })
- manage_files_pattern(lpr_t,print_spool_t,print_spool_t)
- filetrans_pattern(lpr_t,print_spool_t,print_spool_t,file)
+ manage_files_pattern(lpr_t, print_spool_t, print_spool_t)
+ filetrans_pattern(lpr_t, print_spool_t, print_spool_t, file)
# Read and write shared files in the spool directory.
allow lpr_t print_spool_t:file rw_file_perms;
allow lpr_t printconf_t:dir list_dir_perms;
- read_files_pattern(lpr_t,printconf_t,printconf_t)
- read_lnk_files_pattern(lpr_t,printconf_t,printconf_t)
+ read_files_pattern(lpr_t, printconf_t, printconf_t)
+ read_lnk_files_pattern(lpr_t, printconf_t, printconf_t)
')
tunable_policy(`use_nfs_home_dirs',`
diff --git a/policy/modules/services/memcached.if b/policy/modules/services/memcached.if
index 5b28237..db4fd6f 100644
--- a/policy/modules/services/memcached.if
+++ b/policy/modules/services/memcached.if
@@ -16,7 +16,7 @@ interface(`memcached_domtrans',`
type memcached_exec_t;
')
- domtrans_pattern($1,memcached_exec_t,memcached_t)
+ domtrans_pattern($1, memcached_exec_t, memcached_t)
')
########################################
diff --git a/policy/modules/services/memcached.te b/policy/modules/services/memcached.te
index 0311b91..2222b76 100644
--- a/policy/modules/services/memcached.te
+++ b/policy/modules/services/memcached.te
@@ -40,7 +40,7 @@ corenet_udp_bind_memcache_port(memcached_t)
manage_dirs_pattern(memcached_t, memcached_var_run_t, memcached_var_run_t)
manage_files_pattern(memcached_t, memcached_var_run_t, memcached_var_run_t)
-files_pid_filetrans(memcached_t,memcached_var_run_t, { file dir })
+files_pid_filetrans(memcached_t, memcached_var_run_t, { file dir })
files_read_etc_files(memcached_t)
diff --git a/policy/modules/services/mta.if b/policy/modules/services/mta.if
index a437f02..6641292 100644
--- a/policy/modules/services/mta.if
+++ b/policy/modules/services/mta.if
@@ -257,7 +257,7 @@ interface(`mta_sendmail_mailserver',`
type sendmail_exec_t;
')
- init_system_domain($1,sendmail_exec_t)
+ init_system_domain($1, sendmail_exec_t)
typeattribute $1 mailserver_domain;
')
diff --git a/policy/modules/services/munin.te b/policy/modules/services/munin.te
index f0aab75..80afc14 100644
--- a/policy/modules/services/munin.te
+++ b/policy/modules/services/munin.te
@@ -101,7 +101,7 @@ optional_policy(`
')
optional_policy(`
- cron_system_entry(munin_t,munin_exec_t)
+ cron_system_entry(munin_t, munin_exec_t)
')
optional_policy(`
diff --git a/policy/modules/services/mysql.fc b/policy/modules/services/mysql.fc
index 4b567df..03db93a 100644
--- a/policy/modules/services/mysql.fc
+++ b/policy/modules/services/mysql.fc
@@ -10,7 +10,7 @@
#
# /usr
#
-/usr/bin/mysqld_safe -- gen_context(system_u:object_r:mysqld_safe_exec_t,s0)
+/usr/bin/mysqld_safe -- gen_context(system_u:object_r:mysqld_safe_exec_t,s0)
/usr/libexec/mysqld -- gen_context(system_u:object_r:mysqld_exec_t,s0)
diff --git a/policy/modules/services/mysql.if b/policy/modules/services/mysql.if
index 51556e9..3f6833d 100644
--- a/policy/modules/services/mysql.if
+++ b/policy/modules/services/mysql.if
@@ -142,18 +142,18 @@ interface(`mysql_manage_db_dirs',`
#######################################
##
-## Append to the MySQL database directory.
+## Append to the MySQL database directory.
##
##
-##
-## Domain allowed access.
-##
+##
+## Domain allowed access.
+##
##
#
interface(`mysql_append_db_files',`
- gen_require(`
- type mysqld_db_t;
- ')
+ gen_require(`
+ type mysqld_db_t;
+ ')
files_search_var_lib($1)
append_files_pattern($1, mysqld_db_t, mysqld_db_t)
@@ -161,40 +161,40 @@ interface(`mysql_append_db_files',`
#######################################
##
-## Read and write to the MySQL database directory.
+## Read and write to the MySQL database directory.
##
##
-##
-## Domain allowed access.
-##
+##
+## Domain allowed access.
+##
##
#
interface(`mysql_rw_db_files',`
- gen_require(`
- type mysqld_db_t;
- ')
+ gen_require(`
+ type mysqld_db_t;
+ ')
- files_search_var_lib($1)
+ files_search_var_lib($1)
rw_files_pattern($1, mysqld_db_t, mysqld_db_t)
')
#######################################
##
-## Create, read, write, and delete MySQL database files.
+## Create, read, write, and delete MySQL database files.
##
##
-##
-## Domain allowed access.
-##
+##
+## Domain allowed access.
+##
##
#
interface(`mysql_manage_db_files',`
- gen_require(`
- type mysqld_db_t;
- ')
+ gen_require(`
+ type mysqld_db_t;
+ ')
- files_search_var_lib($1)
- manage_files_pattern($1, mysqld_db_t, mysqld_db_t)
+ files_search_var_lib($1)
+ manage_files_pattern($1, mysqld_db_t, mysqld_db_t)
')
########################################
@@ -239,21 +239,21 @@ interface(`mysql_write_log',`
#####################################
##
-## Search MySQL PID files.
+## Search MySQL PID files.
##
##
-##
-## Domain allowed access.
-##
+##
+## Domain allowed access.
+##
##
##
#
interface(`mysql_search_pid_files',`
- gen_require(`
- type mysqld_var_run_t;
- ')
+ gen_require(`
+ type mysqld_var_run_t;
+ ')
- search_dirs_pattern($1, mysqld_var_run_t, mysqld_var_run_t)
+ search_dirs_pattern($1, mysqld_var_run_t, mysqld_var_run_t)
')
########################################
diff --git a/policy/modules/services/mysql.te b/policy/modules/services/mysql.te
index faf5bb2..0dee8b9 100644
--- a/policy/modules/services/mysql.te
+++ b/policy/modules/services/mysql.te
@@ -152,7 +152,7 @@ hostname_exec(mysqld_safe_t)
miscfiles_read_localization(mysqld_safe_t)
-mysql_append_db_files(mysqld_safe_t)
+mysql_append_db_files(mysqld_safe_t)
mysql_read_config(mysqld_safe_t)
mysql_search_pid_files(mysqld_safe_t)
mysql_write_log(mysqld_safe_t)
diff --git a/policy/modules/services/networkmanager.te b/policy/modules/services/networkmanager.te
index d8c5912..704c68a 100644
--- a/policy/modules/services/networkmanager.te
+++ b/policy/modules/services/networkmanager.te
@@ -57,7 +57,7 @@ files_search_tmp(NetworkManager_t)
manage_dirs_pattern(NetworkManager_t, NetworkManager_var_run_t, NetworkManager_var_run_t)
manage_files_pattern(NetworkManager_t, NetworkManager_var_run_t, NetworkManager_var_run_t)
manage_sock_files_pattern(NetworkManager_t, NetworkManager_var_run_t, NetworkManager_var_run_t)
-files_pid_filetrans(NetworkManager_t,NetworkManager_var_run_t, { dir file sock_file })
+files_pid_filetrans(NetworkManager_t, NetworkManager_var_run_t, { dir file sock_file })
kernel_read_system_state(NetworkManager_t)
kernel_read_network_state(NetworkManager_t)
diff --git a/policy/modules/services/nis.te b/policy/modules/services/nis.te
index fbc6609..706b7a1 100644
--- a/policy/modules/services/nis.te
+++ b/policy/modules/services/nis.te
@@ -225,7 +225,7 @@ allow ypserv_t self:netlink_route_socket r_netlink_socket_perms;
allow ypserv_t self:tcp_socket connected_stream_socket_perms;
allow ypserv_t self:udp_socket create_socket_perms;
-manage_files_pattern(ypserv_t,var_yp_t,var_yp_t)
+manage_files_pattern(ypserv_t, var_yp_t, var_yp_t)
allow ypserv_t ypserv_conf_t:file read_file_perms;
diff --git a/policy/modules/services/nsd.fc b/policy/modules/services/nsd.fc
index 3d261d1..53cc800 100644
--- a/policy/modules/services/nsd.fc
+++ b/policy/modules/services/nsd.fc
@@ -1,10 +1,10 @@
-/etc/nsd(/.*)? gen_context(system_u:object_r:nsd_conf_t,s0)
+/etc/nsd(/.*)? gen_context(system_u:object_r:nsd_conf_t,s0)
/etc/nsd/nsd\.db -- gen_context(system_u:object_r:nsd_db_t,s0)
/etc/nsd/primary(/.*)? gen_context(system_u:object_r:nsd_zone_t,s0)
/etc/nsd/secondary(/.*)? gen_context(system_u:object_r:nsd_zone_t,s0)
-/usr/sbin/nsd -- gen_context(system_u:object_r:nsd_exec_t,s0)
+/usr/sbin/nsd -- gen_context(system_u:object_r:nsd_exec_t,s0)
/usr/sbin/nsdc -- gen_context(system_u:object_r:nsd_exec_t,s0)
/usr/sbin/nsd-notify -- gen_context(system_u:object_r:nsd_exec_t,s0)
/usr/sbin/zonec -- gen_context(system_u:object_r:nsd_exec_t,s0)
diff --git a/policy/modules/services/ntp.if b/policy/modules/services/ntp.if
index 3a546a8..bb0089e 100644
--- a/policy/modules/services/ntp.if
+++ b/policy/modules/services/ntp.if
@@ -56,24 +56,24 @@ interface(`ntp_domtrans_ntpdate',`
########################################
##
-## Read and write ntpd shared memory.
+## Read and write ntpd shared memory.
##
##
-##
-## The type of the process performing this action.
-##
+##
+## The type of the process performing this action.
+##
##
#
interface(`ntpd_rw_shm',`
- gen_require(`
- type ntpd_t, ntpd_tmpfs_t;
- ')
+ gen_require(`
+ type ntpd_t, ntpd_tmpfs_t;
+ ')
- allow $1 ntpd_t:shm rw_shm_perms;
- list_dirs_pattern($1, ntpd_tmpfs_t, ntpd_tmpfs_t)
- rw_files_pattern($1, ntpd_tmpfs_t, ntpd_tmpfs_t)
- read_lnk_files_pattern($1, ntpd_tmpfs_t, ntpd_tmpfs_t)
- fs_search_tmpfs($1)
+ allow $1 ntpd_t:shm rw_shm_perms;
+ list_dirs_pattern($1, ntpd_tmpfs_t, ntpd_tmpfs_t)
+ rw_files_pattern($1, ntpd_tmpfs_t, ntpd_tmpfs_t)
+ read_lnk_files_pattern($1, ntpd_tmpfs_t, ntpd_tmpfs_t)
+ fs_search_tmpfs($1)
')
########################################
diff --git a/policy/modules/services/ntp.te b/policy/modules/services/ntp.te
index 5606670..f293779 100644
--- a/policy/modules/services/ntp.te
+++ b/policy/modules/services/ntp.te
@@ -52,13 +52,13 @@ allow ntpd_t self:udp_socket create_socket_perms;
manage_files_pattern(ntpd_t, ntp_drift_t, ntp_drift_t)
-can_exec(ntpd_t,ntpd_exec_t)
+can_exec(ntpd_t, ntpd_exec_t)
read_files_pattern(ntpd_t, ntpd_key_t, ntpd_key_t)
allow ntpd_t ntpd_log_t:dir setattr;
-manage_files_pattern(ntpd_t,ntpd_log_t,ntpd_log_t)
-logging_log_filetrans(ntpd_t,ntpd_log_t,{ file dir })
+manage_files_pattern(ntpd_t, ntpd_log_t, ntpd_log_t)
+logging_log_filetrans(ntpd_t, ntpd_log_t, { file dir })
# for some reason it creates a file in /tmp
manage_dirs_pattern(ntpd_t, ntpd_tmp_t, ntpd_tmp_t)
diff --git a/policy/modules/services/nx.te b/policy/modules/services/nx.te
index 15f175d..449ed41 100644
--- a/policy/modules/services/nx.te
+++ b/policy/modules/services/nx.te
@@ -35,7 +35,7 @@ allow nx_server_t self:tcp_socket create_socket_perms;
allow nx_server_t self:udp_socket create_socket_perms;
allow nx_server_t nx_server_devpts_t:chr_file { rw_chr_file_perms setattr };
-term_create_pty(nx_server_t,nx_server_devpts_t)
+term_create_pty(nx_server_t, nx_server_devpts_t)
manage_dirs_pattern(nx_server_t, nx_server_tmp_t, nx_server_tmp_t)
manage_files_pattern(nx_server_t, nx_server_tmp_t, nx_server_tmp_t)
diff --git a/policy/modules/services/openca.if b/policy/modules/services/openca.if
index 52c5acb..43bb38b 100644
--- a/policy/modules/services/openca.if
+++ b/policy/modules/services/openca.if
@@ -16,7 +16,7 @@ interface(`openca_domtrans',`
type openca_ca_t, openca_ca_exec_t, openca_usr_share_t;
')
- domtrans_pattern($1,openca_ca_exec_t,openca_ca_t)
+ domtrans_pattern($1, openca_ca_exec_t, openca_ca_t)
allow $1 openca_usr_share_t:dir search_dir_perms;
files_search_usr($1)
')
diff --git a/policy/modules/services/pegasus.fc b/policy/modules/services/pegasus.fc
index cd4c544..9515043 100644
--- a/policy/modules/services/pegasus.fc
+++ b/policy/modules/services/pegasus.fc
@@ -5,8 +5,8 @@
/usr/sbin/cimserver -- gen_context(system_u:object_r:pegasus_exec_t,s0)
/usr/sbin/init_repository -- gen_context(system_u:object_r:pegasus_exec_t,s0)
-/var/lib/Pegasus(/.*)? gen_context(system_u:object_r:pegasus_data_t,s0)
+/var/lib/Pegasus(/.*)? gen_context(system_u:object_r:pegasus_data_t,s0)
-/var/run/tog-pegasus(/.*)? gen_context(system_u:object_r:pegasus_var_run_t,s0)
+/var/run/tog-pegasus(/.*)? gen_context(system_u:object_r:pegasus_var_run_t,s0)
-/usr/share/Pegasus/mof(/.*)?/.*\.mof gen_context(system_u:object_r:pegasus_mof_t,s0)
+/usr/share/Pegasus/mof(/.*)?/.*\.mof gen_context(system_u:object_r:pegasus_mof_t,s0)
diff --git a/policy/modules/services/pingd.if b/policy/modules/services/pingd.if
index c79589d..8688aae 100644
--- a/policy/modules/services/pingd.if
+++ b/policy/modules/services/pingd.if
@@ -20,78 +20,78 @@ interface(`pingd_domtrans',`
#######################################
##
-## Read pingd etc configuration files.
+## Read pingd etc configuration files.
##
##
-##
-## Domain allowed access.
-##
+##
+## Domain allowed access.
+##
##
#
interface(`pingd_read_config',`
- gen_require(`
- type pingd_etc_t;
- ')
+ gen_require(`
+ type pingd_etc_t;
+ ')
- files_search_etc($1)
- read_files_pattern($1, pingd_etc_t, pingd_etc_t)
+ files_search_etc($1)
+ read_files_pattern($1, pingd_etc_t, pingd_etc_t)
')
#######################################
##
-## Manage pingd etc configuration files.
+## Manage pingd etc configuration files.
##
##
-##
-## Domain allowed access.
-##
+##
+## Domain allowed access.
+##
##
#
interface(`pingd_manage_config',`
- gen_require(`
- type pingd_etc_t;
- ')
+ gen_require(`
+ type pingd_etc_t;
+ ')
- files_search_etc($1)
- manage_dirs_pattern($1, pingd_etc_t, pingd_etc_t)
- manage_files_pattern($1, pingd_etc_t, pingd_etc_t)
+ files_search_etc($1)
+ manage_dirs_pattern($1, pingd_etc_t, pingd_etc_t)
+ manage_files_pattern($1, pingd_etc_t, pingd_etc_t)
')
#######################################
##
-## All of the rules required to administrate
-## an pingd environment
+## All of the rules required to administrate
+## an pingd environment
##
##
-##
-## Domain allowed access.
-##
+##
+## Domain allowed access.
+##
##
##
-##
-## The role to be allowed to manage the pingd domain.
-##
+##
+## The role to be allowed to manage the pingd domain.
+##
##
##
#
interface(`pingd_admin',`
- gen_require(`
- type pingd_t, pingd_etc_t;
- type pingd_initrc_exec_t, pingd_modules_t;
- ')
+ gen_require(`
+ type pingd_t, pingd_etc_t;
+ type pingd_initrc_exec_t, pingd_modules_t;
+ ')
- allow $1 pingd_t:process { ptrace signal_perms };
- ps_process_pattern($1, pingd_t)
+ allow $1 pingd_t:process { ptrace signal_perms };
+ ps_process_pattern($1, pingd_t)
- init_labeled_script_domtrans($1, pingd_initrc_exec_t)
- domain_system_change_exemption($1)
- role_transition $2 pingd_initrc_exec_t system_r;
- allow $2 system_r;
+ init_labeled_script_domtrans($1, pingd_initrc_exec_t)
+ domain_system_change_exemption($1)
+ role_transition $2 pingd_initrc_exec_t system_r;
+ allow $2 system_r;
- files_list_etc($1)
- admin_pattern($1, pingd_etc_t)
+ files_list_etc($1)
+ admin_pattern($1, pingd_etc_t)
files_list_usr($1)
- admin_pattern($1, pingd_modules_t)
+ admin_pattern($1, pingd_modules_t)
')
diff --git a/policy/modules/services/postfix.if b/policy/modules/services/postfix.if
index 30a826c..988c9a7 100644
--- a/policy/modules/services/postfix.if
+++ b/policy/modules/services/postfix.if
@@ -365,7 +365,7 @@ interface(`postfix_exec_master',`
type postfix_master_exec_t;
')
- can_exec($1,postfix_master_exec_t)
+ can_exec($1, postfix_master_exec_t)
')
########################################
diff --git a/policy/modules/services/postfix.te b/policy/modules/services/postfix.te
index 9527d12..12aed73 100644
--- a/policy/modules/services/postfix.te
+++ b/policy/modules/services/postfix.te
@@ -106,7 +106,7 @@ allow postfix_master_t self:udp_socket create_socket_perms;
allow postfix_master_t postfix_etc_t:file rw_file_perms;
-can_exec(postfix_master_t,postfix_exec_t)
+can_exec(postfix_master_t, postfix_exec_t)
allow postfix_master_t postfix_data_t:dir manage_dir_perms;
allow postfix_master_t postfix_data_t:file manage_file_perms;
@@ -363,7 +363,7 @@ optional_policy(`
allow postfix_pickup_t self:tcp_socket create_socket_perms;
-stream_connect_pattern(postfix_pickup_t,postfix_private_t,postfix_private_t,postfix_master_t)
+stream_connect_pattern(postfix_pickup_t, postfix_private_t, postfix_private_t, postfix_master_t)
rw_fifo_files_pattern(postfix_pickup_t, postfix_public_t, postfix_public_t)
rw_sock_files_pattern(postfix_pickup_t, postfix_public_t, postfix_public_t)
@@ -445,7 +445,7 @@ allow postfix_postqueue_t self:tcp_socket create;
allow postfix_postqueue_t self:udp_socket { create ioctl };
# wants to write to /var/spool/postfix/public/showq
-stream_connect_pattern(postfix_postqueue_t, postfix_public_t, postfix_public_t,postfix_master_t)
+stream_connect_pattern(postfix_postqueue_t, postfix_public_t, postfix_public_t, postfix_master_t)
# write to /var/spool/postfix/public/qmgr
write_fifo_files_pattern(postfix_postqueue_t, postfix_public_t, postfix_public_t)
diff --git a/policy/modules/services/postgresql.if b/policy/modules/services/postgresql.if
index beb53fb..f74c731 100644
--- a/policy/modules/services/postgresql.if
+++ b/policy/modules/services/postgresql.if
@@ -53,7 +53,7 @@ interface(`postgresql_role',`
allow $2 user_sepgsql_proc_exec_t:db_procedure { create drop setattr };
')
- allow $2 user_sepgsql_table_t:db_table { getattr use select update insert delete lock };
+ allow $2 user_sepgsql_table_t:db_table { getattr use select update insert delete lock };
allow $2 user_sepgsql_table_t:db_column { getattr use select update insert };
allow $2 user_sepgsql_table_t:db_tuple { use select update insert delete };
type_transition $2 sepgsql_database_type:db_table user_sepgsql_table_t;
diff --git a/policy/modules/services/postgresql.te b/policy/modules/services/postgresql.te
index bcd14cf..2603506 100644
--- a/policy/modules/services/postgresql.te
+++ b/policy/modules/services/postgresql.te
@@ -178,7 +178,7 @@ allow postgresql_t postgresql_exec_t:lnk_file { getattr read };
can_exec(postgresql_t, postgresql_exec_t )
allow postgresql_t postgresql_lock_t:file manage_file_perms;
-files_lock_filetrans(postgresql_t,postgresql_lock_t,file)
+files_lock_filetrans(postgresql_t, postgresql_lock_t, file)
manage_files_pattern(postgresql_t, postgresql_log_t, postgresql_log_t)
logging_log_filetrans(postgresql_t, postgresql_log_t, { file dir })
@@ -268,7 +268,7 @@ optional_policy(`
optional_policy(`
cron_search_spool(postgresql_t)
- cron_system_entry(postgresql_t,postgresql_exec_t)
+ cron_system_entry(postgresql_t, postgresql_exec_t)
')
optional_policy(`
diff --git a/policy/modules/services/procmail.te b/policy/modules/services/procmail.te
index 188bad5..81d4120 100644
--- a/policy/modules/services/procmail.te
+++ b/policy/modules/services/procmail.te
@@ -30,7 +30,7 @@ allow procmail_t self:unix_dgram_socket create_socket_perms;
allow procmail_t self:tcp_socket create_stream_socket_perms;
allow procmail_t self:udp_socket create_socket_perms;
-can_exec(procmail_t,procmail_exec_t)
+can_exec(procmail_t, procmail_exec_t)
# Write log to /var/log/procmail.log or /var/log/procmail/.*
allow procmail_t procmail_log_t:dir setattr;
diff --git a/policy/modules/services/psad.if b/policy/modules/services/psad.if
index 97ab7e3..bc329d1 100644
--- a/policy/modules/services/psad.if
+++ b/policy/modules/services/psad.if
@@ -84,13 +84,13 @@ interface(`psad_read_config',`
##
#
interface(`psad_manage_config',`
- gen_require(`
- type psad_etc_t;
- ')
+ gen_require(`
+ type psad_etc_t;
+ ')
files_search_etc($1)
manage_dirs_pattern($1, psad_etc_t, psad_etc_t)
- manage_files_pattern($1, psad_etc_t, psad_etc_t)
+ manage_files_pattern($1, psad_etc_t, psad_etc_t)
')
diff --git a/policy/modules/services/psad.te b/policy/modules/services/psad.te
index a59cef5..992419e 100644
--- a/policy/modules/services/psad.te
+++ b/policy/modules/services/psad.te
@@ -102,6 +102,6 @@ miscfiles_read_localization(psad_t)
sysnet_exec_ifconfig(psad_t)
optional_policy(`
- mta_send_mail(psad_t)
+ mta_send_mail(psad_t)
mta_read_queue(psad_t)
')
diff --git a/policy/modules/services/pyzor.te b/policy/modules/services/pyzor.te
index 1293325..3951bec 100644
--- a/policy/modules/services/pyzor.te
+++ b/policy/modules/services/pyzor.te
@@ -36,7 +36,7 @@ ubac_constrained(pyzor_var_lib_t)
type pyzord_t;
type pyzord_exec_t;
-init_daemon_domain(pyzord_t,pyzord_exec_t)
+init_daemon_domain(pyzord_t, pyzord_exec_t)
type pyzord_log_t;
logging_log_file(pyzord_log_t)
@@ -54,14 +54,14 @@ manage_lnk_files_pattern(pyzor_t, pyzor_home_t, pyzor_home_t)
userdom_user_home_dir_filetrans(pyzor_t, pyzor_home_t, { dir file lnk_file })
allow pyzor_t pyzor_var_lib_t:dir list_dir_perms;
-read_files_pattern(pyzor_t,pyzor_var_lib_t,pyzor_var_lib_t)
+read_files_pattern(pyzor_t, pyzor_var_lib_t, pyzor_var_lib_t)
files_search_var_lib(pyzor_t)
manage_files_pattern(pyzor_t, pyzor_tmp_t, pyzor_tmp_t)
manage_dirs_pattern(pyzor_t, pyzor_tmp_t, pyzor_tmp_t)
files_tmp_filetrans(pyzor_t, pyzor_tmp_t, { file dir })
-kernel_read_kernel_sysctls(pyzor_t)
+kernel_read_kernel_sysctls(pyzor_t)
kernel_read_system_state(pyzor_t)
corecmd_list_bin(pyzor_t)
diff --git a/policy/modules/services/qmail.if b/policy/modules/services/qmail.if
index 5112322..27fd19e 100644
--- a/policy/modules/services/qmail.if
+++ b/policy/modules/services/qmail.if
@@ -147,5 +147,5 @@ interface(`qmail_smtpd_service_domain',`
type qmail_smtpd_t;
')
- domtrans_pattern(qmail_smtpd_t, $2, $1)
+ domtrans_pattern(qmail_smtpd_t, $2, $1)
')
diff --git a/policy/modules/services/radius.fc b/policy/modules/services/radius.fc
index cdf6b55..09f7b50 100644
--- a/policy/modules/services/radius.fc
+++ b/policy/modules/services/radius.fc
@@ -3,7 +3,7 @@
/etc/cron\.(daily|weekly|monthly)/freeradius -- gen_context(system_u:object_r:radiusd_exec_t,s0)
/etc/rc\.d/init\.d/radiusd -- gen_context(system_u:object_r:radiusd_initrc_exec_t,s0)
-/etc/raddb(/.*)? gen_context(system_u:object_r:radiusd_etc_t,s0)
+/etc/raddb(/.*)? gen_context(system_u:object_r:radiusd_etc_t,s0)
/etc/raddb/db\.daily -- gen_context(system_u:object_r:radiusd_etc_rw_t,s0)
/usr/sbin/radiusd -- gen_context(system_u:object_r:radiusd_exec_t,s0)
diff --git a/policy/modules/services/rhgb.te b/policy/modules/services/rhgb.te
index ec3dfcf..4a200a3 100644
--- a/policy/modules/services/rhgb.te
+++ b/policy/modules/services/rhgb.te
@@ -32,7 +32,7 @@ allow rhgb_t self:udp_socket create_socket_perms;
allow rhgb_t self:netlink_route_socket r_netlink_socket_perms;
allow rhgb_t rhgb_devpts_t:chr_file { rw_chr_file_perms setattr };
-term_create_pty(rhgb_t,rhgb_devpts_t)
+term_create_pty(rhgb_t, rhgb_devpts_t)
manage_dirs_pattern(rhgb_t, rhgb_tmpfs_t, rhgb_tmpfs_t)
manage_files_pattern(rhgb_t, rhgb_tmpfs_t, rhgb_tmpfs_t)
diff --git a/policy/modules/services/ricci.if b/policy/modules/services/ricci.if
index 9f3641b..c291ce3 100644
--- a/policy/modules/services/ricci.if
+++ b/policy/modules/services/ricci.if
@@ -71,7 +71,7 @@ interface(`ricci_dontaudit_rw_modcluster_pipes',`
type ricci_modcluster_t;
')
- dontaudit $1 ricci_modcluster_t:fifo_file { read write };
+ dontaudit $1 ricci_modcluster_t:fifo_file { read write };
')
########################################
diff --git a/policy/modules/services/rpc.if b/policy/modules/services/rpc.if
index 20b2e7b..2f879f0 100644
--- a/policy/modules/services/rpc.if
+++ b/policy/modules/services/rpc.if
@@ -206,11 +206,11 @@ interface(`rpc_domtrans_nfsd',`
########################################
##
-## Execute domain in nfsd domain.
+## Execute domain in nfsd domain.
##
##
##
-## The type of the process performing this action.
+## The type of the process performing this action.
##
##
#
@@ -362,7 +362,7 @@ interface(`rpc_read_nfs_state_data',`
##
##
##
-## Domain allowed access.
+## Domain allowed access.
##
##
#
diff --git a/policy/modules/services/rsync.fc b/policy/modules/services/rsync.fc
index 89e09a5..299f7a4 100644
--- a/policy/modules/services/rsync.fc
+++ b/policy/modules/services/rsync.fc
@@ -1,6 +1,6 @@
/usr/bin/rsync -- gen_context(system_u:object_r:rsync_exec_t,s0)
-/var/log/rsync\.log -- gen_context(system_u:object_r:rsync_log_t,s0)
+/var/log/rsync\.log -- gen_context(system_u:object_r:rsync_log_t,s0)
-/var/run/rsyncd\.lock -- gen_context(system_u:object_r:rsync_var_run_t,s0)
+/var/run/rsyncd\.lock -- gen_context(system_u:object_r:rsync_var_run_t,s0)
diff --git a/policy/modules/services/rwho.if b/policy/modules/services/rwho.if
index 9991f17..71ea0ea 100644
--- a/policy/modules/services/rwho.if
+++ b/policy/modules/services/rwho.if
@@ -111,7 +111,7 @@ interface(`rwho_manage_spool_files',`
type rwho_spool_t;
')
- manage_files_pattern($1,rwho_spool_t,rwho_spool_t)
+ manage_files_pattern($1, rwho_spool_t, rwho_spool_t)
files_search_spool($1)
')
diff --git a/policy/modules/services/samba.te b/policy/modules/services/samba.te
index 22dff5b..fd85b23 100644
--- a/policy/modules/services/samba.te
+++ b/policy/modules/services/samba.te
@@ -537,7 +537,7 @@ corecmd_list_bin(smbmount_t)
files_list_mnt(smbmount_t)
files_mounton_mnt(smbmount_t)
files_manage_etc_runtime_files(smbmount_t)
-files_etc_filetrans_etc_runtime(smbmount_t,file)
+files_etc_filetrans_etc_runtime(smbmount_t, file)
files_read_etc_files(smbmount_t)
auth_use_nsswitch(smbmount_t)
@@ -672,7 +672,7 @@ files_list_var_lib(winbind_t)
rw_files_pattern(winbind_t, smbd_tmp_t, smbd_tmp_t)
allow winbind_t winbind_log_t:file manage_file_perms;
-logging_log_filetrans(winbind_t,winbind_log_t,file)
+logging_log_filetrans(winbind_t, winbind_log_t, file)
manage_dirs_pattern(winbind_t, winbind_tmp_t, winbind_tmp_t)
manage_files_pattern(winbind_t, winbind_tmp_t, winbind_tmp_t)
diff --git a/policy/modules/services/setroubleshoot.te b/policy/modules/services/setroubleshoot.te
index 6614dc8..ac3dfeb 100644
--- a/policy/modules/services/setroubleshoot.te
+++ b/policy/modules/services/setroubleshoot.te
@@ -48,7 +48,7 @@ logging_log_filetrans(setroubleshootd_t, setroubleshoot_var_log_t, { file dir })
# pid file
manage_files_pattern(setroubleshootd_t, setroubleshoot_var_run_t, setroubleshoot_var_run_t)
manage_sock_files_pattern(setroubleshootd_t, setroubleshoot_var_run_t, setroubleshoot_var_run_t)
-files_pid_filetrans(setroubleshootd_t,setroubleshoot_var_run_t, { file sock_file })
+files_pid_filetrans(setroubleshootd_t, setroubleshoot_var_run_t, { file sock_file })
kernel_read_kernel_sysctls(setroubleshootd_t)
kernel_read_system_state(setroubleshootd_t)
diff --git a/policy/modules/services/snmp.te b/policy/modules/services/snmp.te
index 58e79fd..93eebbb 100644
--- a/policy/modules/services/snmp.te
+++ b/policy/modules/services/snmp.te
@@ -35,7 +35,7 @@ allow snmpd_t self:tcp_socket create_stream_socket_perms;
allow snmpd_t self:udp_socket connected_stream_socket_perms;
allow snmpd_t snmpd_log_t:file manage_file_perms;
-logging_log_filetrans(snmpd_t,snmpd_log_t,file)
+logging_log_filetrans(snmpd_t, snmpd_log_t, file)
manage_dirs_pattern(snmpd_t, snmpd_var_lib_t, snmpd_var_lib_t)
manage_files_pattern(snmpd_t, snmpd_var_lib_t, snmpd_var_lib_t)
diff --git a/policy/modules/services/ssh.te b/policy/modules/services/ssh.te
index d727a75..5e62ab4 100644
--- a/policy/modules/services/ssh.te
+++ b/policy/modules/services/ssh.te
@@ -42,7 +42,7 @@ files_tmp_file(sshd_tmp_t)
files_poly_parent(sshd_tmp_t)
ifdef(`enable_mcs',`
- init_ranged_daemon_domain(sshd_t,sshd_exec_t,s0 - mcs_systemhigh)
+ init_ranged_daemon_domain(sshd_t, sshd_exec_t, s0 - mcs_systemhigh)
')
type ssh_t;
@@ -112,8 +112,8 @@ manage_fifo_files_pattern(ssh_t, ssh_tmpfs_t, ssh_tmpfs_t)
manage_sock_files_pattern(ssh_t, ssh_tmpfs_t, ssh_tmpfs_t)
fs_tmpfs_filetrans(ssh_t, ssh_tmpfs_t,{ dir file lnk_file sock_file fifo_file })
-manage_dirs_pattern(ssh_t,home_ssh_t,home_ssh_t)
-manage_sock_files_pattern(ssh_t,home_ssh_t,home_ssh_t)
+manage_dirs_pattern(ssh_t, home_ssh_t, home_ssh_t)
+manage_sock_files_pattern(ssh_t, home_ssh_t, home_ssh_t)
userdom_user_home_dir_filetrans(ssh_t, home_ssh_t, { dir sock_file })
# Allow the ssh program to communicate with ssh-agent.
@@ -122,13 +122,13 @@ stream_connect_pattern(ssh_t, ssh_agent_tmp_t, ssh_agent_tmp_t, ssh_agent_type)
allow ssh_t sshd_t:unix_stream_socket connectto;
# ssh client can manage the keys and config
-manage_files_pattern(ssh_t,home_ssh_t,home_ssh_t)
-read_lnk_files_pattern(ssh_t,home_ssh_t,home_ssh_t)
+manage_files_pattern(ssh_t, home_ssh_t, home_ssh_t)
+read_lnk_files_pattern(ssh_t, home_ssh_t, home_ssh_t)
# ssh servers can read the user keys and config
allow ssh_server home_ssh_t:dir list_dir_perms;
-read_files_pattern(ssh_server,home_ssh_t,home_ssh_t)
-read_lnk_files_pattern(ssh_server,home_ssh_t,home_ssh_t)
+read_files_pattern(ssh_server, home_ssh_t, home_ssh_t)
+read_lnk_files_pattern(ssh_server, home_ssh_t, home_ssh_t)
kernel_read_kernel_sysctls(ssh_t)
diff --git a/policy/modules/services/stunnel.fc b/policy/modules/services/stunnel.fc
index c3aec89..50e29aa 100644
--- a/policy/modules/services/stunnel.fc
+++ b/policy/modules/services/stunnel.fc
@@ -1,4 +1,4 @@
-/etc/stunnel(/.*)? gen_context(system_u:object_r:stunnel_etc_t,s0)
+/etc/stunnel(/.*)? gen_context(system_u:object_r:stunnel_etc_t,s0)
/usr/bin/stunnel -- gen_context(system_u:object_r:stunnel_exec_t,s0)
diff --git a/policy/modules/services/sysstat.if b/policy/modules/services/sysstat.if
index a5fad30..7a23b3b 100644
--- a/policy/modules/services/sysstat.if
+++ b/policy/modules/services/sysstat.if
@@ -16,6 +16,6 @@ interface(`sysstat_manage_log',`
type sysstat_log_t;
')
- logging_search_logs($1)
+ logging_search_logs($1)
manage_files_pattern($1, sysstat_log_t, sysstat_log_t)
')
diff --git a/policy/modules/services/ucspitcp.te b/policy/modules/services/ucspitcp.te
index 920dc65..13a9d9b 100644
--- a/policy/modules/services/ucspitcp.te
+++ b/policy/modules/services/ucspitcp.te
@@ -89,6 +89,6 @@ files_read_etc_files(ucspitcp_t)
sysnet_read_config(ucspitcp_t)
optional_policy(`
- daemontools_service_domain(ucspitcp_t,ucspitcp_exec_t)
+ daemontools_service_domain(ucspitcp_t, ucspitcp_exec_t)
daemontools_read_svc(ucspitcp_t)
')
diff --git a/policy/modules/services/ulogd.if b/policy/modules/services/ulogd.if
index 4a2118e..d04b833 100644
--- a/policy/modules/services/ulogd.if
+++ b/policy/modules/services/ulogd.if
@@ -62,21 +62,21 @@ interface(`ulogd_read_log',`
#######################################
##
-## Allow the specified domain to search ulogd's log files.
+## Allow the specified domain to search ulogd's log files.
##
##
##
-## Domain allowed to transition.
+## Domain allowed to transition.
##
##
#
interface(`ulogd_search_log',`
- gen_require(`
- type ulogd_var_log_t;
- ')
+ gen_require(`
+ type ulogd_var_log_t;
+ ')
- logging_search_logs($1)
- allow $1 ulogd_var_log_t:dir search_dir_perms;
+ logging_search_logs($1)
+ allow $1 ulogd_var_log_t:dir search_dir_perms;
')
########################################
diff --git a/policy/modules/services/uptime.fc b/policy/modules/services/uptime.fc
index 1f22545..e30d6fc 100644
--- a/policy/modules/services/uptime.fc
+++ b/policy/modules/services/uptime.fc
@@ -3,4 +3,4 @@
/usr/sbin/uptimed -- gen_context(system_u:object_r:uptimed_exec_t,s0)
-/var/spool/uptimed(/.*)? gen_context(system_u:object_r:uptimed_spool_t,s0)
+/var/spool/uptimed(/.*)? gen_context(system_u:object_r:uptimed_spool_t,s0)
diff --git a/policy/modules/services/virt.if b/policy/modules/services/virt.if
index dfd0b0b..8dc8acf 100644
--- a/policy/modules/services/virt.if
+++ b/policy/modules/services/virt.if
@@ -135,7 +135,7 @@ interface(`virt_manage_pid_files',`
type virt_var_run_t;
')
- manage_files_pattern($1, virt_var_run_t, virt_var_run_t)
+ manage_files_pattern($1, virt_var_run_t, virt_var_run_t)
')
########################################
diff --git a/policy/modules/services/watchdog.te b/policy/modules/services/watchdog.te
index 4ba63a4..8b0b463 100644
--- a/policy/modules/services/watchdog.te
+++ b/policy/modules/services/watchdog.te
@@ -71,7 +71,7 @@ domain_kill_all_domains(watchdog_t)
files_read_etc_files(watchdog_t)
# for updating mtab on umount
files_manage_etc_runtime_files(watchdog_t)
-files_etc_filetrans_etc_runtime(watchdog_t,file)
+files_etc_filetrans_etc_runtime(watchdog_t, file)
fs_unmount_xattr_fs(watchdog_t)
fs_getattr_all_fs(watchdog_t)
diff --git a/policy/modules/services/xserver.if b/policy/modules/services/xserver.if
index 783a19b..208ea7a 100644
--- a/policy/modules/services/xserver.if
+++ b/policy/modules/services/xserver.if
@@ -85,7 +85,7 @@ interface(`xserver_role',`
allow $2 xauth_t:process signal;
# allow ps to show xauth
- ps_process_pattern($2,xauth_t)
+ ps_process_pattern($2, xauth_t)
allow $2 xauth_home_t:file manage_file_perms;
allow $2 xauth_home_t:file { relabelfrom relabelto };
diff --git a/policy/modules/services/xserver.te b/policy/modules/services/xserver.te
index 260252d..c656d42 100644
--- a/policy/modules/services/xserver.te
+++ b/policy/modules/services/xserver.te
@@ -191,7 +191,7 @@ type xserver_exec_t;
typealias xserver_t alias { user_xserver_t staff_xserver_t sysadm_xserver_t };
typealias xserver_t alias { auditadm_xserver_t secadm_xserver_t };
xserver_object_types_template(xdm)
-xserver_common_x_domain_template(xdm,xdm_t)
+xserver_common_x_domain_template(xdm, xdm_t)
init_system_domain(xserver_t, xserver_exec_t)
ubac_constrained(xserver_t)
@@ -215,8 +215,8 @@ type xserver_log_t;
logging_log_file(xserver_log_t)
ifdef(`enable_mcs',`
- init_ranged_domain(xdm_t,xdm_exec_t,s0 - mcs_systemhigh)
- init_ranged_daemon_domain(xdm_t,xdm_exec_t,s0 - mcs_systemhigh)
+ init_ranged_domain(xdm_t, xdm_exec_t, s0 - mcs_systemhigh)
+ init_ranged_daemon_domain(xdm_t, xdm_exec_t, s0 - mcs_systemhigh)
')
optional_policy(`
@@ -360,11 +360,11 @@ allow xdm_t xserver_t:process { noatsecure siginh rlimitinh signal sigkill };
allow xdm_t xserver_t:shm rw_shm_perms;
# connect to xdm xserver over stream socket
-stream_connect_pattern(xdm_t,xserver_tmp_t,xserver_tmp_t,xserver_t)
+stream_connect_pattern(xdm_t, xserver_tmp_t, xserver_tmp_t, xserver_t)
# Remove /tmp/.X11-unix/X0.
-delete_files_pattern(xdm_t,xserver_tmp_t,xserver_tmp_t)
-delete_sock_files_pattern(xdm_t,xserver_tmp_t,xserver_tmp_t)
+delete_files_pattern(xdm_t, xserver_tmp_t, xserver_tmp_t)
+delete_sock_files_pattern(xdm_t, xserver_tmp_t, xserver_tmp_t)
manage_dirs_pattern(xdm_t, xserver_log_t, xserver_log_t)
manage_files_pattern(xdm_t, xserver_log_t, xserver_log_t)
@@ -473,7 +473,7 @@ userdom_read_user_home_content_files(xdm_t)
userdom_read_all_users_state(xdm_t)
userdom_signal_all_users(xdm_t)
-xserver_rw_session(xdm_t,xdm_tmpfs_t)
+xserver_rw_session(xdm_t, xdm_tmpfs_t)
xserver_unconfined(xdm_t)
tunable_policy(`use_nfs_home_dirs',`
@@ -622,7 +622,7 @@ manage_files_pattern(xserver_t, xserver_tmp_t, xserver_tmp_t)
manage_sock_files_pattern(xserver_t, xserver_tmp_t, xserver_tmp_t)
files_tmp_filetrans(xserver_t, xserver_tmp_t, { file dir sock_file })
-filetrans_pattern(xserver_t, xserver_tmp_t, xserver_tmp_t,sock_file)
+filetrans_pattern(xserver_t, xserver_tmp_t, xserver_tmp_t, sock_file)
manage_dirs_pattern(xserver_t, xserver_tmpfs_t, xserver_tmpfs_t)
manage_files_pattern(xserver_t, xserver_tmpfs_t, xserver_tmpfs_t)
@@ -637,7 +637,7 @@ files_search_var_lib(xserver_t)
# Create files in /var/log with the xserver_log_t type.
manage_files_pattern(xserver_t, xserver_log_t, xserver_log_t)
-logging_log_filetrans(xserver_t, xserver_log_t,file)
+logging_log_filetrans(xserver_t, xserver_log_t, file)
kernel_read_system_state(xserver_t)
kernel_read_device_sysctls(xserver_t)
diff --git a/policy/modules/services/zebra.fc b/policy/modules/services/zebra.fc
index 73c2f74..e1b30b2 100644
--- a/policy/modules/services/zebra.fc
+++ b/policy/modules/services/zebra.fc
@@ -11,7 +11,7 @@
/etc/quagga(/.*)? gen_context(system_u:object_r:zebra_conf_t,s0)
/etc/zebra(/.*)? gen_context(system_u:object_r:zebra_conf_t,s0)
-/usr/sbin/ospf.* -- gen_context(system_u:object_r:zebra_exec_t,s0)
+/usr/sbin/ospf.* -- gen_context(system_u:object_r:zebra_exec_t,s0)
/usr/sbin/rip.* -- gen_context(system_u:object_r:zebra_exec_t,s0)
/var/log/quagga(/.*)? gen_context(system_u:object_r:zebra_log_t,s0)
diff --git a/policy/modules/services/zosremote.if b/policy/modules/services/zosremote.if
index 84d4ddf..f2f2389 100644
--- a/policy/modules/services/zosremote.if
+++ b/policy/modules/services/zosremote.if
@@ -2,20 +2,20 @@
########################################
##
-## Execute a domain transition to run audispd-zos-remote.
+## Execute a domain transition to run audispd-zos-remote.
##
##
##
-## Domain allowed to transition.
+## Domain allowed to transition.
##
##
#
interface(`zosremote_domtrans',`
- gen_require(`
- type zos_remote_t, zos_remote_exec_t;
- ')
+ gen_require(`
+ type zos_remote_t, zos_remote_exec_t;
+ ')
- domtrans_pattern($1, zos_remote_exec_t, zos_remote_t)
+ domtrans_pattern($1, zos_remote_exec_t, zos_remote_t)
')
########################################
diff --git a/policy/modules/system/application.te b/policy/modules/system/application.te
index b14091c..c80f2ce 100644
--- a/policy/modules/system/application.te
+++ b/policy/modules/system/application.te
@@ -1,5 +1,5 @@
-policy_module(application,1.1.0)
+policy_module(application, 1.1.0)
# Attribute of user applications
attribute application_domain_type;
@@ -11,4 +11,3 @@ optional_policy(`
ssh_sigchld(application_domain_type)
ssh_rw_stream_sockets(application_domain_type)
')
-
diff --git a/policy/modules/system/authlogin.if b/policy/modules/system/authlogin.if
index a18d1f2..8d1d529 100644
--- a/policy/modules/system/authlogin.if
+++ b/policy/modules/system/authlogin.if
@@ -125,7 +125,7 @@ interface(`auth_login_entry_type',`
type login_exec_t;
')
- domain_entry_file($1,login_exec_t)
+ domain_entry_file($1, login_exec_t)
')
########################################
@@ -149,7 +149,7 @@ interface(`auth_domtrans_login_program',`
')
corecmd_search_bin($1)
- domtrans_pattern($1,login_exec_t,$2)
+ domtrans_pattern($1, login_exec_t,$2)
')
########################################
@@ -204,7 +204,7 @@ interface(`auth_search_cache',`
type auth_cache_t;
')
- allow $1 auth_cache_t:dir search_dir_perms;
+ allow $1 auth_cache_t:dir search_dir_perms;
')
########################################
@@ -222,7 +222,7 @@ interface(`auth_read_cache',`
type auth_cache_t;
')
- read_files_pattern($1, auth_cache_t, auth_cache_t)
+ read_files_pattern($1, auth_cache_t, auth_cache_t)
')
########################################
@@ -240,7 +240,7 @@ interface(`auth_rw_cache',`
type auth_cache_t;
')
- rw_files_pattern($1, auth_cache_t, auth_cache_t)
+ rw_files_pattern($1, auth_cache_t, auth_cache_t)
')
########################################
@@ -258,7 +258,7 @@ interface(`auth_manage_cache',`
type auth_cache_t;
')
- manage_files_pattern($1, auth_cache_t, auth_cache_t)
+ manage_files_pattern($1, auth_cache_t, auth_cache_t)
')
#######################################
@@ -276,7 +276,7 @@ interface(`auth_var_filetrans_cache',`
type auth_cache_t;
')
- files_var_filetrans($1,auth_cache_t,{ file dir } )
+ files_var_filetrans($1, auth_cache_t, { file dir } )
')
########################################
@@ -369,7 +369,7 @@ interface(`auth_domtrans_upd_passwd',`
type updpwd_t, updpwd_exec_t;
')
- domtrans_pattern($1,updpwd_exec_t,updpwd_t)
+ domtrans_pattern($1, updpwd_exec_t, updpwd_t)
auth_dontaudit_read_shadow($1)
')
@@ -585,7 +585,7 @@ interface(`auth_etc_filetrans_shadow',`
type shadow_t;
')
- files_etc_filetrans($1,shadow_t,file)
+ files_etc_filetrans($1, shadow_t, file)
')
#######################################
@@ -743,7 +743,7 @@ interface(`auth_domtrans_pam',`
type pam_t, pam_exec_t;
')
- domtrans_pattern($1,pam_exec_t,pam_t)
+ domtrans_pattern($1, pam_exec_t, pam_t)
')
########################################
@@ -803,7 +803,7 @@ interface(`auth_exec_pam',`
type pam_exec_t;
')
- can_exec($1,pam_exec_t)
+ can_exec($1, pam_exec_t)
')
########################################
@@ -921,7 +921,7 @@ interface(`auth_domtrans_pam_console',`
type pam_console_t, pam_console_exec_t;
')
- domtrans_pattern($1,pam_console_exec_t,pam_console_t)
+ domtrans_pattern($1, pam_console_exec_t, pam_console_t)
')
########################################
@@ -1001,8 +1001,8 @@ interface(`auth_manage_pam_console_data',`
')
files_search_pids($1)
- manage_files_pattern($1,pam_var_console_t,pam_var_console_t)
- manage_lnk_files_pattern($1,pam_var_console_t,pam_var_console_t)
+ manage_files_pattern($1, pam_var_console_t, pam_var_console_t)
+ manage_lnk_files_pattern($1, pam_var_console_t, pam_var_console_t)
')
#######################################
@@ -1022,7 +1022,7 @@ interface(`auth_delete_pam_console_data',`
files_search_var($1)
files_search_pids($1)
- delete_files_pattern($1,pam_var_console_t,pam_var_console_t)
+ delete_files_pattern($1, pam_var_console_t, pam_var_console_t)
')
########################################
@@ -1168,7 +1168,7 @@ interface(`auth_domtrans_utempter',`
type utempter_t, utempter_exec_t;
')
- domtrans_pattern($1,utempter_exec_t,utempter_t)
+ domtrans_pattern($1, utempter_exec_t, utempter_t)
')
########################################
@@ -1343,7 +1343,7 @@ interface(`auth_log_filetrans_login_records',`
type wtmp_t;
')
- logging_log_filetrans($1,wtmp_t,file)
+ logging_log_filetrans($1, wtmp_t, file)
')
########################################
diff --git a/policy/modules/system/authlogin.te b/policy/modules/system/authlogin.te
index 7542302..98eee68 100644
--- a/policy/modules/system/authlogin.te
+++ b/policy/modules/system/authlogin.te
@@ -31,7 +31,7 @@ application_executable_file(login_exec_t)
type pam_console_t;
type pam_console_exec_t;
-init_system_domain(pam_console_t,pam_console_exec_t)
+init_system_domain(pam_console_t, pam_console_exec_t)
role system_r types pam_console_t;
type pam_t;
@@ -39,7 +39,7 @@ domain_type(pam_t)
role system_r types pam_t;
type pam_exec_t;
-domain_entry_file(pam_t,pam_exec_t)
+domain_entry_file(pam_t, pam_exec_t)
type pam_tmp_t;
files_tmp_file(pam_tmp_t)
@@ -59,13 +59,13 @@ neverallow ~can_relabelto_shadow_passwords shadow_t:file relabelto;
type updpwd_t;
type updpwd_exec_t;
domain_type(updpwd_t)
-domain_entry_file(updpwd_t,updpwd_exec_t)
+domain_entry_file(updpwd_t, updpwd_exec_t)
domain_obj_id_change_exemption(updpwd_t)
role system_r types updpwd_t;
type utempter_t;
type utempter_exec_t;
-application_domain(utempter_t,utempter_exec_t)
+application_domain(utempter_t, utempter_exec_t)
#
# var_auth_t is the type of /var/lib/auth, usually
@@ -147,8 +147,8 @@ allow pam_t self:sem create_sem_perms;
allow pam_t self:msgq create_msgq_perms;
allow pam_t self:msg { send receive };
-delete_files_pattern(pam_t,pam_var_run_t,pam_var_run_t)
-read_files_pattern(pam_t,pam_var_run_t,pam_var_run_t)
+delete_files_pattern(pam_t, pam_var_run_t, pam_var_run_t)
+read_files_pattern(pam_t, pam_var_run_t, pam_var_run_t)
files_list_pids(pam_t)
allow pam_t pam_tmp_t:dir manage_dir_perms;
@@ -193,8 +193,8 @@ dontaudit pam_console_t self:capability sys_tty_config;
allow pam_console_t self:process { sigchld sigkill sigstop signull signal };
# for /var/run/console.lock checking
-read_files_pattern(pam_console_t,pam_var_console_t,pam_var_console_t)
-read_lnk_files_pattern(pam_console_t,pam_var_console_t,pam_var_console_t)
+read_files_pattern(pam_console_t, pam_var_console_t, pam_var_console_t)
+read_lnk_files_pattern(pam_console_t, pam_var_console_t, pam_var_console_t)
dontaudit pam_console_t pam_var_console_t:file write;
kernel_read_kernel_sysctls(pam_console_t)
diff --git a/policy/modules/system/clock.if b/policy/modules/system/clock.if
index f76522e..4cf09f6 100644
--- a/policy/modules/system/clock.if
+++ b/policy/modules/system/clock.if
@@ -15,7 +15,7 @@ interface(`clock_domtrans',`
type hwclock_t, hwclock_exec_t;
')
- domtrans_pattern($1,hwclock_exec_t,hwclock_t)
+ domtrans_pattern($1, hwclock_exec_t, hwclock_t)
')
########################################
@@ -59,7 +59,7 @@ interface(`clock_exec',`
type hwclock_exec_t;
')
- can_exec($1,hwclock_exec_t)
+ can_exec($1, hwclock_exec_t)
')
########################################
diff --git a/policy/modules/system/clock.te b/policy/modules/system/clock.te
index 1cc3ae9..e935c7c 100644
--- a/policy/modules/system/clock.te
+++ b/policy/modules/system/clock.te
@@ -11,7 +11,7 @@ files_type(adjtime_t)
type hwclock_t;
type hwclock_exec_t;
-init_system_domain(hwclock_t,hwclock_exec_t)
+init_system_domain(hwclock_t, hwclock_exec_t)
role system_r types hwclock_t;
########################################
diff --git a/policy/modules/system/daemontools.te b/policy/modules/system/daemontools.te
index 287b191..1e57404 100644
--- a/policy/modules/system/daemontools.te
+++ b/policy/modules/system/daemontools.te
@@ -1,5 +1,5 @@
-policy_module(daemontools,1.2.0)
+policy_module(daemontools, 1.2.0)
########################################
#
@@ -14,18 +14,18 @@ files_type(svc_log_t)
type svc_multilog_t;
type svc_multilog_exec_t;
-application_domain(svc_multilog_t,svc_multilog_exec_t)
+application_domain(svc_multilog_t, svc_multilog_exec_t)
role system_r types svc_multilog_t;
type svc_run_t;
type svc_run_exec_t;
-application_domain(svc_run_t,svc_run_exec_t)
+application_domain(svc_run_t, svc_run_exec_t)
role system_r types svc_run_t;
type svc_start_t;
type svc_start_exec_t;
-init_domain(svc_start_t,svc_start_exec_t)
-init_system_domain(svc_start_t,svc_start_exec_t)
+init_domain(svc_start_t, svc_start_exec_t)
+init_system_domain(svc_start_t, svc_start_exec_t)
role system_r types svc_start_t;
type svc_svc_t;
@@ -37,7 +37,7 @@ files_type(svc_svc_t)
#
# multilog creates /service/*/log/status
-manage_files_pattern(svc_multilog_t,svc_svc_t,svc_svc_t)
+manage_files_pattern(svc_multilog_t, svc_svc_t, svc_svc_t)
init_use_fds(svc_multilog_t)
diff --git a/policy/modules/system/fstools.if b/policy/modules/system/fstools.if
index 732b54a..1c51b4b 100644
--- a/policy/modules/system/fstools.if
+++ b/policy/modules/system/fstools.if
@@ -16,7 +16,7 @@ interface(`fstools_domtrans',`
')
corecmd_search_bin($1)
- domtrans_pattern($1,fsadm_exec_t,fsadm_t)
+ domtrans_pattern($1, fsadm_exec_t, fsadm_t)
')
########################################
@@ -60,7 +60,7 @@ interface(`fstools_exec',`
type fsadm_exec_t;
')
- can_exec($1,fsadm_exec_t)
+ can_exec($1, fsadm_exec_t)
')
########################################
diff --git a/policy/modules/system/fstools.te b/policy/modules/system/fstools.te
index 2ae2f1c..e204c3a 100644
--- a/policy/modules/system/fstools.te
+++ b/policy/modules/system/fstools.te
@@ -8,7 +8,7 @@ policy_module(fstools, 1.12.1)
type fsadm_t;
type fsadm_exec_t;
-init_system_domain(fsadm_t,fsadm_exec_t)
+init_system_domain(fsadm_t, fsadm_exec_t)
role system_r types fsadm_t;
type fsadm_log_t;
@@ -48,8 +48,8 @@ files_tmp_filetrans(fsadm_t, fsadm_tmp_t, { file dir })
# log files
allow fsadm_t fsadm_log_t:dir setattr;
-manage_files_pattern(fsadm_t,fsadm_log_t,fsadm_log_t)
-logging_log_filetrans(fsadm_t,fsadm_log_t,file)
+manage_files_pattern(fsadm_t, fsadm_log_t, fsadm_log_t)
+logging_log_filetrans(fsadm_t, fsadm_log_t, file)
# Enable swapping to files
allow fsadm_t swapfile_t:file { rw_file_perms swapon };
@@ -127,7 +127,7 @@ files_manage_lost_found(fsadm_t)
files_manage_isid_type_dirs(fsadm_t)
# Write to /etc/mtab.
files_manage_etc_runtime_files(fsadm_t)
-files_etc_filetrans_etc_runtime(fsadm_t,file)
+files_etc_filetrans_etc_runtime(fsadm_t, file)
# Access to /initrd devices
files_rw_isid_type_dirs(fsadm_t)
files_rw_isid_type_blk_files(fsadm_t)
@@ -174,7 +174,7 @@ optional_policy(`
optional_policy(`
# for smartctl cron jobs
- cron_system_entry(fsadm_t,fsadm_exec_t)
+ cron_system_entry(fsadm_t, fsadm_exec_t)
')
optional_policy(`
diff --git a/policy/modules/system/getty.if b/policy/modules/system/getty.if
index 9ae3682..b2b003d 100644
--- a/policy/modules/system/getty.if
+++ b/policy/modules/system/getty.if
@@ -16,7 +16,7 @@ interface(`getty_domtrans',`
')
corecmd_search_bin($1)
- domtrans_pattern($1,getty_exec_t,getty_t)
+ domtrans_pattern($1, getty_exec_t, getty_t)
')
########################################
diff --git a/policy/modules/system/getty.te b/policy/modules/system/getty.te
index 077e95d..dc4a1e8 100644
--- a/policy/modules/system/getty.te
+++ b/policy/modules/system/getty.te
@@ -8,7 +8,7 @@ policy_module(getty, 1.7.0)
type getty_t;
type getty_exec_t;
-init_domain(getty_t,getty_exec_t)
+init_domain(getty_t, getty_exec_t)
init_system_domain(getty_t, getty_exec_t)
domain_interactive_fd(getty_t)
@@ -39,22 +39,22 @@ dontaudit getty_t self:capability sys_tty_config;
allow getty_t self:process { getpgid setpgid getsession signal_perms };
allow getty_t self:fifo_file rw_fifo_file_perms;
-read_files_pattern(getty_t,getty_etc_t,getty_etc_t)
-read_lnk_files_pattern(getty_t,getty_etc_t,getty_etc_t)
-files_etc_filetrans(getty_t,getty_etc_t,{ file dir })
+read_files_pattern(getty_t, getty_etc_t, getty_etc_t)
+read_lnk_files_pattern(getty_t, getty_etc_t, getty_etc_t)
+files_etc_filetrans(getty_t, getty_etc_t,{ file dir })
allow getty_t getty_lock_t:file manage_file_perms;
-files_lock_filetrans(getty_t,getty_lock_t,file)
+files_lock_filetrans(getty_t, getty_lock_t, file)
allow getty_t getty_log_t:file manage_file_perms;
-logging_log_filetrans(getty_t,getty_log_t,file)
+logging_log_filetrans(getty_t, getty_log_t, file)
allow getty_t getty_tmp_t:file manage_file_perms;
allow getty_t getty_tmp_t:dir manage_dir_perms;
-files_tmp_filetrans(getty_t,getty_tmp_t,{ file dir })
+files_tmp_filetrans(getty_t, getty_tmp_t, { file dir })
-manage_files_pattern(getty_t,getty_var_run_t,getty_var_run_t)
-files_pid_filetrans(getty_t,getty_var_run_t,file)
+manage_files_pattern(getty_t, getty_var_run_t, getty_var_run_t)
+files_pid_filetrans(getty_t, getty_var_run_t, file)
kernel_list_proc(getty_t)
kernel_read_proc_symlinks(getty_t)
diff --git a/policy/modules/system/hostname.if b/policy/modules/system/hostname.if
index 1ce151a..8fdea3b 100644
--- a/policy/modules/system/hostname.if
+++ b/policy/modules/system/hostname.if
@@ -16,7 +16,7 @@ interface(`hostname_domtrans',`
')
corecmd_search_bin($1)
- domtrans_pattern($1,hostname_exec_t,hostname_t)
+ domtrans_pattern($1, hostname_exec_t, hostname_t)
')
########################################
@@ -61,5 +61,5 @@ interface(`hostname_exec',`
')
corecmd_search_bin($1)
- can_exec($1,hostname_exec_t)
+ can_exec($1, hostname_exec_t)
')
diff --git a/policy/modules/system/hostname.te b/policy/modules/system/hostname.te
index bf6bc23..7cdd8a7 100644
--- a/policy/modules/system/hostname.te
+++ b/policy/modules/system/hostname.te
@@ -8,7 +8,7 @@ policy_module(hostname, 1.6.0)
type hostname_t;
type hostname_exec_t;
-init_system_domain(hostname_t,hostname_exec_t)
+init_system_domain(hostname_t, hostname_exec_t)
role system_r types hostname_t;
########################################
diff --git a/policy/modules/system/hotplug.if b/policy/modules/system/hotplug.if
index 3741a18..321d2e6 100644
--- a/policy/modules/system/hotplug.if
+++ b/policy/modules/system/hotplug.if
@@ -19,7 +19,7 @@ interface(`hotplug_domtrans',`
')
corecmd_search_bin($1)
- domtrans_pattern($1,hotplug_exec_t,hotplug_t)
+ domtrans_pattern($1, hotplug_exec_t, hotplug_t)
')
########################################
@@ -38,7 +38,7 @@ interface(`hotplug_exec',`
')
corecmd_search_bin($1)
- can_exec($1,hotplug_exec_t)
+ can_exec($1, hotplug_exec_t)
')
########################################
@@ -151,8 +151,8 @@ interface(`hotplug_read_config',`
files_search_etc($1)
allow $1 hotplug_etc_t:dir list_dir_perms;
- read_files_pattern($1,hotplug_etc_t,hotplug_etc_t)
- read_lnk_files_pattern($1,hotplug_etc_t,hotplug_etc_t)
+ read_files_pattern($1, hotplug_etc_t, hotplug_etc_t)
+ read_lnk_files_pattern($1, hotplug_etc_t, hotplug_etc_t)
')
########################################
diff --git a/policy/modules/system/hotplug.te b/policy/modules/system/hotplug.te
index 6e01745..12a3cb6 100644
--- a/policy/modules/system/hotplug.te
+++ b/policy/modules/system/hotplug.te
@@ -8,12 +8,12 @@ policy_module(hotplug, 1.11.2)
type hotplug_t;
type hotplug_exec_t;
-kernel_domtrans_to(hotplug_t,hotplug_exec_t)
-init_daemon_domain(hotplug_t,hotplug_exec_t)
+kernel_domtrans_to(hotplug_t, hotplug_exec_t)
+init_daemon_domain(hotplug_t, hotplug_exec_t)
type hotplug_etc_t;
files_config_file(hotplug_etc_t)
-init_daemon_domain(hotplug_t,hotplug_etc_t)
+init_daemon_domain(hotplug_t, hotplug_etc_t)
type hotplug_var_run_t;
files_pid_file(hotplug_var_run_t)
@@ -33,15 +33,15 @@ allow hotplug_t self:netlink_route_socket r_netlink_socket_perms;
allow hotplug_t self:udp_socket create_socket_perms;
allow hotplug_t self:tcp_socket connected_stream_socket_perms;
-read_files_pattern(hotplug_t,hotplug_etc_t,hotplug_etc_t)
-read_lnk_files_pattern(hotplug_t,hotplug_etc_t,hotplug_etc_t)
-can_exec(hotplug_t,hotplug_etc_t)
+read_files_pattern(hotplug_t, hotplug_etc_t, hotplug_etc_t)
+read_lnk_files_pattern(hotplug_t, hotplug_etc_t, hotplug_etc_t)
+can_exec(hotplug_t, hotplug_etc_t)
allow hotplug_t hotplug_etc_t:dir list_dir_perms;
-can_exec(hotplug_t,hotplug_exec_t)
+can_exec(hotplug_t, hotplug_exec_t)
-manage_files_pattern(hotplug_t,hotplug_var_run_t,hotplug_var_run_t)
-files_pid_filetrans(hotplug_t,hotplug_var_run_t,file)
+manage_files_pattern(hotplug_t, hotplug_var_run_t, hotplug_var_run_t)
+files_pid_filetrans(hotplug_t, hotplug_var_run_t, file)
kernel_sigchld(hotplug_t)
kernel_setpgid(hotplug_t)
@@ -83,7 +83,7 @@ domain_dontaudit_getattr_all_domains(hotplug_t)
files_read_etc_files(hotplug_t)
files_manage_etc_runtime_files(hotplug_t)
-files_etc_filetrans_etc_runtime(hotplug_t,file)
+files_etc_filetrans_etc_runtime(hotplug_t, file)
files_exec_etc_files(hotplug_t)
# for when filesystems are not mounted early in the boot:
files_dontaudit_search_isid_type_dirs(hotplug_t)
diff --git a/policy/modules/system/init.if b/policy/modules/system/init.if
index 5f9f21e..7637333 100644
--- a/policy/modules/system/init.if
+++ b/policy/modules/system/init.if
@@ -334,7 +334,7 @@ interface(`init_domtrans',`
type init_t, init_exec_t;
')
- domtrans_pattern($1,init_exec_t,init_t)
+ domtrans_pattern($1, init_exec_t, init_t)
')
########################################
@@ -354,7 +354,7 @@ interface(`init_exec',`
')
corecmd_search_bin($1)
- can_exec($1,init_exec_t)
+ can_exec($1, init_exec_t)
')
########################################
@@ -604,7 +604,7 @@ interface(`init_script_file_entry_type',`
type initrc_exec_t;
')
- domain_entry_file($1,initrc_exec_t)
+ domain_entry_file($1, initrc_exec_t)
')
########################################
@@ -623,7 +623,7 @@ interface(`init_spec_domtrans_script',`
')
files_list_etc($1)
- spec_domtrans_pattern($1,initrc_exec_t,initrc_t)
+ spec_domtrans_pattern($1, initrc_exec_t, initrc_t)
ifdef(`enable_mcs',`
range_transition $1 initrc_exec_t:process s0;
@@ -650,7 +650,7 @@ interface(`init_domtrans_script',`
')
files_list_etc($1)
- domtrans_pattern($1,initrc_exec_t,initrc_t)
+ domtrans_pattern($1, initrc_exec_t, initrc_t)
ifdef(`enable_mcs',`
range_transition $1 initrc_exec_t:process s0;
@@ -692,7 +692,7 @@ interface(`init_script_file_domtrans',`
')
files_list_etc($1)
- domain_auto_trans($1,initrc_exec_t,$2)
+ domain_auto_trans($1, initrc_exec_t,$2)
')
########################################
@@ -863,7 +863,7 @@ interface(`init_exec_script_files',`
')
files_list_etc($1)
- can_exec($1,initrc_exec_t)
+ can_exec($1, initrc_exec_t)
')
########################################
@@ -939,9 +939,9 @@ interface(`init_read_script_state',`
')
kernel_search_proc($1)
- read_files_pattern($1,initrc_t,initrc_t)
- read_lnk_files_pattern($1,initrc_t,initrc_t)
- list_dirs_pattern($1,initrc_t,initrc_t)
+ read_files_pattern($1, initrc_t, initrc_t)
+ read_lnk_files_pattern($1, initrc_t, initrc_t)
+ list_dirs_pattern($1, initrc_t, initrc_t)
# should move this to separate interface
allow $1 initrc_t:process getattr;
@@ -1247,7 +1247,7 @@ interface(`init_getattr_script_status_files',`
type initrc_state_t;
')
- getattr_files_pattern($1,initrc_state_t,initrc_state_t)
+ getattr_files_pattern($1, initrc_state_t, initrc_state_t)
')
########################################
@@ -1286,7 +1286,7 @@ interface(`init_rw_script_tmp_files',`
')
files_search_tmp($1)
- rw_files_pattern($1,initrc_tmp_t,initrc_tmp_t)
+ rw_files_pattern($1, initrc_tmp_t, initrc_tmp_t)
')
########################################
@@ -1316,7 +1316,7 @@ interface(`init_script_tmp_filetrans',`
')
files_search_tmp($1)
- filetrans_pattern($1,initrc_tmp_t,$2,$3)
+ filetrans_pattern($1, initrc_tmp_t, $2, $3)
')
########################################
diff --git a/policy/modules/system/init.te b/policy/modules/system/init.te
index f954c0c..fbea5b1 100644
--- a/policy/modules/system/init.te
+++ b/policy/modules/system/init.te
@@ -15,7 +15,7 @@ gen_require(`
## Enable support for upstart as the init program.
##
##
-gen_tunable(init_upstart,false)
+gen_tunable(init_upstart, false)
# used for direct running of init scripts
# by admin domains
@@ -36,8 +36,8 @@ attribute daemon;
type init_t;
type init_exec_t;
domain_type(init_t)
-domain_entry_file(init_t,init_exec_t)
-kernel_domtrans_to(init_t,init_exec_t)
+domain_entry_file(init_t, init_exec_t)
+kernel_domtrans_to(init_t, init_exec_t)
role system_r types init_t;
#
@@ -58,7 +58,7 @@ mls_trusted_object(initctl_t)
type initrc_t, init_script_domain_type, init_run_all_scripts_domain;
type initrc_exec_t, init_script_file_type;
domain_type(initrc_t)
-domain_entry_file(initrc_t,initrc_exec_t)
+domain_entry_file(initrc_t, initrc_exec_t)
role system_r types initrc_t;
# should be part of the true block
# of the below init_upstart tunable
@@ -79,7 +79,7 @@ type initrc_var_run_t;
files_pid_file(initrc_var_run_t)
ifdef(`enable_mls',`
- kernel_ranged_domtrans_to(init_t,init_exec_t,s0 - mls_systemhigh)
+ kernel_ranged_domtrans_to(init_t, init_exec_t, s0 - mls_systemhigh)
')
########################################
@@ -99,16 +99,16 @@ allow init_t self:capability ~sys_module;
allow init_t self:fifo_file rw_fifo_file_perms;
# Re-exec itself
-can_exec(init_t,init_exec_t)
+can_exec(init_t, init_exec_t)
allow init_t initrc_t:unix_stream_socket connectto;
# For /var/run/shutdown.pid.
allow init_t init_var_run_t:file manage_file_perms;
-files_pid_filetrans(init_t,init_var_run_t,file)
+files_pid_filetrans(init_t, init_var_run_t, file)
allow init_t initctl_t:fifo_file manage_fifo_file_perms;
-dev_filetrans(init_t,initctl_t,fifo_file)
+dev_filetrans(init_t, initctl_t, fifo_file)
fs_associate_tmpfs(initctl_t)
# Modify utmp.
@@ -133,7 +133,7 @@ files_read_etc_files(init_t)
files_rw_generic_pids(init_t)
files_dontaudit_search_isid_type_dirs(init_t)
files_manage_etc_runtime_files(init_t)
-files_etc_filetrans_etc_runtime(init_t,file)
+files_etc_filetrans_etc_runtime(init_t, file)
# Run /etc/X11/prefdm:
files_exec_etc_files(init_t)
# file descriptors inherited from the rootfs:
@@ -173,11 +173,11 @@ ifdef(`distro_gentoo',`
ifdef(`distro_redhat',`
fs_rw_tmpfs_chr_files(init_t)
- fs_tmpfs_filetrans(init_t,initctl_t,fifo_file)
+ fs_tmpfs_filetrans(init_t, initctl_t, fifo_file)
')
tunable_policy(`init_upstart',`
- corecmd_shell_domtrans(init_t,initrc_t)
+ corecmd_shell_domtrans(init_t, initrc_t)
',`
# Run the shell in the sysadm role for single-user mode.
# causes problems with upstart
@@ -214,7 +214,7 @@ allow initrc_t self:udp_socket create_socket_perms;
allow initrc_t self:fifo_file rw_file_perms;
allow initrc_t initrc_devpts_t:chr_file rw_term_perms;
-term_create_pty(initrc_t,initrc_devpts_t)
+term_create_pty(initrc_t, initrc_devpts_t)
# Going to single user mode
init_exec(initrc_t)
@@ -223,18 +223,18 @@ can_exec(initrc_t, init_script_file_type)
domtrans_pattern(init_run_all_scripts_domain, initrc_exec_t, initrc_t)
-manage_dirs_pattern(initrc_t,initrc_state_t,initrc_state_t)
-manage_files_pattern(initrc_t,initrc_state_t,initrc_state_t)
-manage_lnk_files_pattern(initrc_t,initrc_state_t,initrc_state_t)
-manage_fifo_files_pattern(initrc_t,initrc_state_t,initrc_state_t)
+manage_dirs_pattern(initrc_t, initrc_state_t, initrc_state_t)
+manage_files_pattern(initrc_t, initrc_state_t, initrc_state_t)
+manage_lnk_files_pattern(initrc_t, initrc_state_t, initrc_state_t)
+manage_fifo_files_pattern(initrc_t, initrc_state_t, initrc_state_t)
allow initrc_t initrc_var_run_t:file manage_file_perms;
-files_pid_filetrans(initrc_t,initrc_var_run_t,file)
+files_pid_filetrans(initrc_t, initrc_var_run_t, file)
-can_exec(initrc_t,initrc_tmp_t)
+can_exec(initrc_t, initrc_tmp_t)
allow initrc_t initrc_tmp_t:file manage_file_perms;
allow initrc_t initrc_tmp_t:dir manage_dir_perms;
-files_tmp_filetrans(initrc_t,initrc_tmp_t, { file dir })
+files_tmp_filetrans(initrc_t, initrc_tmp_t, { file dir })
init_write_initctl(initrc_t)
@@ -349,7 +349,7 @@ files_delete_all_pids(initrc_t)
files_delete_all_pid_dirs(initrc_t)
files_read_etc_files(initrc_t)
files_manage_etc_runtime_files(initrc_t)
-files_etc_filetrans_etc_runtime(initrc_t,file)
+files_etc_filetrans_etc_runtime(initrc_t, file)
files_manage_generic_locks(initrc_t)
files_exec_etc_files(initrc_t)
files_read_usr_files(initrc_t)
@@ -391,7 +391,7 @@ userdom_use_user_terminals(initrc_t)
ifdef(`distro_debian',`
dev_setattr_generic_dirs(initrc_t)
- fs_tmpfs_filetrans(initrc_t,initrc_var_run_t,dir)
+ fs_tmpfs_filetrans(initrc_t, initrc_var_run_t, dir)
# for storing state under /dev/shm
fs_setattr_tmpfs_dirs(initrc_t)
@@ -420,7 +420,7 @@ ifdef(`distro_gentoo',`
# needed until baselayout is fixed to have the
# restorecon on /dev to again be immediately after
# mounting tmpfs on /dev
- fs_tmpfs_filetrans(initrc_t,initrc_state_t,file)
+ fs_tmpfs_filetrans(initrc_t, initrc_state_t, file)
# init scripts touch this
clock_dontaudit_write_adjtime(initrc_t)
@@ -735,7 +735,7 @@ optional_policy(`
optional_policy(`
# allow init scripts to su
- su_restricted_domain_template(initrc,initrc_t,system_r)
+ su_restricted_domain_template(initrc, initrc_t, system_r)
')
optional_policy(`
diff --git a/policy/modules/system/ipsec.if b/policy/modules/system/ipsec.if
index 27cacf5..a162c77 100644
--- a/policy/modules/system/ipsec.if
+++ b/policy/modules/system/ipsec.if
@@ -15,7 +15,7 @@ interface(`ipsec_domtrans',`
type ipsec_t, ipsec_exec_t;
')
- domtrans_pattern($1,ipsec_exec_t,ipsec_t)
+ domtrans_pattern($1, ipsec_exec_t, ipsec_t)
')
########################################
@@ -34,7 +34,7 @@ interface(`ipsec_stream_connect',`
')
files_search_pids($1)
- stream_connect_pattern($1,ipsec_var_run_t,ipsec_var_run_t,ipsec_t)
+ stream_connect_pattern($1, ipsec_var_run_t, ipsec_var_run_t, ipsec_t)
')
########################################
@@ -70,7 +70,7 @@ interface(`ipsec_exec_mgmt',`
type ipsec_exec_t;
')
- can_exec($1,ipsec_exec_t)
+ can_exec($1, ipsec_exec_t)
')
########################################
@@ -166,7 +166,7 @@ interface(`ipsec_manage_pid',`
')
files_search_pids($1)
- manage_files_pattern($1,ipsec_var_run_t,ipsec_var_run_t)
+ manage_files_pattern($1, ipsec_var_run_t, ipsec_var_run_t)
')
########################################
@@ -184,7 +184,7 @@ interface(`ipsec_domtrans_racoon',`
type racoon_t, racoon_exec_t;
')
- domtrans_pattern($1,racoon_exec_t,racoon_t)
+ domtrans_pattern($1, racoon_exec_t, racoon_t)
')
########################################
@@ -202,7 +202,7 @@ interface(`ipsec_domtrans_setkey',`
type setkey_t, setkey_exec_t;
')
- domtrans_pattern($1,setkey_exec_t,setkey_t)
+ domtrans_pattern($1, setkey_exec_t, setkey_t)
')
########################################
diff --git a/policy/modules/system/ipsec.te b/policy/modules/system/ipsec.te
index 4f9df30..bc0fd7f 100644
--- a/policy/modules/system/ipsec.te
+++ b/policy/modules/system/ipsec.te
@@ -8,7 +8,7 @@ policy_module(ipsec, 1.9.1)
type ipsec_t;
type ipsec_exec_t;
-init_daemon_domain(ipsec_t,ipsec_exec_t)
+init_daemon_domain(ipsec_t, ipsec_exec_t)
role system_r types ipsec_t;
# type for ipsec configuration file(s) - not for keys
@@ -28,7 +28,7 @@ files_pid_file(ipsec_var_run_t)
type ipsec_mgmt_t;
type ipsec_mgmt_exec_t;
-init_system_domain(ipsec_mgmt_t,ipsec_mgmt_exec_t)
+init_system_domain(ipsec_mgmt_t, ipsec_mgmt_exec_t)
corecmd_shell_entry_type(ipsec_mgmt_t)
role system_r types ipsec_mgmt_t;
@@ -40,12 +40,12 @@ files_pid_file(ipsec_mgmt_var_run_t)
type racoon_t;
type racoon_exec_t;
-init_daemon_domain(racoon_t,racoon_exec_t)
+init_daemon_domain(racoon_t, racoon_exec_t)
role system_r types racoon_t;
type setkey_t;
type setkey_exec_t;
-init_system_domain(setkey_t,setkey_exec_t)
+init_system_domain(setkey_t, setkey_exec_t)
role system_r types setkey_t;
########################################
@@ -63,12 +63,12 @@ allow ipsec_t self:fifo_file read_fifo_file_perms;
allow ipsec_t self:netlink_xfrm_socket { create_netlink_socket_perms nlmsg_write };
allow ipsec_t ipsec_conf_file_t:dir list_dir_perms;
-read_files_pattern(ipsec_t,ipsec_conf_file_t,ipsec_conf_file_t)
-read_lnk_files_pattern(ipsec_t,ipsec_conf_file_t,ipsec_conf_file_t)
+read_files_pattern(ipsec_t, ipsec_conf_file_t, ipsec_conf_file_t)
+read_lnk_files_pattern(ipsec_t, ipsec_conf_file_t, ipsec_conf_file_t)
allow ipsec_t ipsec_key_file_t:dir list_dir_perms;
-read_files_pattern(ipsec_t,ipsec_key_file_t,ipsec_key_file_t)
-read_lnk_files_pattern(ipsec_t,ipsec_key_file_t,ipsec_key_file_t)
+read_files_pattern(ipsec_t, ipsec_key_file_t, ipsec_key_file_t)
+read_lnk_files_pattern(ipsec_t, ipsec_key_file_t, ipsec_key_file_t)
manage_files_pattern(ipsec_t, ipsec_var_run_t, ipsec_var_run_t)
manage_sock_files_pattern(ipsec_t, ipsec_var_run_t, ipsec_var_run_t)
@@ -80,7 +80,7 @@ can_exec(ipsec_t, ipsec_mgmt_exec_t)
# a shell script, we need to find a way to make things work without
# letting all sorts of stuff possibly be run...
# so try flipping back into the ipsec_mgmt_t domain
-corecmd_shell_domtrans(ipsec_t,ipsec_mgmt_t)
+corecmd_shell_domtrans(ipsec_t, ipsec_mgmt_t)
allow ipsec_mgmt_t ipsec_t:fd use;
allow ipsec_mgmt_t ipsec_t:fifo_file rw_file_perms;
allow ipsec_mgmt_t ipsec_t:process sigchld;
@@ -162,21 +162,21 @@ allow ipsec_mgmt_t self:key_socket create_socket_perms;
allow ipsec_mgmt_t self:fifo_file rw_file_perms;
allow ipsec_mgmt_t ipsec_mgmt_lock_t:file manage_file_perms;
-files_lock_filetrans(ipsec_mgmt_t,ipsec_mgmt_lock_t,file)
+files_lock_filetrans(ipsec_mgmt_t, ipsec_mgmt_lock_t, file)
allow ipsec_mgmt_t ipsec_mgmt_var_run_t:file manage_file_perms;
-files_pid_filetrans(ipsec_mgmt_t,ipsec_mgmt_var_run_t,file)
+files_pid_filetrans(ipsec_mgmt_t, ipsec_mgmt_var_run_t, file)
-manage_files_pattern(ipsec_mgmt_t,ipsec_var_run_t,ipsec_var_run_t)
-manage_lnk_files_pattern(ipsec_mgmt_t,ipsec_var_run_t,ipsec_var_run_t)
+manage_files_pattern(ipsec_mgmt_t, ipsec_var_run_t, ipsec_var_run_t)
+manage_lnk_files_pattern(ipsec_mgmt_t, ipsec_var_run_t, ipsec_var_run_t)
allow ipsec_mgmt_t ipsec_var_run_t:sock_file manage_sock_file_perms;
-files_pid_filetrans(ipsec_mgmt_t,ipsec_var_run_t,sock_file)
+files_pid_filetrans(ipsec_mgmt_t, ipsec_var_run_t, sock_file)
# _realsetup needs to be able to cat /var/run/pluto.pid,
# run ps on that pid, and delete the file
-read_files_pattern(ipsec_mgmt_t,ipsec_t,ipsec_t)
-read_lnk_files_pattern(ipsec_mgmt_t,ipsec_t,ipsec_t)
+read_files_pattern(ipsec_mgmt_t, ipsec_t, ipsec_t)
+read_lnk_files_pattern(ipsec_mgmt_t, ipsec_t, ipsec_t)
# logger, running in ipsec_mgmt_t needs to use sockets
allow ipsec_mgmt_t self:unix_dgram_socket { create connect write };
@@ -184,18 +184,18 @@ allow ipsec_mgmt_t ipsec_t:unix_dgram_socket { create connect write };
allow ipsec_mgmt_t ipsec_conf_file_t:file read_file_perms;
-manage_files_pattern(ipsec_mgmt_t,ipsec_key_file_t,ipsec_key_file_t)
-manage_lnk_files_pattern(ipsec_mgmt_t,ipsec_key_file_t,ipsec_key_file_t)
-files_etc_filetrans(ipsec_mgmt_t,ipsec_key_file_t,file)
+manage_files_pattern(ipsec_mgmt_t, ipsec_key_file_t, ipsec_key_file_t)
+manage_lnk_files_pattern(ipsec_mgmt_t, ipsec_key_file_t, ipsec_key_file_t)
+files_etc_filetrans(ipsec_mgmt_t, ipsec_key_file_t, file)
# whack needs to connect to pluto
-stream_connect_pattern(ipsec_mgmt_t,ipsec_var_run_t,ipsec_var_run_t,ipsec_t)
+stream_connect_pattern(ipsec_mgmt_t, ipsec_var_run_t, ipsec_var_run_t, ipsec_t)
can_exec(ipsec_mgmt_t, ipsec_exec_t)
can_exec(ipsec_mgmt_t, ipsec_mgmt_exec_t)
allow ipsec_mgmt_t ipsec_mgmt_exec_t:lnk_file read;
-domtrans_pattern(ipsec_mgmt_t,ipsec_exec_t,ipsec_t)
+domtrans_pattern(ipsec_mgmt_t, ipsec_exec_t, ipsec_t)
kernel_rw_net_sysctls(ipsec_mgmt_t)
# allow pluto to access /proc/net/ipsec_eroute;
@@ -282,17 +282,17 @@ allow racoon_t self:udp_socket create_socket_perms;
allow racoon_t self:key_socket create_socket_perms;
# manage pid file
-manage_files_pattern(racoon_t,ipsec_var_run_t,ipsec_var_run_t)
-manage_sock_files_pattern(racoon_t,ipsec_var_run_t,ipsec_var_run_t)
-files_pid_filetrans(racoon_t,ipsec_var_run_t,file)
+manage_files_pattern(racoon_t, ipsec_var_run_t, ipsec_var_run_t)
+manage_sock_files_pattern(racoon_t, ipsec_var_run_t, ipsec_var_run_t)
+files_pid_filetrans(racoon_t, ipsec_var_run_t, file)
allow racoon_t ipsec_conf_file_t:dir list_dir_perms;
-read_files_pattern(racoon_t,ipsec_conf_file_t,ipsec_conf_file_t)
-read_lnk_files_pattern(racoon_t,ipsec_conf_file_t,ipsec_conf_file_t)
+read_files_pattern(racoon_t, ipsec_conf_file_t, ipsec_conf_file_t)
+read_lnk_files_pattern(racoon_t, ipsec_conf_file_t, ipsec_conf_file_t)
allow racoon_t ipsec_key_file_t:dir list_dir_perms;
-read_files_pattern(racoon_t,ipsec_key_file_t,ipsec_key_file_t)
-read_lnk_files_pattern(racoon_t,ipsec_key_file_t,ipsec_key_file_t)
+read_files_pattern(racoon_t, ipsec_key_file_t, ipsec_key_file_t)
+read_lnk_files_pattern(racoon_t, ipsec_key_file_t, ipsec_key_file_t)
kernel_read_system_state(racoon_t)
kernel_read_network_state(racoon_t)
@@ -338,8 +338,8 @@ allow setkey_t self:key_socket create_socket_perms;
allow setkey_t self:netlink_route_socket create_netlink_socket_perms;
allow setkey_t ipsec_conf_file_t:dir list_dir_perms;
-read_files_pattern(setkey_t,ipsec_conf_file_t,ipsec_conf_file_t)
-read_lnk_files_pattern(setkey_t,ipsec_conf_file_t,ipsec_conf_file_t)
+read_files_pattern(setkey_t, ipsec_conf_file_t, ipsec_conf_file_t)
+read_lnk_files_pattern(setkey_t, ipsec_conf_file_t, ipsec_conf_file_t)
# allow setkey utility to set contexts on SA's and policy
domain_ipsec_setcontext_all_domains(setkey_t)
diff --git a/policy/modules/system/iptables.if b/policy/modules/system/iptables.if
index bab19d2..9012783 100644
--- a/policy/modules/system/iptables.if
+++ b/policy/modules/system/iptables.if
@@ -16,7 +16,7 @@ interface(`iptables_domtrans',`
')
corecmd_search_bin($1)
- domtrans_pattern($1,iptables_exec_t,iptables_t)
+ domtrans_pattern($1, iptables_exec_t, iptables_t)
')
########################################
@@ -67,5 +67,5 @@ interface(`iptables_exec',`
')
corecmd_search_bin($1)
- can_exec($1,iptables_exec_t)
+ can_exec($1, iptables_exec_t)
')
diff --git a/policy/modules/system/iptables.te b/policy/modules/system/iptables.te
index ab529fb..68d022a 100644
--- a/policy/modules/system/iptables.te
+++ b/policy/modules/system/iptables.te
@@ -8,7 +8,7 @@ policy_module(iptables, 1.8.1)
type iptables_t;
type iptables_exec_t;
-init_system_domain(iptables_t,iptables_exec_t)
+init_system_domain(iptables_t, iptables_exec_t)
role system_r types iptables_t;
type iptables_tmp_t;
@@ -28,9 +28,9 @@ allow iptables_t self:process { sigchld sigkill sigstop signull signal };
allow iptables_t self:rawip_socket create_socket_perms;
manage_files_pattern(iptables_t, iptables_var_run_t, iptables_var_run_t)
-files_pid_filetrans(iptables_t,iptables_var_run_t,file)
+files_pid_filetrans(iptables_t, iptables_var_run_t, file)
-can_exec(iptables_t,iptables_exec_t)
+can_exec(iptables_t, iptables_exec_t)
allow iptables_t iptables_tmp_t:dir manage_dir_perms;
allow iptables_t iptables_tmp_t:file manage_file_perms;
diff --git a/policy/modules/system/iscsi.if b/policy/modules/system/iscsi.if
index b8e8f4a..6f0b206 100644
--- a/policy/modules/system/iscsi.if
+++ b/policy/modules/system/iscsi.if
@@ -15,5 +15,5 @@ interface(`iscsid_domtrans',`
type iscsid_t, iscsid_exec_t;
')
- domtrans_pattern($1,iscsid_exec_t,iscsid_t)
+ domtrans_pattern($1, iscsid_exec_t, iscsid_t)
')
diff --git a/policy/modules/system/iscsi.te b/policy/modules/system/iscsi.te
index bfa8bbf..df83ad4 100644
--- a/policy/modules/system/iscsi.te
+++ b/policy/modules/system/iscsi.te
@@ -47,12 +47,12 @@ allow iscsid_t iscsi_tmp_t:file manage_file_perms;
fs_tmpfs_filetrans(iscsid_t, iscsi_tmp_t, file )
allow iscsid_t iscsi_var_lib_t:dir list_dir_perms;
-read_files_pattern(iscsid_t,iscsi_var_lib_t,iscsi_var_lib_t)
-read_lnk_files_pattern(iscsid_t,iscsi_var_lib_t,iscsi_var_lib_t)
+read_files_pattern(iscsid_t, iscsi_var_lib_t, iscsi_var_lib_t)
+read_lnk_files_pattern(iscsid_t, iscsi_var_lib_t, iscsi_var_lib_t)
files_search_var_lib(iscsid_t)
-manage_files_pattern(iscsid_t,iscsi_var_run_t,iscsi_var_run_t)
-files_pid_filetrans(iscsid_t,iscsi_var_run_t,file)
+manage_files_pattern(iscsid_t, iscsi_var_run_t, iscsi_var_run_t)
+files_pid_filetrans(iscsid_t, iscsi_var_run_t, file)
kernel_read_system_state(iscsid_t)
diff --git a/policy/modules/system/libraries.fc b/policy/modules/system/libraries.fc
index 1cfa7c1..f0ff86b 100644
--- a/policy/modules/system/libraries.fc
+++ b/policy/modules/system/libraries.fc
@@ -42,7 +42,7 @@ ifdef(`distro_redhat',`
/lib/ld-[^/]*\.so(\.[^/]*)* -- gen_context(system_u:object_r:ld_so_t,s0)
/lib64/ld-[^/]*\.so(\.[^/]*)* -- gen_context(system_u:object_r:ld_so_t,s0)
-/lib/security/pam_poldi\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
+/lib/security/pam_poldi\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
/lib64/security/pam_poldi\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
ifdef(`distro_debian',`
@@ -115,7 +115,7 @@ ifdef(`distro_redhat',`
/usr/(.*/)?nvidia/.+\.so(\..*)? -- gen_context(system_u:object_r:textrel_shlib_t,s0)
-/usr/lib/vlc/codec/libdmo_plugin\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
+/usr/lib/vlc/codec/libdmo_plugin\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
/usr/lib/vlc/codec/librealaudio_plugin\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
/usr/(.*/)?lib(64)?(/.*)?/nvidia/.+\.so(\..*)? -- gen_context(system_u:object_r:textrel_shlib_t,s0)
@@ -259,7 +259,7 @@ HOME_DIR/.*/plugins/nprhapengine\.so.* -- gen_context(system_u:object_r:textrel_
/usr/lib(64)?/libdivxdecore\.so\.0 -- gen_context(system_u:object_r:textrel_shlib_t,s0)
/usr/lib(64)?/libdivxencore\.so\.0 -- gen_context(system_u:object_r:textrel_shlib_t,s0)
-/usr/lib(64)?/libdvdcss\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
+/usr/lib(64)?/libdvdcss\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
/usr/lib(64)?/python2.4/site-packages/M2Crypto/__m2crypto\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
diff --git a/policy/modules/system/libraries.if b/policy/modules/system/libraries.if
index 7c9b27b..ab261be 100644
--- a/policy/modules/system/libraries.if
+++ b/policy/modules/system/libraries.if
@@ -16,7 +16,7 @@ interface(`libs_domtrans_ldconfig',`
')
corecmd_search_bin($1)
- domtrans_pattern($1,ldconfig_exec_t,ldconfig_t)
+ domtrans_pattern($1, ldconfig_exec_t, ldconfig_t)
')
########################################
@@ -63,8 +63,8 @@ interface(`libs_use_ld_so',`
files_list_etc($1)
allow $1 lib_t:dir list_dir_perms;
- read_lnk_files_pattern($1,lib_t,{ lib_t ld_so_t })
- mmap_files_pattern($1,lib_t,ld_so_t)
+ read_lnk_files_pattern($1, lib_t, { lib_t ld_so_t })
+ mmap_files_pattern($1, lib_t, ld_so_t)
allow $1 ld_so_cache_t:file read_file_perms;
')
@@ -106,8 +106,8 @@ interface(`libs_exec_ld_so',`
')
allow $1 lib_t:dir list_dir_perms;
- read_lnk_files_pattern($1,lib_t,{ lib_t ld_so_t })
- exec_files_pattern($1,lib_t,ld_so_t)
+ read_lnk_files_pattern($1, lib_t, { lib_t ld_so_t })
+ exec_files_pattern($1, lib_t, ld_so_t)
')
########################################
@@ -127,7 +127,7 @@ interface(`libs_manage_ld_so',`
type lib_t, ld_so_t;
')
- manage_files_pattern($1,lib_t,ld_so_t)
+ manage_files_pattern($1, lib_t, ld_so_t)
')
########################################
@@ -147,7 +147,7 @@ interface(`libs_relabel_ld_so',`
type lib_t, ld_so_t;
')
- relabel_files_pattern($1,lib_t,ld_so_t)
+ relabel_files_pattern($1, lib_t, ld_so_t)
')
########################################
@@ -248,9 +248,9 @@ interface(`libs_read_lib_files',`
')
files_search_usr($1)
- list_dirs_pattern($1,lib_t,lib_t)
- read_files_pattern($1,lib_t,lib_t)
- read_lnk_files_pattern($1,lib_t,lib_t)
+ list_dirs_pattern($1, lib_t, lib_t)
+ read_files_pattern($1, lib_t, lib_t)
+ read_lnk_files_pattern($1, lib_t, lib_t)
')
########################################
@@ -270,8 +270,8 @@ interface(`libs_exec_lib_files',`
files_search_usr($1)
allow $1 lib_t:dir list_dir_perms;
- read_lnk_files_pattern($1,lib_t,lib_t)
- exec_files_pattern($1,lib_t,lib_t)
+ read_lnk_files_pattern($1, lib_t, lib_t)
+ exec_files_pattern($1, lib_t, lib_t)
')
########################################
@@ -307,7 +307,7 @@ interface(`libs_manage_lib_files',`
type lib_t;
')
- manage_files_pattern($1,lib_t,lib_t)
+ manage_files_pattern($1, lib_t, lib_t)
')
########################################
@@ -325,7 +325,7 @@ interface(`libs_relabelto_lib_files',`
type lib_t;
')
- relabelto_files_pattern($1,lib_t,lib_t)
+ relabelto_files_pattern($1, lib_t, lib_t)
')
########################################
@@ -345,7 +345,7 @@ interface(`libs_relabel_lib_files',`
type lib_t;
')
- relabel_files_pattern($1,lib_t,lib_t)
+ relabel_files_pattern($1, lib_t, lib_t)
')
########################################
@@ -364,7 +364,7 @@ interface(`libs_delete_lib_symlinks',`
type lib_t;
')
- delete_lnk_files_pattern($1,lib_t,lib_t)
+ delete_lnk_files_pattern($1, lib_t, lib_t)
')
########################################
@@ -383,7 +383,7 @@ interface(`libs_manage_shared_libs',`
type lib_t, textrel_shlib_t;
')
- manage_files_pattern($1,lib_t,{ lib_t textrel_shlib_t })
+ manage_files_pattern($1, lib_t, { lib_t textrel_shlib_t })
')
########################################
@@ -403,8 +403,8 @@ interface(`libs_use_shared_libs',`
files_list_usr($1)
allow $1 lib_t:dir list_dir_perms;
- read_lnk_files_pattern($1,lib_t,{ lib_t textrel_shlib_t })
- mmap_files_pattern($1,lib_t,{ lib_t textrel_shlib_t })
+ read_lnk_files_pattern($1, lib_t, { lib_t textrel_shlib_t })
+ mmap_files_pattern($1, lib_t, { lib_t textrel_shlib_t })
allow $1 textrel_shlib_t:file execmod;
')
@@ -445,7 +445,7 @@ interface(`libs_relabel_shared_libs',`
type lib_t, textrel_shlib_t;
')
- relabel_files_pattern($1,lib_t,{ lib_t textrel_shlib_t })
+ relabel_files_pattern($1, lib_t, { lib_t textrel_shlib_t })
')
########################################
diff --git a/policy/modules/system/libraries.te b/policy/modules/system/libraries.te
index 7416e51..185a7d1 100644
--- a/policy/modules/system/libraries.te
+++ b/policy/modules/system/libraries.te
@@ -20,7 +20,7 @@ files_type(ld_so_t)
type ldconfig_t;
type ldconfig_exec_t;
-init_system_domain(ldconfig_t,ldconfig_exec_t)
+init_system_domain(ldconfig_t, ldconfig_exec_t)
role system_r types ldconfig_t;
type ldconfig_cache_t;
@@ -57,14 +57,14 @@ allow ldconfig_t self:capability sys_chroot;
manage_files_pattern(ldconfig_t, ldconfig_cache_t, ldconfig_cache_t)
allow ldconfig_t ld_so_cache_t:file manage_file_perms;
-files_etc_filetrans(ldconfig_t,ld_so_cache_t,file)
+files_etc_filetrans(ldconfig_t, ld_so_cache_t, file)
-manage_dirs_pattern(ldconfig_t,ldconfig_tmp_t,ldconfig_tmp_t)
-manage_files_pattern(ldconfig_t,ldconfig_tmp_t,ldconfig_tmp_t)
-manage_lnk_files_pattern(ldconfig_t,ldconfig_tmp_t,ldconfig_tmp_t)
+manage_dirs_pattern(ldconfig_t, ldconfig_tmp_t, ldconfig_tmp_t)
+manage_files_pattern(ldconfig_t, ldconfig_tmp_t, ldconfig_tmp_t)
+manage_lnk_files_pattern(ldconfig_t, ldconfig_tmp_t, ldconfig_tmp_t)
files_tmp_filetrans(ldconfig_t, ldconfig_tmp_t, { file dir lnk_file })
-manage_lnk_files_pattern(ldconfig_t,lib_t,lib_t)
+manage_lnk_files_pattern(ldconfig_t, lib_t, lib_t)
kernel_read_system_state(ldconfig_t)
diff --git a/policy/modules/system/locallogin.if b/policy/modules/system/locallogin.if
index 447fe0b..37292fd 100644
--- a/policy/modules/system/locallogin.if
+++ b/policy/modules/system/locallogin.if
@@ -15,10 +15,10 @@ interface(`locallogin_domtrans',`
type local_login_t;
')
- auth_domtrans_login_program($1,local_login_t)
+ auth_domtrans_login_program($1, local_login_t)
ifdef(`enable_mcs',`
- auth_ranged_domtrans_login_program($1,local_login_t,s0 - mcs_systemhigh)
+ auth_ranged_domtrans_login_program($1, local_login_t, s0 - mcs_systemhigh)
')
')
@@ -127,5 +127,5 @@ interface(`locallogin_domtrans_sulogin',`
type sulogin_exec_t, sulogin_t;
')
- domtrans_pattern($1,sulogin_exec_t,sulogin_t)
+ domtrans_pattern($1, sulogin_exec_t, sulogin_t)
')
diff --git a/policy/modules/system/locallogin.te b/policy/modules/system/locallogin.te
index 6a9b414..1088951 100644
--- a/policy/modules/system/locallogin.te
+++ b/policy/modules/system/locallogin.te
@@ -24,8 +24,8 @@ domain_obj_id_change_exemption(sulogin_t)
domain_subj_id_change_exemption(sulogin_t)
domain_role_change_exemption(sulogin_t)
domain_interactive_fd(sulogin_t)
-init_domain(sulogin_t,sulogin_exec_t)
-init_system_domain(sulogin_t,sulogin_exec_t)
+init_domain(sulogin_t, sulogin_exec_t)
+init_system_domain(sulogin_t, sulogin_exec_t)
role system_r types sulogin_t;
########################################
@@ -50,7 +50,7 @@ allow local_login_t self:msg { send receive };
allow local_login_t self:key { search write link };
allow local_login_t local_login_lock_t:file manage_file_perms;
-files_lock_filetrans(local_login_t,local_login_lock_t,file)
+files_lock_filetrans(local_login_t, local_login_lock_t, file)
allow local_login_t local_login_tmp_t:dir manage_dir_perms;
allow local_login_t local_login_tmp_t:file manage_file_perms;
diff --git a/policy/modules/system/logging.if b/policy/modules/system/logging.if
index 59fa98b..e93c344 100644
--- a/policy/modules/system/logging.if
+++ b/policy/modules/system/logging.if
@@ -99,7 +99,7 @@ interface(`logging_read_audit_log',`
')
files_search_var($1)
- read_files_pattern($1,auditd_log_t,auditd_log_t)
+ read_files_pattern($1, auditd_log_t, auditd_log_t)
allow $1 auditd_log_t:dir list_dir_perms;
')
@@ -118,7 +118,7 @@ interface(`logging_domtrans_auditctl',`
type auditctl_t, auditctl_exec_t;
')
- domtrans_pattern($1,auditctl_exec_t,auditctl_t)
+ domtrans_pattern($1, auditctl_exec_t, auditctl_t)
')
########################################
@@ -162,7 +162,7 @@ interface(`logging_domtrans_auditd',`
type auditd_t, auditd_exec_t;
')
- domtrans_pattern($1,auditd_exec_t,auditd_t)
+ domtrans_pattern($1, auditd_exec_t, auditd_t)
')
########################################
@@ -311,7 +311,7 @@ interface(`logging_manage_audit_config',`
')
files_search_etc($1)
- manage_files_pattern($1,auditd_etc_t,auditd_etc_t)
+ manage_files_pattern($1, auditd_etc_t, auditd_etc_t)
')
########################################
@@ -331,8 +331,8 @@ interface(`logging_manage_audit_log',`
')
files_search_var($1)
- manage_dirs_pattern($1,auditd_log_t,auditd_log_t)
- manage_files_pattern($1,auditd_log_t,auditd_log_t)
+ manage_dirs_pattern($1, auditd_log_t, auditd_log_t)
+ manage_files_pattern($1, auditd_log_t, auditd_log_t)
')
########################################
@@ -351,7 +351,7 @@ interface(`logging_domtrans_klog',`
')
corecmd_search_bin($1)
- domtrans_pattern($1,klogd_exec_t,klogd_t)
+ domtrans_pattern($1, klogd_exec_t, klogd_t)
')
########################################
@@ -390,7 +390,7 @@ interface(`logging_domtrans_syslog',`
')
corecmd_search_bin($1)
- domtrans_pattern($1,syslogd_exec_t,syslogd_t)
+ domtrans_pattern($1, syslogd_exec_t, syslogd_t)
')
########################################
@@ -420,7 +420,7 @@ interface(`logging_log_filetrans',`
')
files_search_var($1)
- filetrans_pattern($1,var_log_t,$2,$3)
+ filetrans_pattern($1, var_log_t, $2, $3)
')
########################################
@@ -468,7 +468,7 @@ interface(`logging_read_audit_config',`
')
files_search_etc($1)
- read_files_pattern($1,auditd_etc_t,auditd_etc_t)
+ read_files_pattern($1, auditd_etc_t, auditd_etc_t)
allow $1 auditd_etc_t:dir list_dir_perms;
')
@@ -666,7 +666,7 @@ interface(`logging_exec_all_logs',`
files_search_var($1)
allow $1 logfile:dir list_dir_perms;
- can_exec($1,logfile)
+ can_exec($1, logfile)
')
########################################
@@ -705,8 +705,8 @@ interface(`logging_manage_all_logs',`
')
files_search_var($1)
- manage_files_pattern($1,logfile,logfile)
- read_lnk_files_pattern($1,logfile,logfile)
+ manage_files_pattern($1, logfile, logfile)
+ read_lnk_files_pattern($1, logfile, logfile)
')
########################################
@@ -727,7 +727,7 @@ interface(`logging_read_generic_logs',`
files_search_var($1)
allow $1 var_log_t:dir list_dir_perms;
- read_files_pattern($1,var_log_t,var_log_t)
+ read_files_pattern($1, var_log_t, var_log_t)
')
########################################
@@ -747,7 +747,7 @@ interface(`logging_write_generic_logs',`
files_search_var($1)
allow $1 var_log_t:dir list_dir_perms;
- write_files_pattern($1,var_log_t,var_log_t)
+ write_files_pattern($1, var_log_t, var_log_t)
')
########################################
@@ -785,7 +785,7 @@ interface(`logging_rw_generic_logs',`
files_search_var($1)
allow $1 var_log_t:dir list_dir_perms;
- rw_files_pattern($1,var_log_t,var_log_t)
+ rw_files_pattern($1, var_log_t, var_log_t)
')
########################################
@@ -806,7 +806,7 @@ interface(`logging_manage_generic_logs',`
')
files_search_var($1)
- manage_files_pattern($1,var_log_t,var_log_t)
+ manage_files_pattern($1, var_log_t, var_log_t)
')
########################################
diff --git a/policy/modules/system/logging.te b/policy/modules/system/logging.te
index 20132d7..d2fe3b7 100644
--- a/policy/modules/system/logging.te
+++ b/policy/modules/system/logging.te
@@ -10,7 +10,7 @@ attribute logfile;
type auditctl_t;
type auditctl_exec_t;
-init_system_domain(auditctl_t,auditctl_exec_t)
+init_system_domain(auditctl_t, auditctl_exec_t)
role system_r types auditctl_t;
type auditd_etc_t;
@@ -22,7 +22,7 @@ files_security_mountpoint(auditd_log_t)
type auditd_t;
type auditd_exec_t;
-init_daemon_domain(auditd_t,auditd_exec_t)
+init_daemon_domain(auditd_t, auditd_exec_t)
type auditd_initrc_exec_t;
init_script_file(auditd_initrc_exec_t)
@@ -47,7 +47,7 @@ mls_trusted_object(devlog_t)
type klogd_t;
type klogd_exec_t;
-init_daemon_domain(klogd_t,klogd_exec_t)
+init_daemon_domain(klogd_t, klogd_exec_t)
type klogd_tmp_t;
files_tmp_file(klogd_tmp_t)
@@ -60,7 +60,7 @@ files_type(syslog_conf_t)
type syslogd_t;
type syslogd_exec_t;
-init_daemon_domain(syslogd_t,syslogd_exec_t)
+init_daemon_domain(syslogd_t, syslogd_exec_t)
type syslogd_initrc_exec_t;
init_script_file(syslogd_initrc_exec_t)
@@ -91,7 +91,7 @@ ifdef(`enable_mls',`
allow auditctl_t self:capability { fsetid dac_read_search dac_override };
allow auditctl_t self:netlink_audit_socket nlmsg_readpriv;
-read_files_pattern(auditctl_t,auditd_etc_t,auditd_etc_t)
+read_files_pattern(auditctl_t, auditd_etc_t, auditd_etc_t)
allow auditctl_t auditd_etc_t:dir list_dir_perms;
# Needed for adding watches
@@ -132,13 +132,13 @@ allow auditd_t self:tcp_socket create_stream_socket_perms;
allow auditd_t auditd_etc_t:dir list_dir_perms;
allow auditd_t auditd_etc_t:file read_file_perms;
-manage_files_pattern(auditd_t,auditd_log_t,auditd_log_t)
-manage_lnk_files_pattern(auditd_t,auditd_log_t,auditd_log_t)
+manage_files_pattern(auditd_t, auditd_log_t, auditd_log_t)
+manage_lnk_files_pattern(auditd_t, auditd_log_t, auditd_log_t)
allow auditd_t var_log_t:dir search_dir_perms;
-manage_files_pattern(auditd_t,auditd_var_run_t,auditd_var_run_t)
-manage_sock_files_pattern(auditd_t,auditd_var_run_t,auditd_var_run_t)
-files_pid_filetrans(auditd_t,auditd_var_run_t,{ file sock_file })
+manage_files_pattern(auditd_t, auditd_var_run_t, auditd_var_run_t)
+manage_sock_files_pattern(auditd_t, auditd_var_run_t, auditd_var_run_t)
+files_pid_filetrans(auditd_t, auditd_var_run_t, { file sock_file })
kernel_read_kernel_sysctls(auditd_t)
# Needs to be able to run dispatcher. see /etc/audit/auditd.conf
@@ -271,12 +271,12 @@ allow klogd_t self:capability sys_admin;
dontaudit klogd_t self:capability { sys_resource sys_tty_config };
allow klogd_t self:process signal_perms;
-manage_dirs_pattern(klogd_t,klogd_tmp_t,klogd_tmp_t)
-manage_files_pattern(klogd_t,klogd_tmp_t,klogd_tmp_t)
-files_tmp_filetrans(klogd_t,klogd_tmp_t,{ file dir })
+manage_dirs_pattern(klogd_t, klogd_tmp_t, klogd_tmp_t)
+manage_files_pattern(klogd_t, klogd_tmp_t, klogd_tmp_t)
+files_tmp_filetrans(klogd_t, klogd_tmp_t,{ file dir })
-manage_files_pattern(klogd_t,klogd_var_run_t,klogd_var_run_t)
-files_pid_filetrans(klogd_t,klogd_var_run_t,file)
+manage_files_pattern(klogd_t, klogd_var_run_t, klogd_var_run_t)
+files_pid_filetrans(klogd_t, klogd_var_run_t, file)
kernel_read_system_state(klogd_t)
kernel_read_messages(klogd_t)
@@ -345,29 +345,29 @@ allow syslogd_t syslog_conf_t:file read_file_perms;
# Create and bind to /dev/log or /var/run/log.
allow syslogd_t devlog_t:sock_file manage_sock_file_perms;
-files_pid_filetrans(syslogd_t,devlog_t,sock_file)
+files_pid_filetrans(syslogd_t, devlog_t, sock_file)
# create/append log files.
-manage_files_pattern(syslogd_t,var_log_t,var_log_t)
-rw_fifo_files_pattern(syslogd_t,var_log_t,var_log_t)
+manage_files_pattern(syslogd_t, var_log_t, var_log_t)
+rw_fifo_files_pattern(syslogd_t, var_log_t, var_log_t)
# Allow access for syslog-ng
allow syslogd_t var_log_t:dir { create setattr };
# manage temporary files
-manage_dirs_pattern(syslogd_t,syslogd_tmp_t,syslogd_tmp_t)
-manage_files_pattern(syslogd_t,syslogd_tmp_t,syslogd_tmp_t)
-files_tmp_filetrans(syslogd_t,syslogd_tmp_t,{ dir file })
+manage_dirs_pattern(syslogd_t, syslogd_tmp_t, syslogd_tmp_t)
+manage_files_pattern(syslogd_t, syslogd_tmp_t, syslogd_tmp_t)
+files_tmp_filetrans(syslogd_t, syslogd_tmp_t, { dir file })
manage_files_pattern(syslogd_t, syslogd_var_lib_t, syslogd_var_lib_t)
files_search_var_lib(syslogd_t)
allow syslogd_t syslogd_var_run_t:file manage_file_perms;
-files_pid_filetrans(syslogd_t,syslogd_var_run_t,file)
+files_pid_filetrans(syslogd_t, syslogd_var_run_t, file)
# manage pid file
-manage_files_pattern(syslogd_t,syslogd_var_run_t,syslogd_var_run_t)
-files_pid_filetrans(syslogd_t,syslogd_var_run_t,file)
+manage_files_pattern(syslogd_t, syslogd_var_run_t, syslogd_var_run_t)
+files_pid_filetrans(syslogd_t, syslogd_var_run_t, file)
kernel_read_system_state(syslogd_t)
kernel_read_kernel_sysctls(syslogd_t)
@@ -403,7 +403,7 @@ corenet_sendrecv_syslogd_server_packets(syslogd_t)
corenet_sendrecv_postgresql_client_packets(syslogd_t)
corenet_sendrecv_mysqld_client_packets(syslogd_t)
-dev_filetrans(syslogd_t,devlog_t,sock_file)
+dev_filetrans(syslogd_t, devlog_t, sock_file)
dev_read_sysfs(syslogd_t)
domain_use_interactive_fds(syslogd_t)
@@ -451,7 +451,7 @@ ifdef(`distro_gentoo',`
ifdef(`distro_suse',`
# suse creates a /dev/log under /var/lib/stunnel for chrooted stunnel
- files_var_lib_filetrans(syslogd_t,devlog_t,sock_file)
+ files_var_lib_filetrans(syslogd_t, devlog_t, sock_file)
')
ifdef(`distro_ubuntu',`
diff --git a/policy/modules/system/lvm.te b/policy/modules/system/lvm.te
index 224131e..5e6ef6d 100644
--- a/policy/modules/system/lvm.te
+++ b/policy/modules/system/lvm.te
@@ -46,7 +46,7 @@ files_tmp_file(lvm_tmp_t)
allow clvmd_t self:capability { sys_nice chown ipc_lock sys_admin mknod };
dontaudit clvmd_t self:capability sys_tty_config;
-allow clvmd_t self:process { signal_perms setsched };
+allow clvmd_t self:process { signal_perms setsched };
dontaudit clvmd_t self:process ptrace;
allow clvmd_t self:socket create_socket_perms;
allow clvmd_t self:fifo_file rw_fifo_file_perms;
diff --git a/policy/modules/system/miscfiles.if b/policy/modules/system/miscfiles.if
index 5ef7e51..428ce71 100644
--- a/policy/modules/system/miscfiles.if
+++ b/policy/modules/system/miscfiles.if
@@ -17,8 +17,8 @@ interface(`miscfiles_read_certs',`
')
allow $1 cert_t:dir list_dir_perms;
- read_files_pattern($1,cert_t,cert_t)
- read_lnk_files_pattern($1,cert_t,cert_t)
+ read_files_pattern($1, cert_t, cert_t)
+ read_lnk_files_pattern($1, cert_t, cert_t)
')
########################################
@@ -81,8 +81,8 @@ interface(`miscfiles_read_fonts',`
libs_search_lib($1)
allow $1 fonts_t:dir list_dir_perms;
- read_files_pattern($1,fonts_t,fonts_t)
- read_lnk_files_pattern($1,fonts_t,fonts_t)
+ read_files_pattern($1, fonts_t, fonts_t)
+ read_lnk_files_pattern($1, fonts_t, fonts_t)
')
########################################
@@ -125,9 +125,9 @@ interface(`miscfiles_manage_fonts',`
files_search_usr($1)
libs_search_lib($1)
- manage_dirs_pattern($1,fonts_t,fonts_t)
- manage_files_pattern($1,fonts_t,fonts_t)
- manage_lnk_files_pattern($1,fonts_t,fonts_t)
+ manage_dirs_pattern($1, fonts_t, fonts_t)
+ manage_files_pattern($1, fonts_t, fonts_t)
+ manage_lnk_files_pattern($1, fonts_t, fonts_t)
')
########################################
@@ -146,8 +146,8 @@ interface(`miscfiles_read_hwdata',`
')
allow $1 hwdata_t:dir list_dir_perms;
- read_files_pattern($1,hwdata_t,hwdata_t)
- read_lnk_files_pattern($1,hwdata_t,hwdata_t)
+ read_files_pattern($1, hwdata_t, hwdata_t)
+ read_lnk_files_pattern($1, hwdata_t, hwdata_t)
')
########################################
@@ -188,8 +188,8 @@ interface(`miscfiles_read_localization',`
files_read_etc_symlinks($1)
files_search_usr($1)
allow $1 locale_t:dir list_dir_perms;
- read_files_pattern($1,locale_t,locale_t)
- read_lnk_files_pattern($1,locale_t,locale_t)
+ read_files_pattern($1, locale_t, locale_t)
+ read_lnk_files_pattern($1, locale_t, locale_t)
# why?
libs_read_lib_files($1)
@@ -212,7 +212,7 @@ interface(`miscfiles_rw_localization',`
files_search_usr($1)
allow $1 locale_t:dir list_dir_perms;
- rw_files_pattern($1,locale_t,locale_t)
+ rw_files_pattern($1, locale_t, locale_t)
')
########################################
@@ -231,7 +231,7 @@ interface(`miscfiles_relabel_localization',`
')
files_search_usr($1)
- relabel_files_pattern($1,locale_t,locale_t)
+ relabel_files_pattern($1, locale_t, locale_t)
')
########################################
@@ -289,8 +289,8 @@ interface(`miscfiles_read_man_pages',`
files_search_usr($1)
allow $1 man_t:dir list_dir_perms;
- read_files_pattern($1,man_t,man_t)
- read_lnk_files_pattern($1,man_t,man_t)
+ read_files_pattern($1, man_t, man_t)
+ read_lnk_files_pattern($1, man_t, man_t)
')
########################################
@@ -314,9 +314,9 @@ interface(`miscfiles_delete_man_pages',`
allow $1 man_t:dir setattr;
# RH bug #309351
allow $1 man_t:dir list_dir_perms;
- delete_dirs_pattern($1,man_t,man_t)
- delete_files_pattern($1,man_t,man_t)
- delete_lnk_files_pattern($1,man_t,man_t)
+ delete_dirs_pattern($1, man_t, man_t)
+ delete_files_pattern($1, man_t, man_t)
+ delete_lnk_files_pattern($1, man_t, man_t)
')
########################################
@@ -335,9 +335,9 @@ interface(`miscfiles_manage_man_pages',`
')
files_search_usr($1)
- manage_dirs_pattern($1,man_t,man_t)
- manage_files_pattern($1,man_t,man_t)
- read_lnk_files_pattern($1,man_t,man_t)
+ manage_dirs_pattern($1, man_t, man_t)
+ manage_files_pattern($1, man_t, man_t)
+ read_lnk_files_pattern($1, man_t, man_t)
')
########################################
@@ -379,9 +379,9 @@ interface(`miscfiles_manage_public_files',`
type public_content_rw_t;
')
- manage_dirs_pattern($1,public_content_rw_t,public_content_rw_t)
- manage_files_pattern($1,public_content_rw_t,public_content_rw_t)
- manage_lnk_files_pattern($1,public_content_rw_t,public_content_rw_t)
+ manage_dirs_pattern($1, public_content_rw_t, public_content_rw_t)
+ manage_files_pattern($1, public_content_rw_t, public_content_rw_t)
+ manage_lnk_files_pattern($1, public_content_rw_t, public_content_rw_t)
')
########################################
@@ -404,8 +404,8 @@ interface(`miscfiles_read_tetex_data',`
# cjp: TeX data can be in either of the above dirs
allow $1 tetex_data_t:dir list_dir_perms;
- read_files_pattern($1,tetex_data_t,tetex_data_t)
- read_lnk_files_pattern($1,tetex_data_t,tetex_data_t)
+ read_files_pattern($1, tetex_data_t, tetex_data_t)
+ read_lnk_files_pattern($1, tetex_data_t, tetex_data_t)
')
########################################
@@ -429,7 +429,7 @@ interface(`miscfiles_exec_tetex_data',`
# cjp: TeX data can be in either of the above dirs
allow $1 tetex_data_t:dir list_dir_perms;
- exec_files_pattern($1,tetex_data_t,tetex_data_t)
+ exec_files_pattern($1, tetex_data_t, tetex_data_t)
')
########################################
@@ -466,8 +466,8 @@ interface(`miscfiles_read_test_files',`
type test_file_t;
')
- read_files_pattern($1,test_file_t,test_file_t)
- read_lnk_files_pattern($1,test_file_t,test_file_t)
+ read_files_pattern($1, test_file_t, test_file_t)
+ read_lnk_files_pattern($1, test_file_t, test_file_t)
')
########################################
@@ -485,8 +485,8 @@ interface(`miscfiles_exec_test_files',`
type test_file_t;
')
- exec_files_pattern($1,test_file_t,test_file_t)
- read_lnk_files_pattern($1,test_file_t,test_file_t)
+ exec_files_pattern($1, test_file_t, test_file_t)
+ read_lnk_files_pattern($1, test_file_t, test_file_t)
')
########################################
@@ -524,8 +524,8 @@ interface(`miscfiles_manage_localization',`
type locale_t;
')
- manage_dirs_pattern($1,locale_t,locale_t)
- manage_files_pattern($1,locale_t,locale_t)
- manage_lnk_files_pattern($1,locale_t,locale_t)
+ manage_dirs_pattern($1, locale_t, locale_t)
+ manage_files_pattern($1, locale_t, locale_t)
+ manage_lnk_files_pattern($1, locale_t, locale_t)
')
diff --git a/policy/modules/system/modutils.te b/policy/modules/system/modutils.te
index 7250809..7a60d3c 100644
--- a/policy/modules/system/modutils.te
+++ b/policy/modules/system/modutils.te
@@ -20,18 +20,18 @@ files_type(modules_dep_t)
type insmod_t;
type insmod_exec_t;
-application_domain(insmod_t,insmod_exec_t)
+application_domain(insmod_t, insmod_exec_t)
mls_file_write_all_levels(insmod_t)
role system_r types insmod_t;
type depmod_t;
type depmod_exec_t;
-init_system_domain(depmod_t,depmod_exec_t)
+init_system_domain(depmod_t, depmod_exec_t)
role system_r types depmod_t;
type update_modules_t;
type update_modules_exec_t;
-init_system_domain(update_modules_t,update_modules_exec_t)
+init_system_domain(update_modules_t, update_modules_exec_t)
role system_r types update_modules_t;
type update_modules_tmp_t;
@@ -118,7 +118,7 @@ ifdef(`distro_ubuntu',`
')
if( ! secure_mode_insmod ) {
- kernel_domtrans_to(insmod_t,insmod_exec_t)
+ kernel_domtrans_to(insmod_t, insmod_exec_t)
}
optional_policy(`
@@ -178,7 +178,7 @@ can_exec(depmod_t, depmod_exec_t)
allow depmod_t modules_conf_t:file read_file_perms;
allow depmod_t modules_dep_t:file manage_file_perms;
-files_kernel_modules_filetrans(depmod_t,modules_dep_t,file)
+files_kernel_modules_filetrans(depmod_t, modules_dep_t, file)
kernel_read_system_state(depmod_t)
@@ -231,8 +231,8 @@ can_exec(update_modules_t, update_modules_exec_t)
# manage module loading configuration
allow update_modules_t modules_conf_t:file manage_file_perms;
-files_kernel_modules_filetrans(update_modules_t,modules_conf_t,file)
-files_etc_filetrans(update_modules_t,modules_conf_t,file)
+files_kernel_modules_filetrans(update_modules_t, modules_conf_t, file)
+files_etc_filetrans(update_modules_t, modules_conf_t, file)
# transition to depmod
domain_auto_trans(update_modules_t, depmod_exec_t, depmod_t)
@@ -241,8 +241,8 @@ allow depmod_t update_modules_t:fd use;
allow depmod_t update_modules_t:fifo_file rw_file_perms;
allow depmod_t update_modules_t:process sigchld;
-manage_dirs_pattern(update_modules_t,update_modules_tmp_t,update_modules_tmp_t)
-manage_files_pattern(update_modules_t,update_modules_tmp_t,update_modules_tmp_t)
+manage_dirs_pattern(update_modules_t, update_modules_tmp_t, update_modules_tmp_t)
+manage_files_pattern(update_modules_t, update_modules_tmp_t, update_modules_tmp_t)
files_tmp_filetrans(update_modules_t, update_modules_tmp_t, { file dir })
kernel_read_kernel_sysctls(update_modules_t)
diff --git a/policy/modules/system/mount.if b/policy/modules/system/mount.if
index 805bef0..bb547ea 100644
--- a/policy/modules/system/mount.if
+++ b/policy/modules/system/mount.if
@@ -15,7 +15,7 @@ interface(`mount_domtrans',`
type mount_t, mount_exec_t;
')
- domtrans_pattern($1,mount_exec_t,mount_t)
+ domtrans_pattern($1, mount_exec_t, mount_t)
')
########################################
@@ -68,7 +68,7 @@ interface(`mount_exec',`
allow $1 mount_exec_t:dir list_dir_perms;
allow $1 mount_exec_t:lnk_file read_lnk_file_perms;
- can_exec($1,mount_exec_t)
+ can_exec($1, mount_exec_t)
')
########################################
diff --git a/policy/modules/system/mount.te b/policy/modules/system/mount.te
index 5cf7a76..8d7d9fc 100644
--- a/policy/modules/system/mount.te
+++ b/policy/modules/system/mount.te
@@ -11,11 +11,11 @@ policy_module(mount, 1.10.0)
## Allow the mount command to mount any directory or file.
##
##
-gen_tunable(allow_mount_anyfile,false)
+gen_tunable(allow_mount_anyfile, false)
type mount_t;
type mount_exec_t;
-init_system_domain(mount_t,mount_exec_t)
+init_system_domain(mount_t, mount_exec_t)
role system_r types mount_t;
type mount_loopback_t; # customizable
@@ -28,7 +28,7 @@ files_tmp_file(mount_tmp_t)
# this is optionally declared in monolithic
# policy--duplicate type declaration
type unconfined_mount_t;
-application_domain(unconfined_mount_t,mount_exec_t)
+application_domain(unconfined_mount_t, mount_exec_t)
########################################
#
@@ -45,7 +45,7 @@ allow mount_t mount_tmp_t:dir manage_dir_perms;
can_exec(mount_t, mount_exec_t)
-files_tmp_filetrans(mount_t,mount_tmp_t,{ file dir })
+files_tmp_filetrans(mount_t, mount_tmp_t, { file dir })
kernel_read_system_state(mount_t)
kernel_read_kernel_sysctls(mount_t)
@@ -83,7 +83,7 @@ domain_use_interactive_fds(mount_t)
files_search_all(mount_t)
files_read_etc_files(mount_t)
files_manage_etc_runtime_files(mount_t)
-files_etc_filetrans_etc_runtime(mount_t,file)
+files_etc_filetrans_etc_runtime(mount_t, file)
files_mounton_all_mountpoints(mount_t)
files_unmount_rootfs(mount_t)
# These rules need to be generalized. Only admin, initrc should have it:
@@ -193,6 +193,6 @@ optional_policy(`
#
optional_policy(`
- files_etc_filetrans_etc_runtime(unconfined_mount_t,file)
+ files_etc_filetrans_etc_runtime(unconfined_mount_t, file)
unconfined_domain(unconfined_mount_t)
')
diff --git a/policy/modules/system/netlabel.if b/policy/modules/system/netlabel.if
index 55b158b..b37cd5b 100644
--- a/policy/modules/system/netlabel.if
+++ b/policy/modules/system/netlabel.if
@@ -16,7 +16,7 @@ interface(`netlabel_domtrans_mgmt',`
')
corecmd_search_bin($1)
- domtrans_pattern($1,netlabel_mgmt_exec_t,netlabel_mgmt_t)
+ domtrans_pattern($1, netlabel_mgmt_exec_t, netlabel_mgmt_t)
')
########################################
diff --git a/policy/modules/system/netlabel.te b/policy/modules/system/netlabel.te
index 44470b3..e98925f 100644
--- a/policy/modules/system/netlabel.te
+++ b/policy/modules/system/netlabel.te
@@ -8,7 +8,7 @@ policy_module(netlabel, 1.3.0)
type netlabel_mgmt_t;
type netlabel_mgmt_exec_t;
-application_domain(netlabel_mgmt_t,netlabel_mgmt_exec_t)
+application_domain(netlabel_mgmt_t, netlabel_mgmt_exec_t)
role system_r types netlabel_mgmt_t;
########################################
diff --git a/policy/modules/system/pcmcia.if b/policy/modules/system/pcmcia.if
index 5f63c3a..ac2b18b 100644
--- a/policy/modules/system/pcmcia.if
+++ b/policy/modules/system/pcmcia.if
@@ -31,7 +31,7 @@ interface(`pcmcia_domtrans_cardmgr',`
type cardmgr_t, cardmgr_exec_t;
')
- domtrans_pattern($1,cardmgr_exec_t,cardmgr_t)
+ domtrans_pattern($1, cardmgr_exec_t, cardmgr_t)
')
########################################
@@ -67,7 +67,7 @@ interface(`pcmcia_domtrans_cardctl',`
type cardmgr_t, cardctl_exec_t;
')
- domtrans_pattern($1,cardctl_exec_t,cardmgr_t)
+ domtrans_pattern($1, cardctl_exec_t, cardmgr_t)
')
########################################
@@ -112,7 +112,7 @@ interface(`pcmcia_read_pid',`
')
files_search_pids($1)
- read_files_pattern($1,cardmgr_var_run_t,cardmgr_var_run_t)
+ read_files_pattern($1, cardmgr_var_run_t, cardmgr_var_run_t)
')
########################################
@@ -132,7 +132,7 @@ interface(`pcmcia_manage_pid',`
')
files_search_pids($1)
- manage_files_pattern($1,cardmgr_var_run_t,cardmgr_var_run_t)
+ manage_files_pattern($1, cardmgr_var_run_t, cardmgr_var_run_t)
')
########################################
@@ -152,5 +152,5 @@ interface(`pcmcia_manage_pid_chr_files',`
')
files_search_pids($1)
- manage_chr_files_pattern($1,cardmgr_var_run_t,cardmgr_var_run_t)
+ manage_chr_files_pattern($1, cardmgr_var_run_t, cardmgr_var_run_t)
')
diff --git a/policy/modules/system/pcmcia.te b/policy/modules/system/pcmcia.te
index 5afa094..4f2324d 100644
--- a/policy/modules/system/pcmcia.te
+++ b/policy/modules/system/pcmcia.te
@@ -8,7 +8,7 @@ policy_module(pcmcia, 1.6.0)
type cardmgr_t;
type cardmgr_exec_t;
-init_daemon_domain(cardmgr_t,cardmgr_exec_t)
+init_daemon_domain(cardmgr_t, cardmgr_exec_t)
# Create symbolic links in /dev.
# cjp: this should probably be eliminated
@@ -22,7 +22,7 @@ type cardmgr_var_run_t;
files_pid_file(cardmgr_var_run_t)
type cardctl_exec_t;
-application_domain(cardmgr_t,cardctl_exec_t)
+application_domain(cardmgr_t, cardctl_exec_t)
########################################
#
@@ -38,14 +38,14 @@ allow cardmgr_t self:unix_dgram_socket create_socket_perms;
allow cardmgr_t self:unix_stream_socket create_socket_perms;
allow cardmgr_t cardmgr_lnk_t:lnk_file manage_lnk_file_perms;
-dev_filetrans(cardmgr_t,cardmgr_lnk_t,lnk_file)
+dev_filetrans(cardmgr_t, cardmgr_lnk_t, lnk_file)
# Create stab file
-manage_files_pattern(cardmgr_t,cardmgr_var_lib_t,cardmgr_var_lib_t)
-files_var_lib_filetrans(cardmgr_t,cardmgr_var_lib_t,file)
+manage_files_pattern(cardmgr_t, cardmgr_var_lib_t, cardmgr_var_lib_t)
+files_var_lib_filetrans(cardmgr_t, cardmgr_var_lib_t, file)
allow cardmgr_t cardmgr_var_run_t:file manage_file_perms;
-files_pid_filetrans(cardmgr_t,cardmgr_var_run_t,file)
+files_pid_filetrans(cardmgr_t, cardmgr_var_run_t, file)
kernel_read_system_state(cardmgr_t)
kernel_read_kernel_sysctls(cardmgr_t)
diff --git a/policy/modules/system/raid.if b/policy/modules/system/raid.if
index 849f921..b3c7bfb 100644
--- a/policy/modules/system/raid.if
+++ b/policy/modules/system/raid.if
@@ -16,7 +16,7 @@ interface(`raid_domtrans_mdadm',`
')
corecmd_search_bin($1)
- domtrans_pattern($1,mdadm_exec_t,mdadm_t)
+ domtrans_pattern($1, mdadm_exec_t, mdadm_t)
')
########################################
diff --git a/policy/modules/system/raid.te b/policy/modules/system/raid.te
index ea5b7be..91f1259 100644
--- a/policy/modules/system/raid.te
+++ b/policy/modules/system/raid.te
@@ -8,7 +8,7 @@ policy_module(raid, 1.8.1)
type mdadm_t;
type mdadm_exec_t;
-init_daemon_domain(mdadm_t,mdadm_exec_t)
+init_daemon_domain(mdadm_t, mdadm_exec_t)
role system_r types mdadm_t;
type mdadm_var_run_t;
@@ -24,8 +24,8 @@ dontaudit mdadm_t self:capability sys_tty_config;
allow mdadm_t self:process { sigchld sigkill sigstop signull signal };
allow mdadm_t self:fifo_file rw_fifo_file_perms;
-manage_files_pattern(mdadm_t,mdadm_var_run_t,mdadm_var_run_t)
-files_pid_filetrans(mdadm_t,mdadm_var_run_t,file)
+manage_files_pattern(mdadm_t, mdadm_var_run_t, mdadm_var_run_t)
+files_pid_filetrans(mdadm_t, mdadm_var_run_t, file)
kernel_read_system_state(mdadm_t)
kernel_read_kernel_sysctls(mdadm_t)
diff --git a/policy/modules/system/selinuxutil.if b/policy/modules/system/selinuxutil.if
index f8b5d9c..d01cffc 100644
--- a/policy/modules/system/selinuxutil.if
+++ b/policy/modules/system/selinuxutil.if
@@ -17,7 +17,7 @@ interface(`seutil_domtrans_checkpolicy',`
files_search_usr($1)
corecmd_search_bin($1)
- domtrans_pattern($1,checkpolicy_exec_t,checkpolicy_t)
+ domtrans_pattern($1, checkpolicy_exec_t, checkpolicy_t)
')
########################################
@@ -65,7 +65,7 @@ interface(`seutil_exec_checkpolicy',`
files_search_usr($1)
corecmd_search_bin($1)
- can_exec($1,checkpolicy_exec_t)
+ can_exec($1, checkpolicy_exec_t)
')
#######################################
@@ -84,7 +84,7 @@ interface(`seutil_domtrans_loadpolicy',`
')
corecmd_search_bin($1)
- domtrans_pattern($1,load_policy_exec_t,load_policy_t)
+ domtrans_pattern($1, load_policy_exec_t, load_policy_t)
')
########################################
@@ -130,7 +130,7 @@ interface(`seutil_exec_loadpolicy',`
')
corecmd_search_bin($1)
- can_exec($1,load_policy_exec_t)
+ can_exec($1, load_policy_exec_t)
')
########################################
@@ -169,7 +169,7 @@ interface(`seutil_domtrans_newrole',`
files_search_usr($1)
corecmd_search_bin($1)
- domtrans_pattern($1,newrole_exec_t,newrole_t)
+ domtrans_pattern($1, newrole_exec_t, newrole_t)
')
########################################
@@ -218,7 +218,7 @@ interface(`seutil_exec_newrole',`
files_search_usr($1)
corecmd_search_bin($1)
- can_exec($1,newrole_exec_t)
+ can_exec($1, newrole_exec_t)
')
########################################
@@ -366,7 +366,7 @@ interface(`seutil_domtrans_runinit',`
files_search_usr($1)
corecmd_search_bin($1)
- domtrans_pattern($1,run_init_exec_t,run_init_t)
+ domtrans_pattern($1, run_init_exec_t, run_init_t)
')
########################################
@@ -390,7 +390,7 @@ interface(`seutil_init_script_domtrans_runinit',`
type run_init_t;
')
- init_script_file_domtrans($1,run_init_t)
+ init_script_file_domtrans($1, run_init_t)
allow run_init_t $1:fd use;
allow run_init_t $1:fifo_file rw_file_perms;
@@ -503,7 +503,7 @@ interface(`seutil_domtrans_setfiles',`
files_search_usr($1)
corecmd_search_bin($1)
- domtrans_pattern($1,setfiles_exec_t,setfiles_t)
+ domtrans_pattern($1, setfiles_exec_t, setfiles_t)
')
########################################
@@ -550,7 +550,7 @@ interface(`seutil_exec_setfiles',`
files_search_usr($1)
corecmd_search_bin($1)
- can_exec($1,setfiles_exec_t)
+ can_exec($1, setfiles_exec_t)
')
########################################
@@ -610,8 +610,8 @@ interface(`seutil_read_config',`
files_search_etc($1)
allow $1 selinux_config_t:dir list_dir_perms;
- read_files_pattern($1,selinux_config_t,selinux_config_t)
- read_lnk_files_pattern($1,selinux_config_t,selinux_config_t)
+ read_files_pattern($1, selinux_config_t, selinux_config_t)
+ read_lnk_files_pattern($1, selinux_config_t, selinux_config_t)
')
########################################
@@ -632,7 +632,7 @@ interface(`seutil_rw_config',`
files_search_etc($1)
allow $1 selinux_config_t:dir list_dir_perms;
- rw_files_pattern($1,selinux_config_t,selinux_config_t)
+ rw_files_pattern($1, selinux_config_t, selinux_config_t)
')
#######################################
@@ -680,8 +680,8 @@ interface(`seutil_manage_config',`
')
files_search_etc($1)
- manage_files_pattern($1,selinux_config_t,selinux_config_t)
- read_lnk_files_pattern($1,selinux_config_t,selinux_config_t)
+ manage_files_pattern($1, selinux_config_t, selinux_config_t)
+ read_lnk_files_pattern($1, selinux_config_t, selinux_config_t)
')
#######################################
@@ -721,7 +721,7 @@ interface(`seutil_search_default_contexts',`
')
files_search_etc($1)
- search_dirs_pattern($1,selinux_config_t,default_context_t)
+ search_dirs_pattern($1, selinux_config_t, default_context_t)
')
########################################
@@ -743,7 +743,7 @@ interface(`seutil_read_default_contexts',`
files_search_etc($1)
allow $1 selinux_config_t:dir search_dir_perms;
allow $1 default_context_t:dir list_dir_perms;
- read_files_pattern($1,default_context_t,default_context_t)
+ read_files_pattern($1, default_context_t, default_context_t)
')
########################################
@@ -763,7 +763,7 @@ interface(`seutil_manage_default_contexts',`
files_search_etc($1)
allow $1 selinux_config_t:dir search_dir_perms;
- manage_files_pattern($1,default_context_t,default_context_t)
+ manage_files_pattern($1, default_context_t, default_context_t)
')
########################################
@@ -784,7 +784,7 @@ interface(`seutil_read_file_contexts',`
files_search_etc($1)
allow $1 { selinux_config_t default_context_t }:dir search_dir_perms;
- read_files_pattern($1,file_context_t,file_context_t)
+ read_files_pattern($1, file_context_t, file_context_t)
')
########################################
@@ -824,7 +824,7 @@ interface(`seutil_rw_file_contexts',`
files_search_etc($1)
allow $1 { selinux_config_t default_context_t }:dir search_dir_perms;
- rw_files_pattern($1,file_context_t,file_context_t)
+ rw_files_pattern($1, file_context_t, file_context_t)
')
########################################
@@ -845,7 +845,7 @@ interface(`seutil_manage_file_contexts',`
files_search_etc($1)
allow $1 { selinux_config_t default_context_t }:dir search_dir_perms;
- manage_files_pattern($1,file_context_t,file_context_t)
+ manage_files_pattern($1, file_context_t, file_context_t)
')
########################################
@@ -865,7 +865,7 @@ interface(`seutil_read_bin_policy',`
files_search_etc($1)
allow $1 selinux_config_t:dir search_dir_perms;
- read_files_pattern($1,policy_config_t,policy_config_t)
+ read_files_pattern($1, policy_config_t, policy_config_t)
')
########################################
@@ -886,8 +886,8 @@ interface(`seutil_create_bin_policy',`
files_search_etc($1)
allow $1 selinux_config_t:dir search_dir_perms;
- create_files_pattern($1,policy_config_t,policy_config_t)
- write_files_pattern($1,policy_config_t,policy_config_t)
+ create_files_pattern($1, policy_config_t, policy_config_t)
+ write_files_pattern($1, policy_config_t, policy_config_t)
# typeattribute $1 can_write_binary_policy;
')
@@ -930,7 +930,7 @@ interface(`seutil_manage_bin_policy',`
files_search_etc($1)
allow $1 selinux_config_t:dir search_dir_perms;
- manage_files_pattern($1,policy_config_t,policy_config_t)
+ manage_files_pattern($1, policy_config_t, policy_config_t)
typeattribute $1 can_write_binary_policy;
')
@@ -950,8 +950,8 @@ interface(`seutil_read_src_policy',`
')
files_search_etc($1)
- list_dirs_pattern($1,selinux_config_t,policy_src_t)
- read_files_pattern($1,policy_src_t,policy_src_t)
+ list_dirs_pattern($1, selinux_config_t, policy_src_t)
+ read_files_pattern($1, policy_src_t, policy_src_t)
')
########################################
@@ -973,8 +973,8 @@ interface(`seutil_manage_src_policy',`
files_search_etc($1)
allow $1 selinux_config_t:dir search_dir_perms;
- manage_dirs_pattern($1,policy_src_t,policy_src_t)
- manage_files_pattern($1,policy_src_t,policy_src_t)
+ manage_dirs_pattern($1, policy_src_t, policy_src_t)
+ manage_files_pattern($1, policy_src_t, policy_src_t)
')
########################################
@@ -994,7 +994,7 @@ interface(`seutil_domtrans_semanage',`
files_search_usr($1)
corecmd_search_bin($1)
- domtrans_pattern($1,semanage_exec_t,semanage_t)
+ domtrans_pattern($1, semanage_exec_t, semanage_t)
')
########################################
@@ -1043,9 +1043,9 @@ interface(`seutil_manage_module_store',`
')
files_search_etc($1)
- manage_dirs_pattern($1,selinux_config_t,semanage_store_t)
- manage_files_pattern($1,semanage_store_t,semanage_store_t)
- filetrans_pattern($1,selinux_config_t,semanage_store_t,dir)
+ manage_dirs_pattern($1, selinux_config_t, semanage_store_t)
+ manage_files_pattern($1, semanage_store_t, semanage_store_t)
+ filetrans_pattern($1, selinux_config_t, semanage_store_t, dir)
')
#######################################
@@ -1064,7 +1064,7 @@ interface(`seutil_get_semanage_read_lock',`
')
files_search_etc($1)
- rw_files_pattern($1,selinux_config_t,semanage_read_lock_t)
+ rw_files_pattern($1, selinux_config_t, semanage_read_lock_t)
')
#######################################
@@ -1083,7 +1083,7 @@ interface(`seutil_get_semanage_trans_lock',`
')
files_search_etc($1)
- rw_files_pattern($1,selinux_config_t,semanage_trans_lock_t)
+ rw_files_pattern($1, selinux_config_t, semanage_trans_lock_t)
')
########################################
diff --git a/policy/modules/system/selinuxutil.te b/policy/modules/system/selinuxutil.te
index 7815d4b..f706ef0 100644
--- a/policy/modules/system/selinuxutil.te
+++ b/policy/modules/system/selinuxutil.te
@@ -44,12 +44,12 @@ files_type(file_context_t)
type load_policy_t;
type load_policy_exec_t;
-application_domain(load_policy_t,load_policy_exec_t)
+application_domain(load_policy_t, load_policy_exec_t)
role system_r types load_policy_t;
type newrole_t;
type newrole_exec_t;
-application_domain(newrole_t,newrole_exec_t)
+application_domain(newrole_t, newrole_exec_t)
domain_role_change_exemption(newrole_t)
domain_obj_id_change_exemption(newrole_t)
domain_interactive_fd(newrole_t)
@@ -73,7 +73,7 @@ files_type(policy_src_t)
type restorecond_t;
type restorecond_exec_t;
-init_daemon_domain(restorecond_t,restorecond_exec_t)
+init_daemon_domain(restorecond_t, restorecond_exec_t)
domain_obj_id_change_exemption(restorecond_t)
role system_r types restorecond_t;
@@ -82,13 +82,13 @@ files_pid_file(restorecond_var_run_t)
type run_init_t;
type run_init_exec_t;
-application_domain(run_init_t,run_init_exec_t)
+application_domain(run_init_t, run_init_exec_t)
domain_system_change_exemption(run_init_t)
role system_r types run_init_t;
type semanage_t;
type semanage_exec_t;
-application_domain(semanage_t,semanage_exec_t)
+application_domain(semanage_t, semanage_exec_t)
domain_interactive_fd(semanage_t)
role system_r types semanage_t;
@@ -106,7 +106,7 @@ files_type(semanage_trans_lock_t)
type setfiles_t alias restorecon_t, can_relabelto_binary_policy;
type setfiles_exec_t alias restorecon_exec_t;
-init_system_domain(setfiles_t,setfiles_exec_t)
+init_system_domain(setfiles_t, setfiles_exec_t)
domain_obj_id_change_exemption(setfiles_t)
########################################
@@ -117,14 +117,14 @@ domain_obj_id_change_exemption(setfiles_t)
allow checkpolicy_t self:capability dac_override;
# able to create and modify binary policy files
-manage_files_pattern(checkpolicy_t,policy_config_t,policy_config_t)
+manage_files_pattern(checkpolicy_t, policy_config_t, policy_config_t)
# allow test policies to be created in src directories
-filetrans_add_pattern(checkpolicy_t,policy_src_t,policy_config_t,file)
+filetrans_add_pattern(checkpolicy_t, policy_src_t, policy_config_t, file)
# only allow read of policy source files
-read_files_pattern(checkpolicy_t,policy_src_t,policy_src_t)
-read_lnk_files_pattern(checkpolicy_t,policy_src_t,policy_src_t)
+read_files_pattern(checkpolicy_t, policy_src_t, policy_src_t)
+read_lnk_files_pattern(checkpolicy_t, policy_src_t, policy_src_t)
allow checkpolicy_t selinux_config_t:dir search_dir_perms;
domain_use_interactive_fds(checkpolicy_t)
@@ -219,8 +219,8 @@ allow newrole_t self:unix_dgram_socket sendto;
allow newrole_t self:unix_stream_socket { create_stream_socket_perms connectto };
allow newrole_t self:netlink_audit_socket { create_netlink_socket_perms nlmsg_relay };
-read_files_pattern(newrole_t,default_context_t,default_context_t)
-read_lnk_files_pattern(newrole_t,default_context_t,default_context_t)
+read_files_pattern(newrole_t, default_context_t, default_context_t)
+read_lnk_files_pattern(newrole_t, default_context_t, default_context_t)
kernel_read_system_state(newrole_t)
kernel_read_kernel_sysctls(newrole_t)
@@ -307,7 +307,7 @@ allow restorecond_t self:capability { dac_override dac_read_search fowner };
allow restorecond_t self:fifo_file rw_fifo_file_perms;
allow restorecond_t restorecond_var_run_t:file manage_file_perms;
-files_pid_filetrans(restorecond_t,restorecond_var_run_t, file)
+files_pid_filetrans(restorecond_t, restorecond_var_run_t, file)
kernel_use_fds(restorecond_t)
kernel_rw_pipes(restorecond_t)
diff --git a/policy/modules/system/setrans.if b/policy/modules/system/setrans.if
index b204eb8..dea7f55 100644
--- a/policy/modules/system/setrans.if
+++ b/policy/modules/system/setrans.if
@@ -18,6 +18,6 @@ interface(`setrans_translate_context',`
allow $1 self:unix_stream_socket create_stream_socket_perms;
allow $1 setrans_t:context translate;
- stream_connect_pattern($1,setrans_var_run_t,setrans_var_run_t,setrans_t)
+ stream_connect_pattern($1, setrans_var_run_t, setrans_var_run_t, setrans_t)
files_list_pids($1)
')
diff --git a/policy/modules/system/setrans.te b/policy/modules/system/setrans.te
index 2ddabe1..e73af1d 100644
--- a/policy/modules/system/setrans.te
+++ b/policy/modules/system/setrans.te
@@ -22,11 +22,11 @@ files_pid_file(setrans_var_run_t)
mls_trusted_object(setrans_var_run_t)
ifdef(`enable_mcs',`
- init_ranged_daemon_domain(setrans_t, setrans_exec_t,s0 - mcs_systemhigh)
+ init_ranged_daemon_domain(setrans_t, setrans_exec_t, s0 - mcs_systemhigh)
')
ifdef(`enable_mls',`
- init_ranged_daemon_domain(setrans_t, setrans_exec_t,mls_systemhigh)
+ init_ranged_daemon_domain(setrans_t, setrans_exec_t, mls_systemhigh)
')
########################################
@@ -45,9 +45,9 @@ can_exec(setrans_t, setrans_exec_t)
corecmd_search_bin(setrans_t)
# create unix domain socket in /var
-manage_files_pattern(setrans_t,setrans_var_run_t,setrans_var_run_t)
-manage_sock_files_pattern(setrans_t,setrans_var_run_t,setrans_var_run_t)
-files_pid_filetrans(setrans_t,setrans_var_run_t,file)
+manage_files_pattern(setrans_t, setrans_var_run_t, setrans_var_run_t)
+manage_sock_files_pattern(setrans_t, setrans_var_run_t, setrans_var_run_t)
+files_pid_filetrans(setrans_t, setrans_var_run_t, file)
kernel_read_kernel_sysctls(setrans_t)
kernel_read_proc_symlinks(setrans_t)
diff --git a/policy/modules/system/sysnetwork.if b/policy/modules/system/sysnetwork.if
index e2eb2fe..a0cd508 100644
--- a/policy/modules/system/sysnetwork.if
+++ b/policy/modules/system/sysnetwork.if
@@ -305,7 +305,7 @@ interface(`sysnet_etc_filetrans_config',`
type net_conf_t;
')
- files_etc_filetrans($1,net_conf_t,file)
+ files_etc_filetrans($1, net_conf_t, file)
')
#######################################
@@ -426,7 +426,7 @@ interface(`sysnet_exec_ifconfig',`
')
corecmd_search_bin($1)
- can_exec($1,ifconfig_exec_t)
+ can_exec($1, ifconfig_exec_t)
')
########################################
@@ -464,7 +464,7 @@ interface(`sysnet_read_dhcp_config',`
')
files_search_etc($1)
- read_files_pattern($1,dhcp_etc_t,dhcp_etc_t)
+ read_files_pattern($1, dhcp_etc_t, dhcp_etc_t)
')
########################################
@@ -522,7 +522,7 @@ interface(`sysnet_dhcp_state_filetrans',`
')
files_search_var_lib($1)
- filetrans_pattern($1,dhcp_state_t,$2,$3)
+ filetrans_pattern($1, dhcp_state_t, $2, $3)
')
########################################
diff --git a/policy/modules/system/sysnetwork.te b/policy/modules/system/sysnetwork.te
index 1fcc896..86a860f 100644
--- a/policy/modules/system/sysnetwork.te
+++ b/policy/modules/system/sysnetwork.te
@@ -17,7 +17,7 @@ files_type(dhcp_state_t)
type dhcpc_t;
type dhcpc_exec_t;
-init_daemon_domain(dhcpc_t,dhcpc_exec_t)
+init_daemon_domain(dhcpc_t, dhcpc_exec_t)
role system_r types dhcpc_t;
type dhcpc_state_t;
@@ -53,24 +53,24 @@ allow dhcpc_t self:packet_socket create_socket_perms;
allow dhcpc_t self:netlink_route_socket { create_socket_perms nlmsg_read nlmsg_write };
allow dhcpc_t dhcp_etc_t:dir list_dir_perms;
-read_lnk_files_pattern(dhcpc_t,dhcp_etc_t,dhcp_etc_t)
-exec_files_pattern(dhcpc_t,dhcp_etc_t,dhcp_etc_t)
+read_lnk_files_pattern(dhcpc_t, dhcp_etc_t, dhcp_etc_t)
+exec_files_pattern(dhcpc_t, dhcp_etc_t, dhcp_etc_t)
-manage_files_pattern(dhcpc_t,dhcpc_state_t,dhcpc_state_t)
-filetrans_pattern(dhcpc_t,dhcp_state_t,dhcpc_state_t,file)
+manage_files_pattern(dhcpc_t, dhcpc_state_t, dhcpc_state_t)
+filetrans_pattern(dhcpc_t, dhcp_state_t, dhcpc_state_t, file)
# create pid file
-manage_files_pattern(dhcpc_t,dhcpc_var_run_t,dhcpc_var_run_t)
-files_pid_filetrans(dhcpc_t,dhcpc_var_run_t,file)
+manage_files_pattern(dhcpc_t, dhcpc_var_run_t, dhcpc_var_run_t)
+files_pid_filetrans(dhcpc_t, dhcpc_var_run_t, file)
# Allow read/write to /etc/resolv.conf and /etc/ntp.conf. Note that any files
# in /etc created by dhcpcd will be labelled net_conf_t.
allow dhcpc_t net_conf_t:file manage_file_perms;
-files_etc_filetrans(dhcpc_t,net_conf_t,file)
+files_etc_filetrans(dhcpc_t, net_conf_t, file)
# create temp files
-manage_dirs_pattern(dhcpc_t,dhcpc_tmp_t,dhcpc_tmp_t)
-manage_files_pattern(dhcpc_t,dhcpc_tmp_t,dhcpc_tmp_t)
+manage_dirs_pattern(dhcpc_t, dhcpc_tmp_t, dhcpc_tmp_t)
+manage_files_pattern(dhcpc_t, dhcpc_tmp_t, dhcpc_tmp_t)
files_tmp_filetrans(dhcpc_t, dhcpc_tmp_t, { file dir })
can_exec(dhcpc_t, dhcpc_exec_t)
diff --git a/policy/modules/system/udev.te b/policy/modules/system/udev.te
index 324001a..ba1536c 100644
--- a/policy/modules/system/udev.te
+++ b/policy/modules/system/udev.te
@@ -9,11 +9,11 @@ policy_module(udev, 1.10.2)
type udev_t;
type udev_exec_t;
type udev_helper_exec_t;
-kernel_domtrans_to(udev_t,udev_exec_t)
+kernel_domtrans_to(udev_t, udev_exec_t)
domain_obj_id_change_exemption(udev_t)
-domain_entry_file(udev_t,udev_helper_exec_t)
+domain_entry_file(udev_t, udev_helper_exec_t)
domain_interactive_fd(udev_t)
-init_daemon_domain(udev_t,udev_exec_t)
+init_daemon_domain(udev_t, udev_exec_t)
type udev_etc_t alias etc_udev_t;
files_config_file(udev_etc_t)
@@ -25,8 +25,8 @@ type udev_var_run_t;
files_pid_file(udev_var_run_t)
ifdef(`enable_mcs',`
- kernel_ranged_domtrans_to(udev_t,udev_exec_t,s0 - mcs_systemhigh)
- init_ranged_daemon_domain(udev_t,udev_exec_t,s0 - mcs_systemhigh)
+ kernel_ranged_domtrans_to(udev_t, udev_exec_t, s0 - mcs_systemhigh)
+ init_ranged_daemon_domain(udev_t, udev_exec_t, s0 - mcs_systemhigh)
')
########################################
@@ -62,11 +62,11 @@ allow udev_t udev_etc_t:file read_file_perms;
# create udev database in /dev/.udevdb
allow udev_t udev_tbl_t:file manage_file_perms;
-dev_filetrans(udev_t,udev_tbl_t,file)
+dev_filetrans(udev_t, udev_tbl_t, file)
-manage_dirs_pattern(udev_t,udev_var_run_t,udev_var_run_t)
-manage_files_pattern(udev_t,udev_var_run_t,udev_var_run_t)
-files_pid_filetrans(udev_t,udev_var_run_t,{ dir file })
+manage_dirs_pattern(udev_t, udev_var_run_t, udev_var_run_t)
+manage_files_pattern(udev_t, udev_var_run_t, udev_var_run_t)
+files_pid_filetrans(udev_t, udev_var_run_t, { dir file })
kernel_read_system_state(udev_t)
kernel_getattr_core_if(udev_t)
diff --git a/policy/modules/system/unconfined.if b/policy/modules/system/unconfined.if
index 2d4c440..5533ca1 100644
--- a/policy/modules/system/unconfined.if
+++ b/policy/modules/system/unconfined.if
@@ -188,7 +188,7 @@ interface(`unconfined_domtrans',`
type unconfined_t, unconfined_exec_t;
')
- domtrans_pattern($1,unconfined_exec_t,unconfined_t)
+ domtrans_pattern($1, unconfined_exec_t, unconfined_t)
')
########################################
@@ -230,7 +230,7 @@ interface(`unconfined_shell_domtrans',`
type unconfined_t;
')
- corecmd_shell_domtrans($1,unconfined_t)
+ corecmd_shell_domtrans($1, unconfined_t)
allow unconfined_t $1:fd use;
allow unconfined_t $1:fifo_file rw_file_perms;
allow unconfined_t $1:process sigchld;
diff --git a/policy/modules/system/userdomain.if b/policy/modules/system/userdomain.if
index 877ecb7..8634334 100644
--- a/policy/modules/system/userdomain.if
+++ b/policy/modules/system/userdomain.if
@@ -2512,7 +2512,7 @@ interface(`userdom_spec_domtrans_all_users',`
attribute userdomain;
')
- corecmd_shell_spec_domtrans($1,userdomain)
+ corecmd_shell_spec_domtrans($1, userdomain)
allow userdomain $1:fd use;
allow userdomain $1:fifo_file rw_file_perms;
allow userdomain $1:process sigchld;
@@ -2535,7 +2535,7 @@ interface(`userdom_xsession_spec_domtrans_all_users',`
attribute userdomain;
')
- xserver_xsession_spec_domtrans($1,userdomain)
+ xserver_xsession_spec_domtrans($1, userdomain)
allow userdomain $1:fd use;
allow userdomain $1:fifo_file rw_file_perms;
allow userdomain $1:process sigchld;
@@ -2558,7 +2558,7 @@ interface(`userdom_spec_domtrans_unpriv_users',`
attribute unpriv_userdomain;
')
- corecmd_shell_spec_domtrans($1,unpriv_userdomain)
+ corecmd_shell_spec_domtrans($1, unpriv_userdomain)
allow unpriv_userdomain $1:fd use;
allow unpriv_userdomain $1:fifo_file rw_file_perms;
allow unpriv_userdomain $1:process sigchld;
@@ -2581,7 +2581,7 @@ interface(`userdom_xsession_spec_domtrans_unpriv_users',`
attribute unpriv_userdomain;
')
- xserver_xsession_spec_domtrans($1,unpriv_userdomain)
+ xserver_xsession_spec_domtrans($1, unpriv_userdomain)
allow unpriv_userdomain $1:fd use;
allow unpriv_userdomain $1:fifo_file rw_file_perms;
allow unpriv_userdomain $1:process sigchld;
@@ -2641,7 +2641,7 @@ interface(`userdom_bin_spec_domtrans_unpriv_users',`
attribute unpriv_userdomain;
')
- corecmd_bin_spec_domtrans($1,unpriv_userdomain)
+ corecmd_bin_spec_domtrans($1, unpriv_userdomain)
allow unpriv_userdomain $1:fd use;
allow unpriv_userdomain $1:fifo_file rw_file_perms;
allow unpriv_userdomain $1:process sigchld;
@@ -2664,7 +2664,7 @@ interface(`userdom_entry_spec_domtrans_unpriv_users',`
attribute unpriv_userdomain;
')
- domain_entry_file_spec_domtrans($1,unpriv_userdomain)
+ domain_entry_file_spec_domtrans($1, unpriv_userdomain)
allow unpriv_userdomain $1:fd use;
allow unpriv_userdomain $1:fifo_file rw_file_perms;
allow unpriv_userdomain $1:process sigchld;
@@ -2850,7 +2850,7 @@ interface(`userdom_read_all_users_state',`
attribute userdomain;
')
- read_files_pattern($1,userdomain,userdomain)
+ read_files_pattern($1, userdomain, userdomain)
kernel_search_proc($1)
')
diff --git a/policy/modules/system/userdomain.te b/policy/modules/system/userdomain.te
index 504f26a..cb0d512 100644
--- a/policy/modules/system/userdomain.te
+++ b/policy/modules/system/userdomain.te
@@ -11,28 +11,28 @@ policy_module(userdomain, 4.1.3)
## Allow users to connect to mysql
##
##
-gen_tunable(allow_user_mysql_connect,false)
+gen_tunable(allow_user_mysql_connect, false)
##
##
## Allow users to connect to PostgreSQL
##
##
-gen_tunable(allow_user_postgresql_connect,false)
+gen_tunable(allow_user_postgresql_connect, false)
##
##
## Allow regular users direct mouse access
##
##
-gen_tunable(user_direct_mouse,false)
+gen_tunable(user_direct_mouse, false)
##
##
## Allow users to read system messages.
##
##
-gen_tunable(user_dmesg,false)
+gen_tunable(user_dmesg, false)
##
##
@@ -40,14 +40,14 @@ gen_tunable(user_dmesg,false)
## that do not have extended attributes (FAT, CDROM, FLOPPY)
##
##
-gen_tunable(user_rw_noexattrfile,false)
+gen_tunable(user_rw_noexattrfile, false)
##
##
## Allow w to display everyone
##
##
-gen_tunable(user_ttyfile_stat,false)
+gen_tunable(user_ttyfile_stat, false)
# all user domains
attribute userdomain;
diff --git a/policy/modules/system/xen.if b/policy/modules/system/xen.if
index 6c8640e..0b1878c 100644
--- a/policy/modules/system/xen.if
+++ b/policy/modules/system/xen.if
@@ -15,7 +15,7 @@ interface(`xen_domtrans',`
type xend_t, xend_exec_t;
')
- domtrans_pattern($1,xend_exec_t,xend_t)
+ domtrans_pattern($1, xend_exec_t, xend_t)
')
########################################
@@ -91,7 +91,7 @@ interface(`xen_append_log',`
')
logging_search_logs($1)
- append_files_pattern($1,xend_var_log_t,xend_var_log_t)
+ append_files_pattern($1, xend_var_log_t, xend_var_log_t)
dontaudit $1 xend_var_log_t:file write;
')
@@ -112,8 +112,8 @@ interface(`xen_manage_log',`
')
logging_search_logs($1)
- manage_dirs_pattern($1,xend_var_log_t,xend_var_log_t)
- manage_files_pattern($1,xend_var_log_t,xend_var_log_t)
+ manage_dirs_pattern($1, xend_var_log_t, xend_var_log_t)
+ manage_files_pattern($1, xend_var_log_t, xend_var_log_t)
')
########################################
@@ -133,7 +133,7 @@ interface(`xen_dontaudit_rw_unix_stream_sockets',`
type xend_t;
')
- dontaudit $1 xend_t:unix_stream_socket { read write };
+ dontaudit $1 xend_t:unix_stream_socket { read write };
')
########################################
@@ -152,7 +152,7 @@ interface(`xen_stream_connect_xenstore',`
')
files_search_pids($1)
- stream_connect_pattern($1,xenstored_var_run_t,xenstored_var_run_t,xenstored_t)
+ stream_connect_pattern($1, xenstored_var_run_t, xenstored_var_run_t, xenstored_t)
')
########################################
@@ -171,7 +171,7 @@ interface(`xen_stream_connect',`
')
files_search_pids($1)
- stream_connect_pattern($1,xend_var_run_t,xend_var_run_t,xend_t)
+ stream_connect_pattern($1, xend_var_run_t, xend_var_run_t, xend_t)
')
########################################
@@ -189,5 +189,5 @@ interface(`xen_domtrans_xm',`
type xm_t, xm_exec_t;
')
- domtrans_pattern($1,xm_exec_t,xm_t)
+ domtrans_pattern($1, xm_exec_t, xm_t)
')
diff --git a/policy/modules/system/xen.te b/policy/modules/system/xen.te
index 1de4131..155ef1b 100644
--- a/policy/modules/system/xen.te
+++ b/policy/modules/system/xen.te
@@ -46,7 +46,7 @@ files_pid_file(xend_var_run_t)
type xenstored_t;
type xenstored_exec_t;
domain_type(xenstored_t)
-domain_entry_file(xenstored_t,xenstored_exec_t)
+domain_entry_file(xenstored_t, xenstored_exec_t)
role system_r types xenstored_t;
# var/lib files
@@ -60,7 +60,7 @@ files_pid_file(xenstored_var_run_t)
type xenconsoled_t;
type xenconsoled_exec_t;
domain_type(xenconsoled_t)
-domain_entry_file(xenconsoled_t,xenconsoled_exec_t)
+domain_entry_file(xenconsoled_t, xenconsoled_exec_t)
role system_r types xenconsoled_t;
# pid files
@@ -90,37 +90,37 @@ allow xend_t self:tcp_socket create_stream_socket_perms;
allow xend_t self:packet_socket create_socket_perms;
allow xend_t xen_image_t:dir list_dir_perms;
-manage_dirs_pattern(xend_t,xen_image_t,xen_image_t)
-manage_files_pattern(xend_t,xen_image_t,xen_image_t)
-read_lnk_files_pattern(xend_t,xen_image_t,xen_image_t)
-rw_blk_files_pattern(xend_t,xen_image_t,xen_image_t)
+manage_dirs_pattern(xend_t, xen_image_t, xen_image_t)
+manage_files_pattern(xend_t, xen_image_t, xen_image_t)
+read_lnk_files_pattern(xend_t, xen_image_t, xen_image_t)
+rw_blk_files_pattern(xend_t, xen_image_t, xen_image_t)
allow xend_t xenctl_t:fifo_file manage_file_perms;
dev_filetrans(xend_t, xenctl_t, fifo_file)
-manage_files_pattern(xend_t,xend_tmp_t,xend_tmp_t)
-manage_dirs_pattern(xend_t,xend_tmp_t,xend_tmp_t)
+manage_files_pattern(xend_t, xend_tmp_t, xend_tmp_t)
+manage_dirs_pattern(xend_t, xend_tmp_t, xend_tmp_t)
files_tmp_filetrans(xend_t, xend_tmp_t, { file dir })
# pid file
allow xend_t xend_var_run_t:dir setattr;
-manage_files_pattern(xend_t,xend_var_run_t,xend_var_run_t)
-manage_sock_files_pattern(xend_t,xend_var_run_t,xend_var_run_t)
-manage_fifo_files_pattern(xend_t,xend_var_run_t,xend_var_run_t)
-files_pid_filetrans(xend_t,xend_var_run_t, { file sock_file fifo_file })
+manage_files_pattern(xend_t, xend_var_run_t, xend_var_run_t)
+manage_sock_files_pattern(xend_t, xend_var_run_t, xend_var_run_t)
+manage_fifo_files_pattern(xend_t, xend_var_run_t, xend_var_run_t)
+files_pid_filetrans(xend_t, xend_var_run_t, { file sock_file fifo_file })
# log files
allow xend_t xend_var_log_t:dir setattr;
-manage_files_pattern(xend_t,xend_var_log_t,xend_var_log_t)
-manage_sock_files_pattern(xend_t,xend_var_log_t,xend_var_log_t)
-logging_log_filetrans(xend_t,xend_var_log_t,{ sock_file file dir })
+manage_files_pattern(xend_t, xend_var_log_t, xend_var_log_t)
+manage_sock_files_pattern(xend_t, xend_var_log_t, xend_var_log_t)
+logging_log_filetrans(xend_t, xend_var_log_t,{ sock_file file dir })
# var/lib files for xend
-manage_dirs_pattern(xend_t,xend_var_lib_t,xend_var_lib_t)
-manage_files_pattern(xend_t,xend_var_lib_t,xend_var_lib_t)
-manage_sock_files_pattern(xend_t,xend_var_lib_t,xend_var_lib_t)
-manage_fifo_files_pattern(xend_t,xend_var_lib_t,xend_var_lib_t)
-files_var_lib_filetrans(xend_t,xend_var_lib_t,{ file dir })
+manage_dirs_pattern(xend_t, xend_var_lib_t, xend_var_lib_t)
+manage_files_pattern(xend_t, xend_var_lib_t, xend_var_lib_t)
+manage_sock_files_pattern(xend_t, xend_var_lib_t, xend_var_lib_t)
+manage_fifo_files_pattern(xend_t, xend_var_lib_t, xend_var_lib_t)
+files_var_lib_filetrans(xend_t, xend_var_lib_t,{ file dir })
# transition to store
domtrans_pattern(xend_t, xenstored_exec_t, xenstored_t)
@@ -171,7 +171,7 @@ files_read_etc_files(xend_t)
files_read_kernel_symbol_table(xend_t)
files_read_kernel_img(xend_t)
files_manage_etc_runtime_files(xend_t)
-files_etc_filetrans_etc_runtime(xend_t,file)
+files_etc_filetrans_etc_runtime(xend_t, file)
files_read_usr_files(xend_t)
storage_raw_read_fixed_disk(xend_t)
@@ -223,9 +223,9 @@ allow xenconsoled_t self:fifo_file rw_fifo_file_perms;
allow xenconsoled_t xen_devpts_t:chr_file rw_term_perms;
# pid file
-manage_files_pattern(xenconsoled_t,xenconsoled_var_run_t,xenconsoled_var_run_t)
-manage_sock_files_pattern(xenconsoled_t,xenconsoled_var_run_t,xenconsoled_var_run_t)
-files_pid_filetrans(xenconsoled_t,xenconsoled_var_run_t, { file sock_file })
+manage_files_pattern(xenconsoled_t, xenconsoled_var_run_t, xenconsoled_var_run_t)
+manage_sock_files_pattern(xenconsoled_t, xenconsoled_var_run_t, xenconsoled_var_run_t)
+files_pid_filetrans(xenconsoled_t, xenconsoled_var_run_t, { file sock_file })
kernel_read_kernel_sysctls(xenconsoled_t)
kernel_write_xen_state(xenconsoled_t)
@@ -239,7 +239,7 @@ domain_dontaudit_ptrace_all_domains(xenconsoled_t)
files_read_usr_files(xenconsoled_t)
-term_create_pty(xenconsoled_t,xen_devpts_t)
+term_create_pty(xenconsoled_t, xen_devpts_t)
term_use_generic_ptys(xenconsoled_t)
term_use_console(xenconsoled_t)
@@ -261,15 +261,15 @@ allow xenstored_t self:unix_stream_socket create_stream_socket_perms;
allow xenstored_t self:unix_dgram_socket create_socket_perms;
# pid file
-manage_files_pattern(xenstored_t,xenstored_var_run_t,xenstored_var_run_t)
-manage_sock_files_pattern(xenstored_t,xenstored_var_run_t,xenstored_var_run_t)
-files_pid_filetrans(xenstored_t,xenstored_var_run_t, { file sock_file })
+manage_files_pattern(xenstored_t, xenstored_var_run_t, xenstored_var_run_t)
+manage_sock_files_pattern(xenstored_t, xenstored_var_run_t, xenstored_var_run_t)
+files_pid_filetrans(xenstored_t, xenstored_var_run_t, { file sock_file })
# var/lib files for xenstored
-manage_dirs_pattern(xenstored_t,xenstored_var_lib_t,xenstored_var_lib_t)
-manage_files_pattern(xenstored_t,xenstored_var_lib_t,xenstored_var_lib_t)
-manage_sock_files_pattern(xenstored_t,xenstored_var_lib_t,xenstored_var_lib_t)
-files_var_lib_filetrans(xenstored_t,xenstored_var_lib_t,{ file dir sock_file })
+manage_dirs_pattern(xenstored_t, xenstored_var_lib_t, xenstored_var_lib_t)
+manage_files_pattern(xenstored_t, xenstored_var_lib_t, xenstored_var_lib_t)
+manage_sock_files_pattern(xenstored_t, xenstored_var_lib_t, xenstored_var_lib_t)
+files_var_lib_filetrans(xenstored_t, xenstored_var_lib_t,{ file dir sock_file })
kernel_write_xen_state(xenstored_t)
kernel_read_xen_state(xenstored_t)
@@ -310,8 +310,8 @@ allow xm_t self:fifo_file rw_fifo_file_perms;
allow xm_t self:unix_stream_socket { create_stream_socket_perms connectto };
allow xm_t self:tcp_socket create_stream_socket_perms;
-manage_files_pattern(xm_t,xend_var_lib_t,xend_var_lib_t)
-manage_fifo_files_pattern(xm_t,xend_var_lib_t,xend_var_lib_t)
+manage_files_pattern(xm_t, xend_var_lib_t, xend_var_lib_t)
+manage_fifo_files_pattern(xm_t, xend_var_lib_t, xend_var_lib_t)
files_search_var_lib(xm_t)
allow xm_t xen_image_t:dir rw_dir_perms;