diff --git a/refpolicy/Makefile b/refpolicy/Makefile
index 66cd7df..09661b4 100644
--- a/refpolicy/Makefile
+++ b/refpolicy/Makefile
@@ -274,7 +274,6 @@ $(MODDIR)/kernel/corenetwork.if: $(MODDIR)/kernel/corenetwork.if.m4 $(MODDIR)/ke
$(QUIET) egrep "^[[:blank:]]*network_(interface|node|port)\(.*\)" $(@:.if=.te).in \
| m4 $(M4PARAM) $(M4SUPPORT) $(MODDIR)/kernel/corenetwork.if.m4 - \
| sed -e 's/dollarsone/\$$1/g' -e 's/dollarszero/\$$0/g' >> $@
- $(QUIET) echo "## </module>" >> $@
$(MODDIR)/kernel/corenetwork.te: $(MODDIR)/kernel/corenetwork.te.m4 $(MODDIR)/kernel/corenetwork.te.in
@echo "#" > $@
diff --git a/refpolicy/policy/modules/admin/dmesg.if b/refpolicy/policy/modules/admin/dmesg.if
index 711d376..eebda7b 100644
--- a/refpolicy/policy/modules/admin/dmesg.if
+++ b/refpolicy/policy/modules/admin/dmesg.if
@@ -1,15 +1,12 @@
-## <module name="dmesg">
## <summary>Policy for dmesg.</summary>
########################################
-## <interface name="dmesg_domtrans">
-## <desc>
-## Execute dmesg in the dmesg domain.
-## </desc>
-## <param name="domain">
-## The type of the process performing this action.
-## </param>
-## </interface>
+## <desc>
+## Execute dmesg in the dmesg domain.
+## </desc>
+## <param name="domain">
+## The type of the process performing this action.
+## </param>
#
interface(`dmesg_domtrans',`
gen_require(`
@@ -29,14 +26,12 @@ interface(`dmesg_domtrans',`
')
########################################
-## <interface name="dmesg_exec">
-## <desc>
-## Execute dmesg in the caller domain.
-## </desc>
-## <param name="domain">
-## The type of the process performing this action.
-## </param>
-## </interface>
+## <desc>
+## Execute dmesg in the caller domain.
+## </desc>
+## <param name="domain">
+## The type of the process performing this action.
+## </param>
#
interface(`dmesg_exec',`
gen_require(`
@@ -47,4 +42,3 @@ interface(`dmesg_exec',`
can_exec($1,dmesg_exec_t)
')
-## </module>
diff --git a/refpolicy/policy/modules/admin/metadata.xml b/refpolicy/policy/modules/admin/metadata.xml
index 938c32d..e69de29 100644
--- a/refpolicy/policy/modules/admin/metadata.xml
+++ b/refpolicy/policy/modules/admin/metadata.xml
@@ -1 +0,0 @@
-<layer name="admin">
diff --git a/refpolicy/policy/modules/admin/rpm.if b/refpolicy/policy/modules/admin/rpm.if
index cf694fd..a6729a3 100644
--- a/refpolicy/policy/modules/admin/rpm.if
+++ b/refpolicy/policy/modules/admin/rpm.if
@@ -1,15 +1,12 @@
-## <module name="rpm">
## <summary>Policy for the RPM package manager.</summary>
########################################
-## <interface name="rpm_domtrans">
-## <desc>
-## Execute rpm programs in the rpm domain.
-## </desc>
-## <param name="domain">
-## The type of the process performing this action.
-## </param>
-## </interface>
+## <desc>
+## Execute rpm programs in the rpm domain.
+## </desc>
+## <param name="domain">
+## The type of the process performing this action.
+## </param>
#
interface(`rpm_domtrans',`
gen_require(`
@@ -30,20 +27,18 @@ interface(`rpm_domtrans',`
')
########################################
-## <interface name="rpm_run">
-## <desc>
-## Execute RPM programs in the RPM domain.
-## </desc>
-## <param name="domain">
-## The type of the process performing this action.
-## </param>
-## <param name="role">
-## The role to allow the RPM domain.
-## </param>
-## <param name="terminal">
-## The type of the terminal allow the RPM domain to use.
-## </param>
-## </interface>
+## <desc>
+## Execute RPM programs in the RPM domain.
+## </desc>
+## <param name="domain">
+## The type of the process performing this action.
+## </param>
+## <param name="role">
+## The role to allow the RPM domain.
+## </param>
+## <param name="terminal">
+## The type of the terminal allow the RPM domain to use.
+## </param>
#
interface(`rpm_run',`
gen_require(`
@@ -58,14 +53,12 @@ interface(`rpm_run',`
')
########################################
-## <interface name="rpm_use_fd">
-## <desc>
-## Inherit and use file descriptors from RPM.
-## </desc>
-## <param name="domain">
-## The type of the process performing this action.
-## </param>
-## </interface>
+## <desc>
+## Inherit and use file descriptors from RPM.
+## </desc>
+## <param name="domain">
+## The type of the process performing this action.
+## </param>
#
interface(`rpm_use_fd',`
gen_require(`
@@ -77,14 +70,12 @@ interface(`rpm_use_fd',`
')
########################################
-## <interface name="rpm_read_pipe">
-## <desc>
-## Read from a RPM pipe.
-## </desc>
-## <param name="domain">
-## The type of the process performing this action.
-## </param>
-## </interface>
+## <desc>
+## Read from a RPM pipe.
+## </desc>
+## <param name="domain">
+## The type of the process performing this action.
+## </param>
#
interface(`rpm_read_pipe',`
gen_require(`
@@ -96,14 +87,12 @@ interface(`rpm_read_pipe',`
')
########################################
-## <interface name="rpm_read_db">
-## <desc>
-## Read RPM package database.
-## </desc>
-## <param name="domain">
-## The type of the process performing this action.
-## </param>
-## </interface>
+## <desc>
+## Read RPM package database.
+## </desc>
+## <param name="domain">
+## The type of the process performing this action.
+## </param>
#
interface(`rpm_read_db',`
gen_require(`
@@ -135,4 +124,3 @@ interface(`rpm_manage_db',`
allow $1 rpm_var_lib_t:lnk_file { getattr read write unlink };
')
-## </module>
diff --git a/refpolicy/policy/modules/admin/usermanage.if b/refpolicy/policy/modules/admin/usermanage.if
index 7156052..ee03894 100644
--- a/refpolicy/policy/modules/admin/usermanage.if
+++ b/refpolicy/policy/modules/admin/usermanage.if
@@ -1,15 +1,12 @@
-## <module name="usermanage">
## <summary>Policy for managing user accounts.</summary>
########################################
-## <interface name="usermanage_domtrans_chfn">
-## <desc>
-## Execute chfn in the chfn domain.
-## </desc>
-## <param name="domain">
-## The type of the process performing this action.
-## </param>
-## </interface>
+## <desc>
+## Execute chfn in the chfn domain.
+## </desc>
+## <param name="domain">
+## The type of the process performing this action.
+## </param>
#
interface(`usermanage_domtrans_chfn',`
gen_require(`
@@ -30,21 +27,19 @@ interface(`usermanage_domtrans_chfn',`
')
########################################
-## <interface name="usermanage_run_chfn">
-## <desc>
-## Execute chfn in the chfn domain, and
-## allow the specified role the chfn domain.
-## </desc>
-## <param name="domain">
-## The type of the process performing this action.
-## </param>
-## <param name="role">
-## The role to be allowed the chfn domain.
-## </param>
-## <param name="terminal">
-## The type of the terminal allow the chfn domain to use.
-## </param>
-## </interface>
+## <desc>
+## Execute chfn in the chfn domain, and
+## allow the specified role the chfn domain.
+## </desc>
+## <param name="domain">
+## The type of the process performing this action.
+## </param>
+## <param name="role">
+## The role to be allowed the chfn domain.
+## </param>
+## <param name="terminal">
+## The type of the terminal allow the chfn domain to use.
+## </param>
#
interface(`usermanage_run_chfn',`
gen_require(`
@@ -58,14 +53,12 @@ interface(`usermanage_run_chfn',`
')
########################################
-## <interface name="usermanage_domtrans_groupadd">
-## <desc>
-## Execute groupadd in the groupadd domain.
-## </desc>
-## <param name="domain">
-## The type of the process performing this action.
-## </param>
-## </interface>
+## <desc>
+## Execute groupadd in the groupadd domain.
+## </desc>
+## <param name="domain">
+## The type of the process performing this action.
+## </param>
#
interface(`usermanage_domtrans_groupadd',`
gen_require(`
@@ -86,21 +79,19 @@ interface(`usermanage_domtrans_groupadd',`
')
########################################
-## <interface name="usermanage_run_groupadd">
-## <desc>
-## Execute groupadd in the groupadd domain, and
-## allow the specified role the groupadd domain.
-## </desc>
-## <param name="domain">
-## The type of the process performing this action.
-## </param>
-## <param name="role">
-## The role to be allowed the groupadd domain.
-## </param>
-## <param name="terminal">
-## The type of the terminal allow the groupadd domain to use.
-## </param>
-## </interface>
+## <desc>
+## Execute groupadd in the groupadd domain, and
+## allow the specified role the groupadd domain.
+## </desc>
+## <param name="domain">
+## The type of the process performing this action.
+## </param>
+## <param name="role">
+## The role to be allowed the groupadd domain.
+## </param>
+## <param name="terminal">
+## The type of the terminal allow the groupadd domain to use.
+## </param>
#
interface(`usermanage_run_groupadd',`
gen_require(`
@@ -114,14 +105,12 @@ interface(`usermanage_run_groupadd',`
')
########################################
-## <interface name="usermanage_domtrans_passwd">
-## <desc>
-## Execute passwd in the passwd domain.
-## </desc>
-## <param name="domain">
-## The type of the process performing this action.
-## </param>
-## </interface>
+## <desc>
+## Execute passwd in the passwd domain.
+## </desc>
+## <param name="domain">
+## The type of the process performing this action.
+## </param>
#
interface(`usermanage_domtrans_passwd',`
gen_require(`
@@ -142,21 +131,19 @@ interface(`usermanage_domtrans_passwd',`
')
########################################
-## <interface name="usermanage_run_passwd">
-## <desc>
-## Execute passwd in the passwd domain, and
-## allow the specified role the passwd domain.
-## </desc>
-## <param name="domain">
-## The type of the process performing this action.
-## </param>
-## <param name="role">
-## The role to be allowed the passwd domain.
-## </param>
-## <param name="terminal">
-## The type of the terminal allow the passwd domain to use.
-## </param>
-## </interface>
+## <desc>
+## Execute passwd in the passwd domain, and
+## allow the specified role the passwd domain.
+## </desc>
+## <param name="domain">
+## The type of the process performing this action.
+## </param>
+## <param name="role">
+## The role to be allowed the passwd domain.
+## </param>
+## <param name="terminal">
+## The type of the terminal allow the passwd domain to use.
+## </param>
#
interface(`usermanage_run_passwd',`
gen_require(`
@@ -170,14 +157,12 @@ interface(`usermanage_run_passwd',`
')
########################################
-## <interface name="usermanage_domtrans_useradd">
-## <desc>
-## Execute useradd in the useradd domain.
-## </desc>
-## <param name="domain">
-## The type of the process performing this action.
-## </param>
-## </interface>
+## <desc>
+## Execute useradd in the useradd domain.
+## </desc>
+## <param name="domain">
+## The type of the process performing this action.
+## </param>
#
interface(`usermanage_domtrans_useradd',`
gen_require(`
@@ -198,21 +183,19 @@ interface(`usermanage_domtrans_useradd',`
')
########################################
-## <interface name="usermanage_run_useradd">
-## <desc>
-## Execute useradd in the useradd domain, and
-## allow the specified role the useradd domain.
-## </desc>
-## <param name="domain">
-## The type of the process performing this action.
-## </param>
-## <param name="role">
-## The role to be allowed the useradd domain.
-## </param>
-## <param name="terminal">
-## The type of the terminal allow the useradd domain to use.
-## </param>
-## </interface>
+## <desc>
+## Execute useradd in the useradd domain, and
+## allow the specified role the useradd domain.
+## </desc>
+## <param name="domain">
+## The type of the process performing this action.
+## </param>
+## <param name="role">
+## The role to be allowed the useradd domain.
+## </param>
+## <param name="terminal">
+## The type of the terminal allow the useradd domain to use.
+## </param>
#
interface(`usermanage_run_useradd',`
gen_require(`
@@ -225,4 +208,3 @@ interface(`usermanage_run_useradd',`
allow useradd_t $3:chr_file rw_term_perms;
')
-## </module>
diff --git a/refpolicy/policy/modules/apps/gpg.if b/refpolicy/policy/modules/apps/gpg.if
index 04304ca..2f0ea69 100644
--- a/refpolicy/policy/modules/apps/gpg.if
+++ b/refpolicy/policy/modules/apps/gpg.if
@@ -1,28 +1,26 @@
-## <module name="gpg">
## <summary>Policy for GNU Privacy Guard and related programs.</summary>
#######################################
-## <template name="gpg_per_userdomain_template">
-## <summary>
-## The per-userdomain template for the gpg module.
-## </summary>
-## <desc>
-## <p>
-## This template creates the types and rules for GPG,
-## GPG-agent, and GPG helper programs. This protects
-## the user keys and secrets, and runs the programs
-## in domains specific to the user type.
-## </p>
-## <p>
-## This is invoked automatically for each user, and
-## generally does not need to be statically invoked
-## directly by policy writers.
-## </p>
-## </desc>
-## <param name="userdomain_prefix">
-## The prefix of the user domain (e.g., user
-## is the prefix for user_t).
-## </param>
+## <summary>
+## The per-userdomain template for the gpg module.
+## </summary>
+## <desc>
+## <p>
+## This template creates the types and rules for GPG,
+## GPG-agent, and GPG helper programs. This protects
+## the user keys and secrets, and runs the programs
+## in domains specific to the user type.
+## </p>
+## <p>
+## This is invoked automatically for each user, and
+## generally does not need to be statically invoked
+## directly by policy writers.
+## </p>
+## </desc>
+## <param name="userdomain_prefix">
+## The prefix of the user domain (e.g., user
+## is the prefix for user_t).
+## </param>
#
template(`gpg_per_userdomain_template',`
gen_require(`$0'_depend)
@@ -368,6 +366,4 @@ template(`gpg_per_userdomain_template',`
') dnl end TODO
')
-## </template>
-## </module>
diff --git a/refpolicy/policy/modules/apps/metadata.xml b/refpolicy/policy/modules/apps/metadata.xml
index 21fbc10..e69de29 100644
--- a/refpolicy/policy/modules/apps/metadata.xml
+++ b/refpolicy/policy/modules/apps/metadata.xml
@@ -1 +0,0 @@
-<layer name="apps">
diff --git a/refpolicy/policy/modules/kernel/bootloader.if b/refpolicy/policy/modules/kernel/bootloader.if
index a531cf9..920b229 100644
--- a/refpolicy/policy/modules/kernel/bootloader.if
+++ b/refpolicy/policy/modules/kernel/bootloader.if
@@ -1,15 +1,12 @@
-## <module name="bootloader">
## <summary>Policy for the kernel modules, kernel image, and bootloader.</summary>
########################################
-## <interface name="bootloader_domtrans">
-## <desc>
-## Execute bootloader in the bootloader domain.
-## </desc>
-## <param name="domain">
-## The type of the process performing this action.
-## </param>
-## </interface>
+## <desc>
+## Execute bootloader in the bootloader domain.
+## </desc>
+## <param name="domain">
+## The type of the process performing this action.
+## </param>
#
interface(`bootloader_domtrans',`
gen_require(`
@@ -28,21 +25,19 @@ interface(`bootloader_domtrans',`
')
########################################
-## <interface name="bootloader_run">
-## <desc>
-## Execute bootloader interactively and do
-## a domain transition to the bootloader domain.
-## </desc>
-## <param name="domain">
-## The type of the process performing this action.
-## </param>
-## <param name="role">
-## The role to be allowed the bootloader domain.
-## </param>
-## <param name="terminal">
-## The type of the terminal allow the bootloader domain to use.
-## </param>
-## </interface>
+## <desc>
+## Execute bootloader interactively and do
+## a domain transition to the bootloader domain.
+## </desc>
+## <param name="domain">
+## The type of the process performing this action.
+## </param>
+## <param name="role">
+## The role to be allowed the bootloader domain.
+## </param>
+## <param name="terminal">
+## The type of the terminal allow the bootloader domain to use.
+## </param>
#
interface(`bootloader_run',`
gen_require(`
@@ -57,14 +52,12 @@ interface(`bootloader_run',`
')
########################################
-## <interface name="bootloader_search_boot_dir">
-## <desc>
-## Search the /boot directory.
-## </desc>
-## <param name="domain">
-## The type of the process performing this action.
-## </param>
-## </interface>
+## <desc>
+## Search the /boot directory.
+## </desc>
+## <param name="domain">
+## The type of the process performing this action.
+## </param>
#
interface(`bootloader_search_boot_dir',`
gen_require(`
@@ -76,14 +69,12 @@ interface(`bootloader_search_boot_dir',`
')
########################################
-## <interface name="bootloader_dontaudit_search_boot">
-## <desc>
-## Do not audit attempts to search the /boot directory.
-## </desc>
-## <param name="domain">
-## The type of the process performing this action.
-## </param>
-## </interface>
+## <desc>
+## Do not audit attempts to search the /boot directory.
+## </desc>
+## <param name="domain">
+## The type of the process performing this action.
+## </param>
#
interface(`bootloader_dontaudit_search_boot',`
gen_require(`
@@ -95,15 +86,13 @@ interface(`bootloader_dontaudit_search_boot',`
')
########################################
-## <interface name="bootloader_rw_boot_symlinks">
-## <desc>
-## Read and write symbolic links
-## in the /boot directory.
-## </desc>
-## <param name="domain">
-## The type of the process performing this action.
-## </param>
-## </interface>
+## <desc>
+## Read and write symbolic links
+## in the /boot directory.
+## </desc>
+## <param name="domain">
+## The type of the process performing this action.
+## </param>
#
interface(`bootloader_rw_boot_symlinks',`
gen_require(`
@@ -117,14 +106,12 @@ interface(`bootloader_rw_boot_symlinks',`
')
########################################
-## <interface name="bootloader_create_kernel">
-## <desc>
-## Install a kernel into the /boot directory.
-## </desc>
-## <param name="domain">
-## The type of the process performing this action.
-## </param>
-## </interface>
+## <desc>
+## Install a kernel into the /boot directory.
+## </desc>
+## <param name="domain">
+## The type of the process performing this action.
+## </param>
#
interface(`bootloader_create_kernel',`
gen_require(`
@@ -140,14 +127,12 @@ interface(`bootloader_create_kernel',`
')
########################################
-## <interface name="bootloader_create_kernel_symbol_table">
-## <desc>
-## Install a system.map into the /boot directory.
-## </desc>
-## <param name="domain">
-## The type of the process performing this action.
-## </param>
-## </interface>
+## <desc>
+## Install a system.map into the /boot directory.
+## </desc>
+## <param name="domain">
+## The type of the process performing this action.
+## </param>
#
interface(`bootloader_create_kernel_symbol_table',`
gen_require(`
@@ -161,14 +146,12 @@ interface(`bootloader_create_kernel_symbol_table',`
')
########################################
-## <interface name="bootloader_read_kernel_symbol_table">
-## <desc>
-## Read system.map in the /boot directory.
-## </desc>
-## <param name="domain">
-## The type of the process performing this action.
-## </param>
-## </interface>
+## <desc>
+## Read system.map in the /boot directory.
+## </desc>
+## <param name="domain">
+## The type of the process performing this action.
+## </param>
#
interface(`bootloader_read_kernel_symbol_table',`
gen_require(`
@@ -182,14 +165,12 @@ interface(`bootloader_read_kernel_symbol_table',`
')
########################################
-## <interface name="bootloader_delete_kernel">
-## <desc>
-## Delete a kernel from /boot.
-## </desc>
-## <param name="domain">
-## The type of the process performing this action.
-## </param>
-## </interface>
+## <desc>
+## Delete a kernel from /boot.
+## </desc>
+## <param name="domain">
+## The type of the process performing this action.
+## </param>
#
interface(`bootloader_delete_kernel',`
gen_require(`
@@ -203,14 +184,12 @@ interface(`bootloader_delete_kernel',`
')
########################################
-## <interface name="bootloader_delete_kernel_symbol_table">
-## <desc>
-## Delete a system.map in the /boot directory.
-## </desc>
-## <param name="domain">
-## The type of the process performing this action.
-## </param>
-## </interface>
+## <desc>
+## Delete a system.map in the /boot directory.
+## </desc>
+## <param name="domain">
+## The type of the process performing this action.
+## </param>
#
interface(`bootloader_delete_kernel_symbol_table',`
gen_require(`
@@ -224,14 +203,12 @@ interface(`bootloader_delete_kernel_symbol_table',`
')
########################################
-## <interface name="bootloader_read_config">
-## <desc>
-## Read the bootloader configuration file.
-## </desc>
-## <param name="domain">
-## The type of the process performing this action.
-## </param>
-## </interface>
+## <desc>
+## Read the bootloader configuration file.
+## </desc>
+## <param name="domain">
+## The type of the process performing this action.
+## </param>
#
interface(`bootloader_read_config',`
gen_require(`
@@ -243,15 +220,13 @@ interface(`bootloader_read_config',`
')
########################################
-## <interface name="bootloader_rw_config">
-## <desc>
-## Read and write the bootloader
-## configuration file.
-## </desc>
-## <param name="domain">
-## The type of the process performing this action.
-## </param>
-## </interface>
+## <desc>
+## Read and write the bootloader
+## configuration file.
+## </desc>
+## <param name="domain">
+## The type of the process performing this action.
+## </param>
#
interface(`bootloader_rw_config',`
gen_require(`
@@ -263,15 +238,13 @@ interface(`bootloader_rw_config',`
')
########################################
-## <interface name="bootloader_rw_tmp_file">
-## <desc>
-## Read and write the bootloader
-## temporary data in /tmp.
-## </desc>
-## <param name="domain">
-## The type of the process performing this action.
-## </param>
-## </interface>
+## <desc>
+## Read and write the bootloader
+## temporary data in /tmp.
+## </desc>
+## <param name="domain">
+## The type of the process performing this action.
+## </param>
#
interface(`bootloader_rw_tmp_file',`
gen_require(`
@@ -284,15 +257,13 @@ interface(`bootloader_rw_tmp_file',`
')
########################################
-## <interface name="bootloader_create_runtime_file">
-## <desc>
-## Read and write the bootloader
-## temporary data in /tmp.
-## </desc>
-## <param name="domain">
-## The type of the process performing this action.
-## </param>
-## </interface>
+## <desc>
+## Read and write the bootloader
+## temporary data in /tmp.
+## </desc>
+## <param name="domain">
+## The type of the process performing this action.
+## </param>
#
interface(`bootloader_create_runtime_file',`
gen_require(`
@@ -307,14 +278,12 @@ interface(`bootloader_create_runtime_file',`
')
########################################
-## <interface name="bootloader_list_kernel_modules">
-## <desc>
-## List the contents of the kernel module directories.
-## </desc>
-## <param name="domain">
-## The type of the process performing this action.
-## </param>
-## </interface>
+## <desc>
+## List the contents of the kernel module directories.
+## </desc>
+## <param name="domain">
+## The type of the process performing this action.
+## </param>
#
interface(`bootloader_list_kernel_modules',`
gen_require(`
@@ -326,14 +295,12 @@ interface(`bootloader_list_kernel_modules',`
')
########################################
-## <interface name="bootloader_read_kernel_modules">
-## <desc>
-## Read kernel module files.
-## </desc>
-## <param name="domain">
-## The type of the process performing this action.
-## </param>
-## </interface>
+## <desc>
+## Read kernel module files.
+## </desc>
+## <param name="domain">
+## The type of the process performing this action.
+## </param>
#
interface(`bootloader_read_kernel_modules',`
gen_require(`
@@ -349,14 +316,12 @@ interface(`bootloader_read_kernel_modules',`
')
########################################
-## <interface name="bootloader_write_kernel_modules">
-## <desc>
-## Write kernel module files.
-## </desc>
-## <param name="domain">
-## The type of the process performing this action.
-## </param>
-## </interface>
+## <desc>
+## Write kernel module files.
+## </desc>
+## <param name="domain">
+## The type of the process performing this action.
+## </param>
#
interface(`bootloader_write_kernel_modules',`
gen_require(`
@@ -373,15 +338,13 @@ interface(`bootloader_write_kernel_modules',`
')
########################################
-## <interface name="bootloader_manage_kernel_modules">
-## <desc>
-## Create, read, write, and delete
-## kernel module files.
-## </desc>
-## <param name="domain">
-## The type of the process performing this action.
-## </param>
-## </interface>
+## <desc>
+## Create, read, write, and delete
+## kernel module files.
+## </desc>
+## <param name="domain">
+## The type of the process performing this action.
+## </param>
#
interface(`bootloader_manage_kernel_modules',`
gen_require(`
@@ -417,4 +380,3 @@ interface(`bootloader_create_private_module_dir_entry',`
')
')
-## </module>
diff --git a/refpolicy/policy/modules/kernel/corenetwork.if.in b/refpolicy/policy/modules/kernel/corenetwork.if.in
index 3095b84..7b58812 100644
--- a/refpolicy/policy/modules/kernel/corenetwork.if.in
+++ b/refpolicy/policy/modules/kernel/corenetwork.if.in
@@ -1,16 +1,13 @@
-## <module name="corenetwork">
## <summary>Policy controlling access to network objects</summary>
########################################
-## <interface name="corenet_tcp_sendrecv_generic_if">
-## <desc>
-## Send and receive TCP network traffic on the general interfaces.
-## </desc>
-## <param name="domain">
-## The type of the process performing this action.
-## </param>
-## <infoflow type="both" weight="10"/>
-## </interface>
+## <desc>
+## Send and receive TCP network traffic on the general interfaces.
+## </desc>
+## <param name="domain">
+## The type of the process performing this action.
+## </param>
+## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_generic_if',`
gen_require(`
diff --git a/refpolicy/policy/modules/kernel/corenetwork.if.m4 b/refpolicy/policy/modules/kernel/corenetwork.if.m4
index 9d6d84d..9771003 100644
--- a/refpolicy/policy/modules/kernel/corenetwork.if.m4
+++ b/refpolicy/policy/modules/kernel/corenetwork.if.m4
@@ -6,15 +6,13 @@
define(`create_netif_interfaces',``
########################################
-## <interface name="corenet_tcp_sendrecv_$1">
-## <desc>
-## Send and receive TCP network traffic on the $1 interface.
-## </desc>
-## <param name="domain">
-## The type of the process performing this action.
-## </param>
-## <infoflow type="both" weight="10"/>
-## </interface>
+## <desc>
+## Send and receive TCP network traffic on the $1 interface.
+## </desc>
+## <param name="domain">
+## The type of the process performing this action.
+## </param>
+## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_$1',`
gen_require(`
@@ -26,15 +24,13 @@ interface(`corenet_tcp_sendrecv_$1',`
')
########################################
-## <interface name="corenet_udp_send_$1">
-## <desc>
-## Send UDP network traffic on the $1 interface.
-## </desc>
-## <param name="domain">
-## The type of the process performing this action.
-## </param>
-## <infoflow type="write" weight="10"/>
-## </interface>
+## <desc>
+## Send UDP network traffic on the $1 interface.
+## </desc>
+## <param name="domain">
+## The type of the process performing this action.
+## </param>
+## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_$1',`
gen_require(`
@@ -46,15 +42,13 @@ interface(`corenet_udp_send_$1',`
')
########################################
-## <interface name="corenet_udp_receive_$1">
-## <desc>
-## Receive UDP network traffic on the $1 interface.
-## </desc>
-## <param name="domain">
-## The type of the process performing this action.
-## </param>
-## <infoflow type="read" weight="10"/>
-## </interface>
+## <desc>
+## Receive UDP network traffic on the $1 interface.
+## </desc>
+## <param name="domain">
+## The type of the process performing this action.
+## </param>
+## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_$1',`
gen_require(`
@@ -66,15 +60,13 @@ interface(`corenet_udp_receive_$1',`
')
########################################
-## <interface name="corenetwork_sendrecv_udp_on_$1_interface">
-## <desc>
-## Send and receive UDP network traffic on the $1 interface.
-## </desc>
-## <param name="domain">
-## The type of the process performing this action.
-## </param>
-## <infoflow type="both" weight="10"/>
-## </interface>
+## <desc>
+## Send and receive UDP network traffic on the $1 interface.
+## </desc>
+## <param name="domain">
+## The type of the process performing this action.
+## </param>
+## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_$1',`
corenet_udp_send_$1(dollarsone)
@@ -82,15 +74,13 @@ interface(`corenet_udp_sendrecv_$1',`
')
########################################
-## <interface name="corenet_raw_send_$1">
-## <desc>
-## Send raw IP packets on the $1 interface.
-## </desc>
-## <param name="domain">
-## The type of the process performing this action.
-## </param>
-## <infoflow type="write" weight="10"/>
-## </interface>
+## <desc>
+## Send raw IP packets on the $1 interface.
+## </desc>
+## <param name="domain">
+## The type of the process performing this action.
+## </param>
+## <infoflow type="write" weight="10"/>
#
interface(`corenet_raw_send_$1',`
gen_require(`
@@ -104,15 +94,13 @@ interface(`corenet_raw_send_$1',`
')
########################################
-## <interface name="corenet_raw_receive_$1">
-## <desc>
-## Receive raw IP packets on the $1 interface.
-## </desc>
-## <param name="domain">
-## The type of the process performing this action.
-## </param>
-## <infoflow type="read" weight="10"/>
-## </interface>
+## <desc>
+## Receive raw IP packets on the $1 interface.
+## </desc>
+## <param name="domain">
+## The type of the process performing this action.
+## </param>
+## <infoflow type="read" weight="10"/>
#
interface(`corenet_raw_receive_$1',`
gen_require(`
@@ -124,15 +112,13 @@ interface(`corenet_raw_receive_$1',`
')
########################################
-## <interface name="corenet_raw_sendrecv_$1">
-## <desc>
-## Send and receive raw IP packets on the $1 interface.
-## </desc>
-## <param name="domain">
-## The type of the process performing this action.
-## </param>
-## <infoflow type="both" weight="10"/>
-## </interface>
+## <desc>
+## Send and receive raw IP packets on the $1 interface.
+## </desc>
+## <param name="domain">
+## The type of the process performing this action.
+## </param>
+## <infoflow type="both" weight="10"/>
#
interface(`corenet_raw_sendrecv_$1',`
corenet_raw_send_$1(dollarsone)
@@ -148,15 +134,13 @@ interface(`corenet_raw_sendrecv_$1',`
define(`create_node_interfaces',``
########################################
-## <interface name="corenet_tcp_sendrecv_$1_node">
-## <desc>
-## Send and receive TCP traffic on the $1 node.
-## </desc>
-## <param name="domain">
-## The type of the process performing this action.
-## </param>
-## <infoflow type="both" weight="10"/>
-## </interface>
+## <desc>
+## Send and receive TCP traffic on the $1 node.
+## </desc>
+## <param name="domain">
+## The type of the process performing this action.
+## </param>
+## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_$1_node',`
gen_require(`
@@ -168,15 +152,13 @@ interface(`corenet_tcp_sendrecv_$1_node',`
')
########################################
-## <interface name="corenet_udp_send_$1_node">
-## <desc>
-## Send UDP traffic on the $1 node.
-## </desc>
-## <param name="domain">
-## The type of the process performing this action.
-## </param>
-## <infoflow type="write" weight="10"/>
-## </interface>
+## <desc>
+## Send UDP traffic on the $1 node.
+## </desc>
+## <param name="domain">
+## The type of the process performing this action.
+## </param>
+## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_$1_node',`
gen_require(`
@@ -188,15 +170,13 @@ interface(`corenet_udp_send_$1_node',`
')
########################################
-## <interface name="corenet_udp_receive_$1_node">
-## <desc>
-## Receive UDP traffic on the $1 node.
-## </desc>
-## <param name="domain">
-## The type of the process performing this action.
-## </param>
-## <infoflow type="read" weight="10"/>
-## </interface>
+## <desc>
+## Receive UDP traffic on the $1 node.
+## </desc>
+## <param name="domain">
+## The type of the process performing this action.
+## </param>
+## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_$1_node',`
gen_require(`
@@ -208,15 +188,13 @@ interface(`corenet_udp_receive_$1_node',`
')
########################################
-## <interface name="corenet_udp_sendrecv_$1_node">
-## <desc>
-## Send and receive UDP traffic on the $1 node.
-## </desc>
-## <param name="domain">
-## The type of the process performing this action.
-## </param>
-## <infoflow type="both" weight="10"/>
-## </interface>
+## <desc>
+## Send and receive UDP traffic on the $1 node.
+## </desc>
+## <param name="domain">
+## The type of the process performing this action.
+## </param>
+## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_$1_node',`
corenet_udp_send_$1_node(dollarsone)
@@ -224,15 +202,13 @@ interface(`corenet_udp_sendrecv_$1_node',`
')
########################################
-## <interface name="corenet_raw_send_$1_node">
-## <desc>
-## Send raw IP packets on the $1 node.
-## </desc>
-## <param name="domain">
-## The type of the process performing this action.
-## </param>
-## <infoflow type="write" weight="10"/>
-## </interface>
+## <desc>
+## Send raw IP packets on the $1 node.
+## </desc>
+## <param name="domain">
+## The type of the process performing this action.
+## </param>
+## <infoflow type="write" weight="10"/>
#
interface(`corenet_raw_send_$1_node',`
gen_require(`
@@ -244,15 +220,13 @@ interface(`corenet_raw_send_$1_node',`
')
########################################
-## <interface name="corenet_raw_receive_$1_node">
-## <desc>
-## Receive raw IP packets on the $1 node.
-## </desc>
-## <param name="domain">
-## The type of the process performing this action.
-## </param>
-## <infoflow type="write" weight="10"/>
-## </interface>
+## <desc>
+## Receive raw IP packets on the $1 node.
+## </desc>
+## <param name="domain">
+## The type of the process performing this action.
+## </param>
+## <infoflow type="write" weight="10"/>
#
interface(`corenet_raw_receive_$1_node',`
gen_require(`
@@ -264,15 +238,13 @@ interface(`corenet_raw_receive_$1_node',`
')
########################################
-## <interface name="corenet_raw_sendrecv_$1_node">
-## <desc>
-## Send and receive raw IP packets on the $1 node.
-## </desc>
-## <param name="domain">
-## The type of the process performing this action.
-## </param>
-## <infoflow type="both" weight="10"/>
-## </interface>
+## <desc>
+## Send and receive raw IP packets on the $1 node.
+## </desc>
+## <param name="domain">
+## The type of the process performing this action.
+## </param>
+## <infoflow type="both" weight="10"/>
#
interface(`corenet_raw_sendrecv_$1_node',`
corenet_raw_send_$1_node(dollarsone)
@@ -280,15 +252,13 @@ interface(`corenet_raw_sendrecv_$1_node',`
')
########################################
-## <interface name="corenet_tcp_bind_$1_node">
-## <desc>
-## Bind TCP sockets to node $1.
-## </desc>
-## <param name="domain">
-## The type of the process performing this action.
-## </param>
-## <infoflow type="none"/>
-## </interface>
+## <desc>
+## Bind TCP sockets to node $1.
+## </desc>
+## <param name="domain">
+## The type of the process performing this action.
+## </param>
+## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_$1_node',`
gen_require(`
@@ -300,15 +270,13 @@ interface(`corenet_tcp_bind_$1_node',`
')
########################################
-## <interface name="corenet_udp_bind_$1_node">
-## <desc>
-## Bind UDP sockets to the $1 node.
-## </desc>
-## <param name="domain">
-## The type of the process performing this action.
-## </param>
-## <infoflow type="none"/>
-## </interface>
+## <desc>
+## Bind UDP sockets to the $1 node.
+## </desc>
+## <param name="domain">
+## The type of the process performing this action.
+## </param>
+## <infoflow type="none"/>
#
interface(`corenet_udp_bind_$1_node',`
gen_require(`
@@ -328,15 +296,13 @@ interface(`corenet_udp_bind_$1_node',`
define(`create_port_interfaces',``
########################################
-## <interface name="corenet_tcp_sendrecv_$1_port">
-## <desc>
-## Send and receive TCP traffic on the $1 port.
-## </desc>
-## <param name="domain">
-## The type of the process performing this action.
-## </param>
-## <infoflow type="both" weight="10"/>
-## </interface>
+## <desc>
+## Send and receive TCP traffic on the $1 port.
+## </desc>
+## <param name="domain">
+## The type of the process performing this action.
+## </param>
+## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_$1_port',`
gen_require(`
@@ -348,15 +314,13 @@ interface(`corenet_tcp_sendrecv_$1_port',`
')
########################################
-## <interface name="corenet_udp_send_$1_port">
-## <desc>
-## Send UDP traffic on the $1 port.
-## </desc>
-## <param name="domain">
-## The type of the process performing this action.
-## </param>
-## <infoflow type="write" weight="10"/>
-## </interface>
+## <desc>
+## Send UDP traffic on the $1 port.
+## </desc>
+## <param name="domain">
+## The type of the process performing this action.
+## </param>
+## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_$1_port',`
gen_require(`
@@ -368,15 +332,13 @@ interface(`corenet_udp_send_$1_port',`
')
########################################
-## <interface name="corenet_udp_receive_$1_port">
-## <desc>
-## Receive UDP traffic on the $1 port.
-## </desc>
-## <param name="domain">
-## The type of the process performing this action.
-## </param>
-## <infoflow type="read" weight="10"/>
-## </interface>
+## <desc>
+## Receive UDP traffic on the $1 port.
+## </desc>
+## <param name="domain">
+## The type of the process performing this action.
+## </param>
+## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_$1_port',`
gen_require(`
@@ -388,15 +350,13 @@ interface(`corenet_udp_receive_$1_port',`
')
########################################
-## <interface name="corenetwork_sendrecv_udp_on_$1_port">
-## <desc>
-## Send and receive UDP traffic on the $1 port.
-## </desc>
-## <param name="domain">
-## The type of the process performing this action.
-## </param>
-## <infoflow type="both" weight="10"/>
-## </interface>
+## <desc>
+## Send and receive UDP traffic on the $1 port.
+## </desc>
+## <param name="domain">
+## The type of the process performing this action.
+## </param>
+## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_$1_port',`
corenet_udp_send_$1_port(dollarsone)
@@ -404,15 +364,13 @@ interface(`corenet_udp_sendrecv_$1_port',`
')
########################################
-## <interface name="corenet_tcp_bind_$1_port">
-## <desc>
-## Bind TCP sockets to the $1 port.
-## </desc>
-## <param name="domain">
-## The type of the process performing this action.
-## </param>
-## <infoflow type="none"/>
-## </interface>
+## <desc>
+## Bind TCP sockets to the $1 port.
+## </desc>
+## <param name="domain">
+## The type of the process performing this action.
+## </param>
+## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_$1_port',`
gen_require(`
@@ -425,15 +383,13 @@ interface(`corenet_tcp_bind_$1_port',`
')
########################################
-## <interface name="corenet_udp_bind_$1_port">
-## <desc>
-## Bind UDP sockets to the $1 port.
-## </desc>
-## <param name="domain">
-## The type of the process performing this action.
-## </param>
-## <infoflow type="none"/>
-## </interface>
+## <desc>
+## Bind UDP sockets to the $1 port.
+## </desc>
+## <param name="domain">
+## The type of the process performing this action.
+## </param>
+## <infoflow type="none"/>
#
interface(`corenet_udp_bind_$1_port',`
gen_require(`
diff --git a/refpolicy/policy/modules/kernel/devices.if b/refpolicy/policy/modules/kernel/devices.if
index f2bdd40..516dfd3 100644
--- a/refpolicy/policy/modules/kernel/devices.if
+++ b/refpolicy/policy/modules/kernel/devices.if
@@ -1,40 +1,37 @@
-## <module name="devices">
## <summary>
-## Device nodes and interfaces for many basic system devices.
+## Device nodes and interfaces for many basic system devices.
## </summary>
## <desc>
-## <p>
-## This module creates the device node concept and provides
-## the policy for many of the device files. Notable exceptions are
-## the mass storage and terminal devices that are covered by other
-## modules.
-## </p>
-## <p>
-## This module creates the concept of a device node. That is a
-## char or block device file, usually in /dev. All types that
-## are used to label device nodes should use the dev_node macro.
-## </p>
-## <p>
-## Additionally, this module controls access to three things:
-## <ul>
-## <li>the device directories containing device nodes</li>
-## <li>device nodes as a group</li>
-## <li>individual access to specific device nodes covered by
-## this module.</li>
-## </ul>
-## </p>
+## <p>
+## This module creates the device node concept and provides
+## the policy for many of the device files. Notable exceptions are
+## the mass storage and terminal devices that are covered by other
+## modules.
+## </p>
+## <p>
+## This module creates the concept of a device node. That is a
+## char or block device file, usually in /dev. All types that
+## are used to label device nodes should use the dev_node macro.
+## </p>
+## <p>
+## Additionally, this module controls access to three things:
+## <ul>
+## <li>the device directories containing device nodes</li>
+## <li>device nodes as a group</li>
+## <li>individual access to specific device nodes covered by
+## this module.</li>
+## </ul>
+## </p>
## </desc>
########################################
-## <interface name="dev_node">
-## <summary>
-## Make the passed in type a type appropriate for
-## use on device nodes (usually files in /dev).
-## </summary>
-## <param name="object_type">
-## The object type that will be used on device nodes.
-## </param>
-## </interface>
+## <summary>
+## Make the passed in type a type appropriate for
+## use on device nodes (usually files in /dev).
+## </summary>
+## <param name="object_type">
+## The object type that will be used on device nodes.
+## </param>
#
interface(`dev_node',`
gen_require(`
@@ -51,14 +48,12 @@ interface(`dev_node',`
')
########################################
-## <interface name="dev_relabel_all_dev_nodes">
-## <summary>
-## Allow full relabeling (to and from) of all device nodes.
-## </summary>
-## <param name="domain">
-## Domain allowed to relabel.
-## </param>
-## </interface>
+## <summary>
+## Allow full relabeling (to and from) of all device nodes.
+## </summary>
+## <param name="domain">
+## Domain allowed to relabel.
+## </param>
#
interface(`dev_relabel_all_dev_nodes',`
gen_require(`
@@ -83,14 +78,12 @@ interface(`dev_relabel_all_dev_nodes',`
')
########################################
-## <interface name="dev_list_all_dev_nodes">
-## <summary>
-## List all of the device nodes in a device directory.
-## </summary>
-## <param name="domain">
-## Domain allowed to list device nodes.
-## </param>
-## </interface>
+## <summary>
+## List all of the device nodes in a device directory.
+## </summary>
+## <param name="domain">
+## Domain allowed to list device nodes.
+## </param>
#
interface(`dev_list_all_dev_nodes',`
gen_require(`
@@ -104,14 +97,12 @@ interface(`dev_list_all_dev_nodes',`
')
########################################
-## <interface name="dev_dontaudit_list_all_dev_nodes">
-## <summary>
-## Dontaudit attempts to list all device nodes.
-## </summary>
-## <param name="domain">
-## Domain to dontaudit listing of device nodes.
-## </param>
-## </interface>
+## <summary>
+## Dontaudit attempts to list all device nodes.
+## </summary>
+## <param name="domain">
+## Domain to dontaudit listing of device nodes.
+## </param>
#
interface(`dev_dontaudit_list_all_dev_nodes',`
gen_require(`
@@ -123,14 +114,12 @@ interface(`dev_dontaudit_list_all_dev_nodes',`
')
########################################
-## <interface name="dev_create_dir">
-## <summary>
-## Create a directory in the device directory.
-## </summary>
-## <param name="domain">
-## Domain allowed to create the directory.
-## </param>
-## </interface>
+## <summary>
+## Create a directory in the device directory.
+## </summary>
+## <param name="domain">
+## Domain allowed to create the directory.
+## </param>
#
interface(`dev_create_dir',`
gen_require(`
@@ -142,14 +131,12 @@ interface(`dev_create_dir',`
')
########################################
-## <interface name="dev_relabel_dev_dirs">
-## <summary>
-## Allow full relabeling (to and from) of directories in /dev.
-## </summary>
-## <param name="domain">
-## Domain allowed to relabel.
-## </param>
-## </interface>
+## <summary>
+## Allow full relabeling (to and from) of directories in /dev.
+## </summary>
+## <param name="domain">
+## Domain allowed to relabel.
+## </param>
#
interface(`dev_relabel_dev_dirs',`
gen_require(`
@@ -161,14 +148,12 @@ interface(`dev_relabel_dev_dirs',`
')
########################################
-## <interface name="dev_dontaudit_getattr_generic_pipe">
-## <summary>
-## Dontaudit getattr on generic pipes.
-## </summary>
-## <param name="domain">
-## Domain to dontaudit.
-## </param>
-## </interface>
+## <summary>
+## Dontaudit getattr on generic pipes.
+## </summary>
+## <param name="domain">
+## Domain to dontaudit.
+## </param>
#
interface(`dev_dontaudit_getattr_generic_pipe',`
gen_require(`
@@ -180,14 +165,12 @@ interface(`dev_dontaudit_getattr_generic_pipe',`
')
########################################
-## <interface name="dev_getattr_generic_blk_file">
-## <summary>
-## Allow getattr on generic block devices.
-## </summary>
-## <param name="domain">
-## Domain allowed access.
-## </param>
-## </interface>
+## <summary>
+## Allow getattr on generic block devices.
+## </summary>
+## <param name="domain">
+## Domain allowed access.
+## </param>
#
interface(`dev_getattr_generic_blk_file',`
gen_require(`
@@ -201,14 +184,12 @@ interface(`dev_getattr_generic_blk_file',`
')
########################################
-## <interface name="dev_dontaudit_getattr_generic_blk_file">
-## <summary>
-## Dontaudit getattr on generic block devices.
-## </summary>
-## <param name="domain">
-## Domain to dontaudit access.
-## </param>
-## </interface>
+## <summary>
+## Dontaudit getattr on generic block devices.
+## </summary>
+## <param name="domain">
+## Domain to dontaudit access.
+## </param>
#
interface(`dev_dontaudit_getattr_generic_blk_file',`
gen_require(`
@@ -220,14 +201,12 @@ interface(`dev_dontaudit_getattr_generic_blk_file',`
')
########################################
-## <interface name="dev_dontaudit_setattr_generic_blk_file">
-## <summary>
-## Dontaudit setattr on generic block devices.
-## </summary>
-## <param name="domain">
-## Domain to dontaudit access.
-## </param>
-## </interface>
+## <summary>
+## Dontaudit setattr on generic block devices.
+## </summary>
+## <param name="domain">
+## Domain to dontaudit access.
+## </param>
#
interface(`dev_dontaudit_setattr_generic_blk_file',`
gen_require(`
@@ -239,15 +218,13 @@ interface(`dev_dontaudit_setattr_generic_blk_file',`
')
########################################
-## <interface name="dev_manage_generic_blk_file">
-## <summary>
-## Allow read, write, create, and delete for generic
-## block files.
-## </summary>
-## <param name="domain">
-## Domain allowed access.
-## </param>
-## </interface>
+## <summary>
+## Allow read, write, create, and delete for generic
+## block files.
+## </summary>
+## <param name="domain">
+## Domain allowed access.
+## </param>
#
interface(`dev_manage_generic_blk_file',`
gen_require(`
@@ -260,14 +237,12 @@ interface(`dev_manage_generic_blk_file',`
')
########################################
-## <interface name="dev_create_generic_chr_file">
-## <summary>
-## Allow read, write, and create for generic character device files.
-## </summary>
-## <param name="domain">
-## Domain allowed access.
-## </param>
-## </interface>
+## <summary>
+## Allow read, write, and create for generic character device files.
+## </summary>
+## <param name="domain">
+## Domain allowed access.
+## </param>
#
interface(`dev_create_generic_chr_file',`
gen_require(`
@@ -284,14 +259,12 @@ interface(`dev_create_generic_chr_file',`
')
########################################
-## <interface name="dev_getattr_generic_chr_file">
-## <summary>
-## Allow getattr for generic character device files.
-## </summary>
-## <param name="domain">
-## Domain allowed access.
-## </param>
-## </interface>
+## <summary>
+## Allow getattr for generic character device files.
+## </summary>
+## <param name="domain">
+## Domain allowed access.
+## </param>
#
interface(`dev_getattr_generic_chr_file',`
gen_require(`
@@ -305,14 +278,12 @@ interface(`dev_getattr_generic_chr_file',`
')
########################################
-## <interface name="dev_dontaudit_getattr_generic_chr_file">
-## <summary>
-## Dontaudit getattr for generic character device files.
-## </summary>
-## <param name="domain">
-## Domain to dontaudit access.
-## </param>
-## </interface>
+## <summary>
+## Dontaudit getattr for generic character device files.
+## </summary>
+## <param name="domain">
+## Domain to dontaudit access.
+## </param>
#
interface(`dev_dontaudit_getattr_generic_chr_file',`
gen_require(`
@@ -324,14 +295,12 @@ interface(`dev_dontaudit_getattr_generic_chr_file',`
')
########################################
-## <interface name="dev_dontaudit_setattr_generic_chr_file">
-## <summary>
-## Dontaudit setattr for generic character device files.
-## </summary>
-## <param name="domain">
-## Domain to dontaudit access.
-## </param>
-## </interface>
+## <summary>
+## Dontaudit setattr for generic character device files.
+## </summary>
+## <param name="domain">
+## Domain to dontaudit access.
+## </param>
#
interface(`dev_dontaudit_setattr_generic_chr_file',`
gen_require(`
@@ -343,14 +312,12 @@ interface(`dev_dontaudit_setattr_generic_chr_file',`
')
########################################
-## <interface name="dev_del_generic_symlinks">
-## <summary>
-## Delete symbolic links in device directories.
-## </summary>
-## <param name="domain">
-## Domain allowed access.
-## </param>
-## </interface>
+## <summary>
+## Delete symbolic links in device directories.
+## </summary>
+## <param name="domain">
+## Domain allowed access.
+## </param>
#
interface(`dev_del_generic_symlinks',`
gen_require(`
@@ -364,14 +331,12 @@ interface(`dev_del_generic_symlinks',`
')
########################################
-## <interface name="dev_manage_generic_symlinks">
-## <summary>
-## Create, delete, read, and write symbolic links in device directories.
-## </summary>
-## <param name="domain">
-## Domain allowed access.
-## </param>
-## </interface>
+## <summary>
+## Create, delete, read, and write symbolic links in device directories.
+## </summary>
+## <param name="domain">
+## Domain allowed access.
+## </param>
#
interface(`dev_manage_generic_symlinks',`
gen_require(`
@@ -385,14 +350,12 @@ interface(`dev_manage_generic_symlinks',`
')
########################################
-## <interface name="dev_manage_dev_nodes">
-## <summary>
-## Create, delete, read, and write device nodes in device directories.
-## </summary>
-## <param name="domain">
-## Domain allowed access.
-## </param>
-## </interface>
+## <summary>
+## Create, delete, read, and write device nodes in device directories.
+## </summary>
+## <param name="domain">
+## Domain allowed access.
+## </param>
#
interface(`dev_manage_dev_nodes',`
gen_require(`
@@ -423,14 +386,12 @@ interface(`dev_manage_dev_nodes',`
')
########################################
-## <interface name="dev_dontaudit_rw_generic_dev_nodes">
-## <summary>
-## Dontaudit getattr for generic device files.
-## </summary>
-## <param name="domain">
-## Domain to dontaudit access.
-## </param>
-## </interface>
+## <summary>
+## Dontaudit getattr for generic device files.
+## </summary>
+## <param name="domain">
+## Domain to dontaudit access.
+## </param>
#
interface(`dev_dontaudit_rw_generic_dev_nodes',`
gen_require(`
@@ -443,14 +404,12 @@ interface(`dev_dontaudit_rw_generic_dev_nodes',`
')
########################################
-## <interface name="dev_manage_generic_blk_file">
-## <summary>
-## Create, delete, read, and write block device files.
-## </summary>
-## <param name="domain">
-## Domain allowed access.
-## </param>
-## </interface>
+## <summary>
+## Create, delete, read, and write block device files.
+## </summary>
+## <param name="domain">
+## Domain allowed access.
+## </param>
#
interface(`dev_manage_generic_blk_file',`
gen_require(`
@@ -464,14 +423,12 @@ interface(`dev_manage_generic_blk_file',`
')
########################################
-## <interface name="dev_manage_generic_chr_file">
-## <summary>
-## Create, delete, read, and write character device files.
-## </summary>
-## <param name="domain">
-## Domain allowed access.
-## </param>
-## </interface>
+## <summary>
+## Create, delete, read, and write character device files.
+## </summary>
+## <param name="domain">
+## Domain allowed access.
+## </param>
#
interface(`dev_manage_generic_chr_file',`
gen_require(`
@@ -485,22 +442,20 @@ interface(`dev_manage_generic_chr_file',`
')
########################################
-## <interface name="dev_create_dev_node">
-## <summary>
-## Create, read, and write device nodes. The node
-## will be transitioned to the type provided.
-## </summary>
-## <param name="domain">
-## Domain allowed access.
-## </param>
-## <param name="file">
-## Type to which the created node will be transitioned.
-## </param>
-## <param name="objectclass(es)">
-## Object class(es) (single or set including {}) for which this
-## the transition will occur.
-## </param>
-## </interface>
+## <summary>
+## Create, read, and write device nodes. The node
+## will be transitioned to the type provided.
+## </summary>
+## <param name="domain">
+## Domain allowed access.
+## </param>
+## <param name="file">
+## Type to which the created node will be transitioned.
+## </param>
+## <param name="objectclass(es)">
+## Object class(es) (single or set including {}) for which this
+## the transition will occur.
+## </param>
#
interface(`dev_create_dev_node',`
gen_require(`
@@ -517,14 +472,12 @@ interface(`dev_create_dev_node',`
')
########################################
-## <interface name="dev_getattr_all_blk_files">
-## <summary>
-## Getattr on all block file device nodes.
-## </summary>
-## <param name="domain">
-## Domain allowed access.
-## </param>
-## </interface>
+## <summary>
+## Getattr on all block file device nodes.
+## </summary>
+## <param name="domain">
+## Domain allowed access.
+## </param>
#
interface(`dev_getattr_all_blk_files',`
gen_require(`
@@ -538,14 +491,12 @@ interface(`dev_getattr_all_blk_files',`
')
########################################
-## <interface name="dev_dontaudit_getattr_all_blk_files">
-## <summary>
-## Dontaudit getattr on all block file device nodes.
-## </summary>
-## <param name="domain">
-## Domain to dontaudit access.
-## </param>
-## </interface>
+## <summary>
+## Dontaudit getattr on all block file device nodes.
+## </summary>
+## <param name="domain">
+## Domain to dontaudit access.
+## </param>
#
interface(`dev_dontaudit_getattr_all_blk_files',`
gen_require(`
@@ -557,14 +508,12 @@ interface(`dev_dontaudit_getattr_all_blk_files',`
')
########################################
-## <interface name="dev_getattr_all_chr_files">
-## <summary>
-## Getattr on all character file device nodes.
-## </summary>
-## <param name="domain">
-## Domain allowed access.
-## </param>
-## </interface>
+## <summary>
+## Getattr on all character file device nodes.
+## </summary>
+## <param name="domain">
+## Domain allowed access.
+## </param>
#
interface(`dev_getattr_all_chr_files',`
gen_require(`
@@ -578,14 +527,12 @@ interface(`dev_getattr_all_chr_files',`
')
########################################
-## <interface name="dev_dontaudit_getattr_all_chr_files">
-## <summary>
-## Dontaudit getattr on all character file device nodes.
-## </summary>
-## <param name="domain">
-## Domain to dontaudit access.
-## </param>
-## </interface>
+## <summary>
+## Dontaudit getattr on all character file device nodes.
+## </summary>
+## <param name="domain">
+## Domain to dontaudit access.
+## </param>
#
interface(`dev_dontaudit_getattr_all_chr_files',`
gen_require(`
@@ -597,14 +544,12 @@ interface(`dev_dontaudit_getattr_all_chr_files',`
')
########################################
-## <interface name="dev_setattr_all_blk_files">
-## <summary>
-## Setattr on all block file device nodes.
-## </summary>
-## <param name="domain">
-## Domain allowed access.
-## </param>
-## </interface>
+## <summary>
+## Setattr on all block file device nodes.
+## </summary>
+## <param name="domain">
+## Domain allowed access.
+## </param>
#
interface(`dev_setattr_all_blk_files',`
gen_require(`
@@ -618,14 +563,12 @@ interface(`dev_setattr_all_blk_files',`
')
########################################
-## <interface name="dev_setattr_all_chr_files">
-## <summary>
-## Setattr on all character file device nodes.
-## </summary>
-## <param name="domain">
-## Domain allowed access.
-## </param>
-## </interface>
+## <summary>
+## Setattr on all character file device nodes.
+## </summary>
+## <param name="domain">
+## Domain allowed access.
+## </param>
#
interface(`dev_setattr_all_chr_files',`
gen_require(`
@@ -639,14 +582,12 @@ interface(`dev_setattr_all_chr_files',`
')
########################################
-## <interface name="dev_manage_all_blk_files">
-## <summary>
-## Read, write, create, and delete all block device files.
-## </summary>
-## <param name="domain">
-## Domain allowed access.
-## </param>
-## </interface>
+## <summary>
+## Read, write, create, and delete all block device files.
+## </summary>
+## <param name="domain">
+## Domain allowed access.
+## </param>
#
interface(`dev_manage_all_blk_files',`
gen_require(`
@@ -666,14 +607,12 @@ interface(`dev_manage_all_blk_files',`
')
########################################
-## <interface name="dev_manage_all_chr_files">
-## <summary>
-## Read, write, create, and delete all character device files.
-## </summary>
-## <param name="domain">
-## Domain allowed access.
-## </param>
-## </interface>
+## <summary>
+## Read, write, create, and delete all character device files.
+## </summary>
+## <param name="domain">
+## Domain allowed access.
+## </param>
#
interface(`dev_manage_all_chr_files',`
gen_require(`
@@ -689,14 +628,12 @@ interface(`dev_manage_all_chr_files',`
')
########################################
-## <interface name="dev_read_raw_memory">
-## <summary>
-## Read raw memory devices (e.g. /dev/mem).
-## </summary>
-## <param name="domain">
-## Domain allowed access.
-## </param>
-## </interface>
+## <summary>
+## Read raw memory devices (e.g. /dev/mem).
+## </summary>
+## <param name="domain">
+## Domain allowed access.
+## </param>
#
interface(`dev_read_raw_memory',`
gen_require(`
@@ -715,14 +652,12 @@ interface(`dev_read_raw_memory',`
')
########################################
-## <interface name="dev_write_raw_memory">
-## <summary>
-## Write raw memory devices (e.g. /dev/mem).
-## </summary>
-## <param name="domain">
-## Domain allowed access.
-## </param>
-## </interface>
+## <summary>
+## Write raw memory devices (e.g. /dev/mem).
+## </summary>
+## <param name="domain">
+## Domain allowed access.
+## </param>
#
interface(`dev_write_raw_memory',`
gen_require(`
@@ -741,14 +676,12 @@ interface(`dev_write_raw_memory',`
')
########################################
-## <interface name="dev_rx_raw_memory">
-## <summary>
-## Read and execute raw memory devices (e.g. /dev/mem).
-## </summary>
-## <param name="domain">
-## Domain allowed access.
-## </param>
-## </interface>
+## <summary>
+## Read and execute raw memory devices (e.g. /dev/mem).
+## </summary>
+## <param name="domain">
+## Domain allowed access.
+## </param>
#
interface(`dev_rx_raw_memory',`
gen_require(`
@@ -761,14 +694,12 @@ interface(`dev_rx_raw_memory',`
')
########################################
-## <interface name="dev_wx_raw_memory">
-## <summary>
-## Write and execute raw memory devices (e.g. /dev/mem).
-## </summary>
-## <param name="domain">
-## Domain allowed access.
-## </param>
-## </interface>
+## <summary>
+## Write and execute raw memory devices (e.g. /dev/mem).
+## </summary>
+## <param name="domain">
+## Domain allowed access.
+## </param>
#
interface(`dev_wx_raw_memory',`
gen_require(`
@@ -781,14 +712,12 @@ interface(`dev_wx_raw_memory',`
')
########################################
-## <interface name="dev_read_rand">
-## <summary>
-## Read from random devices (e.g., /dev/random)
-## </summary>
-## <param name="domain">
-## Domain allowed access.
-## </param>
-## </interface>
+## <summary>
+## Read from random devices (e.g., /dev/random)
+## </summary>
+## <param name="domain">
+## Domain allowed access.
+## </param>
#
interface(`dev_read_rand',`
gen_require(`
@@ -802,14 +731,12 @@ interface(`dev_read_rand',`
')
########################################
-## <interface name="dev_read_urand">
-## <summary>
-## Read from pseudo random devices (e.g., /dev/urandom)
-## </summary>
-## <param name="domain">
-## Domain allowed access.
-## </param>
-## </interface>
+## <summary>
+## Read from pseudo random devices (e.g., /dev/urandom)
+## </summary>
+## <param name="domain">
+## Domain allowed access.
+## </param>
#
interface(`dev_read_urand',`
gen_require(`
@@ -823,16 +750,14 @@ interface(`dev_read_urand',`
')
########################################
-## <interface name="dev_write_rand">
-## <summary>
-## Write to the random device (e.g., /dev/random). This adds
-## entropy used to generate the random data read from the
-## random device.
-## </summary>
-## <param name="domain">
-## Domain allowed access.
-## </param>
-## </interface>
+## <summary>
+## Write to the random device (e.g., /dev/random). This adds
+## entropy used to generate the random data read from the
+## random device.
+## </summary>
+## <param name="domain">
+## Domain allowed access.
+## </param>
#
interface(`dev_write_rand',`
gen_require(`
@@ -846,15 +771,13 @@ interface(`dev_write_rand',`
')
########################################
-## <interface name="dev_write_urand">
-## <summary>
-## Write to the pseudo random device (e.g., /dev/urandom). This
-## sets the random number generator seed.
-## </summary>
-## <param name="domain">
-## Domain allowed access.
-## </param>
-## </interface>
+## <summary>
+## Write to the pseudo random device (e.g., /dev/urandom). This
+## sets the random number generator seed.
+## </summary>
+## <param name="domain">
+## Domain allowed access.
+## </param>
#
interface(`dev_write_urand',`
gen_require(`
@@ -868,14 +791,12 @@ interface(`dev_write_urand',`
')
########################################
-## <interface name="dev_rw_null_dev">
-## <summary>
-## Read and write to the null device (/dev/null).
-## </summary>
-## <param name="domain">
-## Domain allowed access.
-## </param>
-## </interface>
+## <summary>
+## Read and write to the null device (/dev/null).
+## </summary>
+## <param name="domain">
+## Domain allowed access.
+## </param>
#
interface(`dev_rw_null_dev',`
gen_require(`
@@ -889,14 +810,12 @@ interface(`dev_rw_null_dev',`
')
########################################
-## <interface name="dev_rw_zero_dev">
-## <summary>
-## Read and write to the zero device (/dev/zero).
-## </summary>
-## <param name="domain">
-## Domain allowed access.
-## </param>
-## </interface>
+## <summary>
+## Read and write to the zero device (/dev/zero).
+## </summary>
+## <param name="domain">
+## Domain allowed access.
+## </param>
#
interface(`dev_rw_zero_dev',`
gen_require(`
@@ -910,14 +829,12 @@ interface(`dev_rw_zero_dev',`
')
########################################
-## <interface name="dev_rwx_zero_dev">
-## <summary>
-## Read, write, and execute the zero device (/dev/zero).
-## </summary>
-## <param name="domain">
-## Domain allowed access.
-## </param>
-## </interface>
+## <summary>
+## Read, write, and execute the zero device (/dev/zero).
+## </summary>
+## <param name="domain">
+## Domain allowed access.
+## </param>
#
interface(`dev_rwx_zero_dev',`
gen_require(`
@@ -930,14 +847,12 @@ interface(`dev_rwx_zero_dev',`
')
########################################
-## <interface name="dev_read_realtime_clock">
-## <summary>
-## Read the realtime clock (/dev/rtc).
-## </summary>
-## <param name="domain">
-## Domain allowed access.
-## </param>
-## </interface>
+## <summary>
+## Read the realtime clock (/dev/rtc).
+## </summary>
+## <param name="domain">
+## Domain allowed access.
+## </param>
#
interface(`dev_read_realtime_clock',`
gen_require(`
@@ -951,14 +866,12 @@ interface(`dev_read_realtime_clock',`
')
########################################
-## <interface name="dev_write_realtime_clock">
-## <summary>
-## Read the realtime clock (/dev/rtc).
-## </summary>
-## <param name="domain">
-## Domain allowed access.
-## </param>
-## </interface>
+## <summary>
+## Read the realtime clock (/dev/rtc).
+## </summary>
+## <param name="domain">
+## Domain allowed access.
+## </param>
#
interface(`dev_write_realtime_clock',`
gen_require(`
@@ -972,14 +885,12 @@ interface(`dev_write_realtime_clock',`
')
########################################
-## <interface name="dev_rw_realtime_clock">
-## <summary>
-## Read the realtime clock (/dev/rtc).
-## </summary>
-## <param name="domain">
-## Domain allowed access.
-## </param>
-## </interface>
+## <summary>
+## Read the realtime clock (/dev/rtc).
+## </summary>
+## <param name="domain">
+## Domain allowed access.
+## </param>
#
interface(`dev_rw_realtime_clock',`
dev_read_realtime_clock($1)
@@ -987,14 +898,12 @@ interface(`dev_rw_realtime_clock',`
')
########################################
-## <interface name="dev_getattr_snd_dev">
-## <summary>
-## Get the attributes of the sound devices.
-## </summary>
-## <param name="domain">
-## Domain allowed access.
-## </param>
-## </interface>
+## <summary>
+## Get the attributes of the sound devices.
+## </summary>
+## <param name="domain">
+## Domain allowed access.
+## </param>
#
interface(`dev_getattr_snd_dev',`
gen_require(`
@@ -1008,14 +917,12 @@ interface(`dev_getattr_snd_dev',`
')
########################################
-## <interface name="dev_setattr_snd_dev">
-## <summary>
-## Set the attributes of the sound devices.
-## </summary>
-## <param name="domain">
-## Domain allowed access.
-## </param>
-## </interface>
+## <summary>
+## Set the attributes of the sound devices.
+## </summary>
+## <param name="domain">
+## Domain allowed access.
+## </param>
#
interface(`dev_setattr_snd_dev',`
gen_require(`
@@ -1029,14 +936,12 @@ interface(`dev_setattr_snd_dev',`
')
########################################
-## <interface name="dev_read_snd_dev">
-## <summary>
-## Read the sound devices.
-## </summary>
-## <param name="domain">
-## Domain allowed access.
-## </param>
-## </interface>
+## <summary>
+## Read the sound devices.
+## </summary>
+## <param name="domain">
+## Domain allowed access.
+## </param>
#
interface(`dev_read_snd_dev',`
gen_require(`
@@ -1050,14 +955,12 @@ interface(`dev_read_snd_dev',`
')
########################################
-## <interface name="dev_write_snd_dev">
-## <summary>
-## Write the sound devices.
-## </summary>
-## <param name="domain">
-## Domain allowed access.
-## </param>
-## </interface>
+## <summary>
+## Write the sound devices.
+## </summary>
+## <param name="domain">
+## Domain allowed access.
+## </param>
#
interface(`dev_write_snd_dev',`
gen_require(`
@@ -1071,14 +974,12 @@ interface(`dev_write_snd_dev',`
')
########################################
-## <interface name="dev_read_snd_mixer_dev">
-## <summary>
-## Read the sound mixer devices.
-## </summary>
-## <param name="domain">
-## Domain allowed access.
-## </param>
-## </interface>
+## <summary>
+## Read the sound mixer devices.
+## </summary>
+## <param name="domain">
+## Domain allowed access.
+## </param>
#
interface(`dev_read_snd_mixer_dev',`
gen_require(`
@@ -1092,14 +993,12 @@ interface(`dev_read_snd_mixer_dev',`
')
########################################
-## <interface name="dev_write_snd_mixer_dev">
-## <summary>
-## Write the sound mixer devices.
-## </summary>
-## <param name="domain">
-## Domain allowed access.
-## </param>
-## </interface>
+## <summary>
+## Write the sound mixer devices.
+## </summary>
+## <param name="domain">
+## Domain allowed access.
+## </param>
#
interface(`dev_write_snd_mixer_dev',`
gen_require(`
@@ -1113,14 +1012,12 @@ interface(`dev_write_snd_mixer_dev',`
')
########################################
-## <interface name="dev_rw_agp_dev">
-## <summary>
-## Read and write the agp devices.
-## </summary>
-## <param name="domain">
-## Domain allowed access.
-## </param>
-## </interface>
+## <summary>
+## Read and write the agp devices.
+## </summary>
+## <param name="domain">
+## Domain allowed access.
+## </param>
#
interface(`dev_rw_agp_dev',`
gen_require(`
@@ -1134,14 +1031,12 @@ interface(`dev_rw_agp_dev',`
')
########################################
-## <interface name="dev_getattr_agp_dev">
-## <summary>
-## Getattr the agp devices.
-## </summary>
-## <param name="domain">
-## Domain allowed access.
-## </param>
-## </interface>
+## <summary>
+## Getattr the agp devices.
+## </summary>
+## <param name="domain">
+## Domain allowed access.
+## </param>
#
interface(`dev_getattr_agp_dev',`
gen_require(`
@@ -1155,14 +1050,12 @@ interface(`dev_getattr_agp_dev',`
')
########################################
-## <interface name="dev_rw_dri_dev">
-## <summary>
-## Read and write the dri devices.
-## </summary>
-## <param name="domain">
-## Domain allowed access.
-## </param>
-## </interface>
+## <summary>
+## Read and write the dri devices.
+## </summary>
+## <param name="domain">
+## Domain allowed access.
+## </param>
#
interface(`dev_rw_dri_dev',`
gen_require(`
@@ -1176,14 +1069,12 @@ interface(`dev_rw_dri_dev',`
')
########################################
-## <interface name="dev_dontaudit_rw_dri_dev">
-## <summary>
-## Dontaudit read and write on the dri devices.
-## </summary>
-## <param name="domain">
-## Domain to dontaudit access.
-## </param>
-## </interface>
+## <summary>
+## Dontaudit read and write on the dri devices.
+## </summary>
+## <param name="domain">
+## Domain to dontaudit access.
+## </param>
#
interface(`dev_dontaudit_rw_dri_dev',`
gen_require(`
@@ -1195,14 +1086,12 @@ interface(`dev_dontaudit_rw_dri_dev',`
')
########################################
-## <interface name="dev_read_mtrr">
-## <summary>
-## Read the mtrr device.
-## </summary>
-## <param name="domain">
-## Domain allowed access.
-## </param>
-## </interface>
+## <summary>
+## Read the mtrr device.
+## </summary>
+## <param name="domain">
+## Domain allowed access.
+## </param>
#
interface(`dev_read_mtrr',`
gen_require(`
@@ -1216,14 +1105,12 @@ interface(`dev_read_mtrr',`
')
########################################
-## <interface name="dev_write_mtrr">
-## <summary>
-## Write the mtrr device.
-## </summary>
-## <param name="domain">
-## Domain allowed access.
-## </param>
-## </interface>
+## <summary>
+## Write the mtrr device.
+## </summary>
+## <param name="domain">
+## Domain allowed access.
+## </param>
#
interface(`dev_write_mtrr',`
gen_require(`
@@ -1237,14 +1124,12 @@ interface(`dev_write_mtrr',`
')
########################################
-## <interface name="dev_getattr_framebuffer">
-## <summary>
-## Get the attributes of the framebuffer device.
-## </summary>
-## <param name="domain">
-## Domain allowed access.
-## </param>
-## </interface>
+## <summary>
+## Get the attributes of the framebuffer device.
+## </summary>
+## <param name="domain">
+## Domain allowed access.
+## </param>
#
interface(`dev_getattr_framebuffer',`
gen_require(`
@@ -1258,14 +1143,12 @@ interface(`dev_getattr_framebuffer',`
')
########################################
-## <interface name="dev_setattr_framebuffer">
-## <summary>
-## Set the attributes of the framebuffer device.
-## </summary>
-## <param name="domain">
-## Domain allowed access.
-## </param>
-## </interface>
+## <summary>
+## Set the attributes of the framebuffer device.
+## </summary>
+## <param name="domain">
+## Domain allowed access.
+## </param>
#
interface(`dev_setattr_framebuffer',`
gen_require(`
@@ -1279,14 +1162,12 @@ interface(`dev_setattr_framebuffer',`
')
########################################
-## <interface name="dev_read_framebuffer">
-## <summary>
-## Read the framebuffer device.
-## </summary>
-## <param name="domain">
-## Domain allowed access.
-## </param>
-## </interface>
+## <summary>
+## Read the framebuffer device.
+## </summary>
+## <param name="domain">
+## Domain allowed access.
+## </param>
#
interface(`dev_read_framebuffer',`
gen_require(`
@@ -1300,14 +1181,12 @@ interface(`dev_read_framebuffer',`
')
########################################
-## <interface name="dev_write_framebuffer">
-## <summary>
-## Write the framebuffer device.
-## </summary>
-## <param name="domain">
-## Domain allowed access.
-## </param>
-## </interface>
+## <summary>
+## Write the framebuffer device.
+## </summary>
+## <param name="domain">
+## Domain allowed access.
+## </param>
#
interface(`dev_write_framebuffer',`
gen_require(`
@@ -1321,14 +1200,12 @@ interface(`dev_write_framebuffer',`
')
########################################
-## <interface name="dev_read_lvm_control">
-## <summary>
-## Read the lvm comtrol device.
-## </summary>
-## <param name="domain">
-## Domain allowed access.
-## </param>
-## </interface>
+## <summary>
+## Read the lvm comtrol device.
+## </summary>
+## <param name="domain">
+## Domain allowed access.
+## </param>
#
interface(`dev_read_lvm_control',`
gen_require(`
@@ -1342,14 +1219,12 @@ interface(`dev_read_lvm_control',`
')
########################################
-## <interface name="dev_rw_lvm_control">
-## <summary>
-## Read and write the lvm control device.
-## </summary>
-## <param name="domain">
-## Domain allowed access.
-## </param>
-## </interface>
+## <summary>
+## Read and write the lvm control device.
+## </summary>
+## <param name="domain">
+## Domain allowed access.
+## </param>
#
interface(`dev_rw_lvm_control',`
gen_require(`
@@ -1363,14 +1238,12 @@ interface(`dev_rw_lvm_control',`
')
########################################
-## <interface name="dev_delete_lvm_control">
-## <summary>
-## Delete the lvm control device.
-## </summary>
-## <param name="domain">
-## Domain allowed access.
-## </param>
-## </interface>
+## <summary>
+## Delete the lvm control device.
+## </summary>
+## <param name="domain">
+## Domain allowed access.
+## </param>
#
interface(`dev_delete_lvm_control',`
gen_require(`
@@ -1384,14 +1257,12 @@ interface(`dev_delete_lvm_control',`
')
########################################
-## <interface name="dev_getattr_misc">
-## <summary>
-## Get the attributes of miscellaneous devices.
-## </summary>
-## <param name="domain">
-## Domain allowed access.
-## </param>
-## </interface>
+## <summary>
+## Get the attributes of miscellaneous devices.
+## </summary>
+## <param name="domain">
+## Domain allowed access.
+## </param>
#
interface(`dev_getattr_misc',`
gen_require(`
@@ -1405,15 +1276,13 @@ interface(`dev_getattr_misc',`
')
########################################
-## <interface name="dev_dontaudit_getattr_misc">
-## <summary>
-## Do not audit attempts to get the attributes
-## of miscellaneous devices.
-## </summary>
-## <param name="domain">
-## Domain allowed access.
-## </param>
-## </interface>
+## <summary>
+## Do not audit attempts to get the attributes
+## of miscellaneous devices.
+## </summary>
+## <param name="domain">
+## Domain allowed access.
+## </param>
#
interface(`dev_dontaudit_getattr_misc',`
gen_require(`
@@ -1425,14 +1294,12 @@ interface(`dev_dontaudit_getattr_misc',`
')
########################################
-## <interface name="dev_setattr_misc">
-## <summary>
-## Set the attributes of miscellaneous devices.
-## </summary>
-## <param name="domain">
-## Domain allowed access.
-## </param>
-## </interface>
+## <summary>
+## Set the attributes of miscellaneous devices.
+## </summary>
+## <param name="domain">
+## Domain allowed access.
+## </param>
#
interface(`dev_setattr_misc',`
gen_require(`
@@ -1446,15 +1313,13 @@ interface(`dev_setattr_misc',`
')
########################################
-## <interface name="dev_dontaudit_setattr_misc">
-## <summary>
-## Do not audit attempts to set the attributes
-## of miscellaneous devices.
-## </summary>
-## <param name="domain">
-## Domain allowed access.
-## </param>
-## </interface>
+## <summary>
+## Do not audit attempts to set the attributes
+## of miscellaneous devices.
+## </summary>
+## <param name="domain">
+## Domain allowed access.
+## </param>
#
interface(`dev_dontaudit_setattr_misc',`
gen_require(`
@@ -1466,14 +1331,12 @@ interface(`dev_dontaudit_setattr_misc',`
')
########################################
-## <interface name="dev_read_misc">
-## <summary>
-## Read miscellaneous devices.
-## </summary>
-## <param name="domain">
-## Domain allowed access.
-## </param>
-## </interface>
+## <summary>
+## Read miscellaneous devices.
+## </summary>
+## <param name="domain">
+## Domain allowed access.
+## </param>
#
interface(`dev_read_misc',`
gen_require(`
@@ -1487,14 +1350,12 @@ interface(`dev_read_misc',`
')
########################################
-## <interface name="dev_write_misc">
-## <summary>
-## Write miscellaneous devices.
-## </summary>
-## <param name="domain">
-## Domain allowed access.
-## </param>
-## </interface>
+## <summary>
+## Write miscellaneous devices.
+## </summary>
+## <param name="domain">
+## Domain allowed access.
+## </param>
#
interface(`dev_write_misc',`
gen_require(`
@@ -1508,14 +1369,12 @@ interface(`dev_write_misc',`
')
########################################
-## <interface name="dev_getattr_mouse">
-## <summary>
-## Get the attributes of the mouse devices.
-## </summary>
-## <param name="domain">
-## Domain allowed access.
-## </param>
-## </interface>
+## <summary>
+## Get the attributes of the mouse devices.
+## </summary>
+## <param name="domain">
+## Domain allowed access.
+## </param>
#
interface(`dev_getattr_mouse',`
gen_require(`
@@ -1529,14 +1388,12 @@ interface(`dev_getattr_mouse',`
')
########################################
-## <interface name="dev_setattr_mouse">
-## <summary>
-## Set the attributes of the mouse devices.
-## </summary>
-## <param name="domain">
-## Domain allowed access.
-## </param>
-## </interface>
+## <summary>
+## Set the attributes of the mouse devices.
+## </summary>
+## <param name="domain">
+## Domain allowed access.
+## </param>
#
interface(`dev_setattr_mouse',`
gen_require(`
@@ -1550,14 +1407,12 @@ interface(`dev_setattr_mouse',`
')
########################################
-## <interface name="dev_read_mouse">
-## <summary>
-## Read the mouse devices.
-## </summary>
-## <param name="domain">
-## Domain allowed access.
-## </param>
-## </interface>
+## <summary>
+## Read the mouse devices.
+## </summary>
+## <param name="domain">
+## Domain allowed access.
+## </param>
#
interface(`dev_read_mouse',`
gen_require(`
@@ -1571,14 +1426,12 @@ interface(`dev_read_mouse',`
')
########################################
-## <interface name="dev_read_input">
-## <summary>
-## Read the multiplexed input device (/dev/input).
-## </summary>
-## <param name="domain">
-## Domain allowed access.
-## </param>
-## </interface>
+## <summary>
+## Read the multiplexed input device (/dev/input).
+## </summary>
+## <param name="domain">
+## Domain allowed access.
+## </param>
#
interface(`dev_read_input',`
gen_require(`
@@ -1592,14 +1445,12 @@ interface(`dev_read_input',`
')
########################################
-## <interface name="dev_read_cpuid">
-## <summary>
-## Read the multiplexed input device (/dev/input).
-## </summary>
-## <param name="domain">
-## Domain allowed access.
-## </param>
-## </interface>
+## <summary>
+## Read the multiplexed input device (/dev/input).
+## </summary>
+## <param name="domain">
+## Domain allowed access.
+## </param>
#
interface(`dev_read_cpuid',`
gen_require(`
@@ -1613,15 +1464,13 @@ interface(`dev_read_cpuid',`
')
########################################
-## <interface name="dev_rw_cpu_microcode">
-## <summary>
-## Read and write the the cpu microcode device. This
-## is required to load cpu microcode.
-## </summary>
-## <param name="domain">
-## Domain allowed access.
-## </param>
-## </interface>
+## <summary>
+## Read and write the the cpu microcode device. This
+## is required to load cpu microcode.
+## </summary>
+## <param name="domain">
+## Domain allowed access.
+## </param>
#
interface(`dev_rw_cpu_microcode',`
gen_require(`
@@ -1635,14 +1484,12 @@ interface(`dev_rw_cpu_microcode',`
')
########################################
-## <interface name="dev_getattr_scanner">
-## <summary>
-## Get the attributes of the scanner device.
-## </summary>
-## <param name="domain">
-## Domain allowed access.
-## </param>
-## </interface>
+## <summary>
+## Get the attributes of the scanner device.
+## </summary>
+## <param name="domain">
+## Domain allowed access.
+## </param>
#
interface(`dev_getattr_scanner',`
gen_require(`
@@ -1656,15 +1503,13 @@ interface(`dev_getattr_scanner',`
')
########################################
-## <interface name="dev_dontaudit_getattr_scanner">
-## <summary>
-## Do not audit attempts to get the attributes of
-## the scanner device.
-## </summary>
-## <param name="domain">
-## Domain to not audit.
-## </param>
-## </interface>
+## <summary>
+## Do not audit attempts to get the attributes of
+## the scanner device.
+## </summary>
+## <param name="domain">
+## Domain to not audit.
+## </param>
#
interface(`dev_dontaudit_getattr_scanner',`
gen_require(`
@@ -1676,14 +1521,12 @@ interface(`dev_dontaudit_getattr_scanner',`
')
########################################
-## <interface name="dev_setattr_scanner">
-## <summary>
-## Set the attributes of the scanner device.
-## </summary>
-## <param name="domain">
-## Domain allowed access.
-## </param>
-## </interface>
+## <summary>
+## Set the attributes of the scanner device.
+## </summary>
+## <param name="domain">
+## Domain allowed access.
+## </param>
#
interface(`dev_setattr_scanner',`
gen_require(`
@@ -1697,15 +1540,13 @@ interface(`dev_setattr_scanner',`
')
########################################
-## <interface name="dev_dontaudit_setattr_scanner">
-## <summary>
-## Do not audit attempts to set the attributes of
-## the scanner device.
-## </summary>
-## <param name="domain">
-## Domain to not audit.
-## </param>
-## </interface>
+## <summary>
+## Do not audit attempts to set the attributes of
+## the scanner device.
+## </summary>
+## <param name="domain">
+## Domain to not audit.
+## </param>
#
interface(`dev_dontaudit_setattr_scanner',`
gen_require(`
@@ -1717,14 +1558,12 @@ interface(`dev_dontaudit_setattr_scanner',`
')
########################################
-## <interface name="dev_rw_scanner">
-## <summary>
-## Read and write the scanner device.
-## </summary>
-## <param name="domain">
-## Domain allowed access.
-## </param>
-## </interface>
+## <summary>
+## Read and write the scanner device.
+## </summary>
+## <param name="domain">
+## Domain allowed access.
+## </param>
#
interface(`dev_rw_scanner',`
gen_require(`
@@ -1738,14 +1577,12 @@ interface(`dev_rw_scanner',`
')
########################################
-## <interface name="dev_getattr_power_management">
-## <summary>
-## Get the attributes of the the power management device.
-## </summary>
-## <param name="domain">
-## Domain allowed access.
-## </param>
-## </interface>
+## <summary>
+## Get the attributes of the the power management device.
+## </summary>
+## <param name="domain">
+## Domain allowed access.
+## </param>
#
interface(`dev_getattr_power_management',`
gen_require(`
@@ -1759,14 +1596,12 @@ interface(`dev_getattr_power_management',`
')
########################################
-## <interface name="dev_setattr_power_management">
-## <summary>
-## Set the attributes of the the power management device.
-## </summary>
-## <param name="domain">
-## Domain allowed access.
-## </param>
-## </interface>
+## <summary>
+## Set the attributes of the the power management device.
+## </summary>
+## <param name="domain">
+## Domain allowed access.
+## </param>
#
interface(`dev_setattr_power_management',`
gen_require(`
@@ -1780,14 +1615,12 @@ interface(`dev_setattr_power_management',`
')
########################################
-## <interface name="dev_rw_power_management">
-## <summary>
-## Read and write the the power management device.
-## </summary>
-## <param name="domain">
-## Domain allowed access.
-## </param>
-## </interface>
+## <summary>
+## Read and write the the power management device.
+## </summary>
+## <param name="domain">
+## Domain allowed access.
+## </param>
#
interface(`dev_rw_power_management',`
gen_require(`
@@ -1801,14 +1634,12 @@ interface(`dev_rw_power_management',`
')
########################################
-## <interface name="dev_getattr_sysfs_dir">
-## <summary>
-## Get the attributes of sysfs directories.
-## </summary>
-## <param name="domain">
-## The type of the process performing this action.
-## </param>
-## </interface>
+## <summary>
+## Get the attributes of sysfs directories.
+## </summary>
+## <param name="domain">
+## The type of the process performing this action.
+## </param>
#
interface(`dev_getattr_sysfs_dir',`
gen_require(`
@@ -1820,14 +1651,12 @@ interface(`dev_getattr_sysfs_dir',`
')
########################################
-## <interface name="dev_search_sysfs">
-## <summary>
-## Search the directory containing hardware information.
-## </summary>
-## <param name="domain">
-## The type of the process performing this action.
-## </param>
-## </interface>
+## <summary>
+## Search the directory containing hardware information.
+## </summary>
+## <param name="domain">
+## The type of the process performing this action.
+## </param>
#
interface(`dev_search_sysfs',`
gen_require(`
@@ -1839,14 +1668,12 @@ interface(`dev_search_sysfs',`
')
########################################
-## <interface name="dev_read_sysfs">
-## <summary>
-## Allow caller to read hardware state information.
-## </summary>
-## <param name="domain">
-## The process type reading hardware state information.
-## </param>
-## </interface>
+## <summary>
+## Allow caller to read hardware state information.
+## </summary>
+## <param name="domain">
+## The process type reading hardware state information.
+## </param>
#
interface(`dev_read_sysfs',`
gen_require(`
@@ -1861,14 +1688,12 @@ interface(`dev_read_sysfs',`
')
########################################
-## <interface name="dev_rw_sysfs">
-## <summary>
-## Allow caller to modify hardware state information.
-## </summary>
-## <param name="domain">
-## The process type modifying hardware state information.
-## </param>
-## </interface>
+## <summary>
+## Allow caller to modify hardware state information.
+## </summary>
+## <param name="domain">
+## The process type modifying hardware state information.
+## </param>
#
interface(`dev_rw_sysfs',`
gen_require(`
@@ -1884,14 +1709,12 @@ interface(`dev_rw_sysfs',`
')
########################################
-## <interface name="dev_search_usbfs">
-## <summary>
-## Search the directory containing USB hardware information.
-## </summary>
-## <param name="domain">
-## The type of the process performing this action.
-## </param>
-## </interface>
+## <summary>
+## Search the directory containing USB hardware information.
+## </summary>
+## <param name="domain">
+## The type of the process performing this action.
+## </param>
#
interface(`dev_search_usbfs',`
gen_require(`
@@ -1903,14 +1726,12 @@ interface(`dev_search_usbfs',`
')
########################################
-## <interface name="dev_list_usbfs">
-## <summary>
-## Allow caller to get a list of usb hardware.
-## </summary>
-## <param name="domain">
-## The process type getting the list.
-## </param>
-## </interface>
+## <summary>
+## Allow caller to get a list of usb hardware.
+## </summary>
+## <param name="domain">
+## The process type getting the list.
+## </param>
#
interface(`dev_list_usbfs',`
gen_require(`
@@ -1926,15 +1747,13 @@ interface(`dev_list_usbfs',`
')
########################################
-## <interface name="dev_read_usbfs">
-## <summary>
-## Read USB hardware information using
-## the usbfs filesystem interface.
-## </summary>
-## <param name="domain">
-## The type of the process performing this action.
-## </param>
-## </interface>
+## <summary>
+## Read USB hardware information using
+## the usbfs filesystem interface.
+## </summary>
+## <param name="domain">
+## The type of the process performing this action.
+## </param>
#
interface(`dev_read_usbfs',`
gen_require(`
@@ -1949,14 +1768,12 @@ interface(`dev_read_usbfs',`
')
########################################
-## <interface name="dev_rw_usbfs">
-## <summary>
-## Allow caller to modify usb hardware configuration files.
-## </summary>
-## <param name="domain">
-## The process type modifying the options.
-## </param>
-## </interface>
+## <summary>
+## Allow caller to modify usb hardware configuration files.
+## </summary>
+## <param name="domain">
+## The process type modifying the options.
+## </param>
#
interface(`dev_rw_usbfs',`
gen_require(`
@@ -1972,14 +1789,12 @@ interface(`dev_rw_usbfs',`
')
########################################
-## <interface name="dev_getattr_video_dev">
-## <summary>
-## Get the attributes of video4linux devices.
-## </summary>
-## <param name="domain">
-## The process type modifying the options.
-## </param>
-## </interface>
+## <summary>
+## Get the attributes of video4linux devices.
+## </summary>
+## <param name="domain">
+## The process type modifying the options.
+## </param>
#
interface(`dev_getattr_video_dev',`
gen_require(`
@@ -1993,14 +1808,12 @@ interface(`dev_getattr_video_dev',`
')
########################################
-## <interface name="dev_setattr_video_dev">
-## <summary>
-## Set the attributes of video4linux devices.
-## </summary>
-## <param name="domain">
-## The process type modifying the options.
-## </param>
-## </interface>
+## <summary>
+## Set the attributes of video4linux devices.
+## </summary>
+## <param name="domain">
+## The process type modifying the options.
+## </param>
#
interface(`dev_setattr_video_dev',`
gen_require(`
@@ -2013,4 +1826,3 @@ interface(`dev_setattr_video_dev',`
allow $1 v4l_device_t:chr_file setattr;
')
-## </module>
diff --git a/refpolicy/policy/modules/kernel/filesystem.if b/refpolicy/policy/modules/kernel/filesystem.if
index 0261476..8e1e7d3 100644
--- a/refpolicy/policy/modules/kernel/filesystem.if
+++ b/refpolicy/policy/modules/kernel/filesystem.if
@@ -1,15 +1,12 @@
-## <module name="filesystem">
## <summary>Policy for filesystems.</summary>
########################################
-## <interface name="fs_make_fs">
-## <desc>
-## Transform specified type into a filesystem type.
-## </desc>
-## <param name="domain">
-## The type of the process performing this action.
-## </param>
-## </interface>
+## <desc>
+## Transform specified type into a filesystem type.
+## </desc>
+## <param name="domain">
+## The type of the process performing this action.
+## </param>
#
interface(`fs_make_fs',`
gen_require(`
@@ -20,16 +17,14 @@ interface(`fs_make_fs',`
')
########################################
-## <interface name="fs_make_noxattr_fs">
-## <desc>
-## Transform specified type into a filesystem
-## type which does not have extended attribute
-## support.
-## </desc>
-## <param name="domain">
-## The type of the process performing this action.
-## </param>
-## </interface>
+## <desc>
+## Transform specified type into a filesystem
+## type which does not have extended attribute
+## support.
+## </desc>
+## <param name="domain">
+## The type of the process performing this action.
+## </param>
#
interface(`fs_make_noxattr_fs',`
gen_require(`
@@ -42,17 +37,15 @@ interface(`fs_make_noxattr_fs',`
')
########################################
-## <interface name="fs_associate">
-## <desc>
-## Associate the specified file type to persistent
-## filesystems with extended attributes. This
-## allows a file of this type to be created on
-## a filesystem such as ext3, JFS, and XFS.
-## </desc>
-## <param name="file_type">
-## The type of the to be associated.
-## </param>
-## </interface>
+## <desc>
+## Associate the specified file type to persistent
+## filesystems with extended attributes. This
+## allows a file of this type to be created on
+## a filesystem such as ext3, JFS, and XFS.
+## </desc>
+## <param name="file_type">
+## The type of the to be associated.
+## </param>
#
interface(`fs_associate',`
gen_require(`
@@ -64,18 +57,16 @@ interface(`fs_associate',`
')
########################################
-## <interface name="fs_associate_noxattr">
-## <desc>
-## Associate the specified file type to
-## filesystems which lack extended attributes
-## support. This allows a file of this type
-## to be created on a filesystem such as
-## FAT32, and NFS.
-## </desc>
-## <param name="file_type">
-## The type of the to be associated.
-## </param>
-## </interface>
+## <desc>
+## Associate the specified file type to
+## filesystems which lack extended attributes
+## support. This allows a file of this type
+## to be created on a filesystem such as
+## FAT32, and NFS.
+## </desc>
+## <param name="file_type">
+## The type of the to be associated.
+## </param>
#
interface(`fs_associate_noxattr',`
gen_require(`
@@ -87,16 +78,14 @@ interface(`fs_associate_noxattr',`
')
########################################
-## <interface name="fs_mount_xattr_fs">
-## <desc>
-## Mount a persistent filesystem which
-## has extended attributes, such as
-## ext3, JFS, or XFS.
-## </desc>
-## <param name="domain">
-## The type of the domain mounting the filesystem.
-## </param>
-## </interface>
+## <desc>
+## Mount a persistent filesystem which
+## has extended attributes, such as
+## ext3, JFS, or XFS.
+## </desc>
+## <param name="domain">
+## The type of the domain mounting the filesystem.
+## </param>
#
interface(`fs_mount_xattr_fs',`
gen_require(`
@@ -108,17 +97,15 @@ interface(`fs_mount_xattr_fs',`
')
########################################
-## <interface name="fs_remount_xattr_fs">
-## <desc>
-## Remount a persistent filesystem which
-## has extended attributes, such as
-## ext3, JFS, or XFS. This allows
-## some mount options to be changed.
-## </desc>
-## <param name="domain">
-## The type of the domain remounting the filesystem.
-## </param>
-## </interface>
+## <desc>
+## Remount a persistent filesystem which
+## has extended attributes, such as
+## ext3, JFS, or XFS. This allows
+## some mount options to be changed.
+## </desc>
+## <param name="domain">
+## The type of the domain remounting the filesystem.
+## </param>
#
interface(`fs_remount_xattr_fs',`
gen_require(`
@@ -130,16 +117,14 @@ interface(`fs_remount_xattr_fs',`
')
########################################
-## <interface name="fs_unmount_xattr_fs">
-## <desc>
-## Unmount a persistent filesystem which
-## has extended attributes, such as
-## ext3, JFS, or XFS.
-## </desc>
-## <param name="domain">
-## The type of the domain unmounting the filesystem.
-## </param>
-## </interface>
+## <desc>
+## Unmount a persistent filesystem which
+## has extended attributes, such as
+## ext3, JFS, or XFS.
+## </desc>
+## <param name="domain">
+## The type of the domain unmounting the filesystem.
+## </param>
#
interface(`fs_unmount_xattr_fs',`
gen_require(`
@@ -151,17 +136,15 @@ interface(`fs_unmount_xattr_fs',`
')
########################################
-## <interface name="fs_getattr_xattr_fs">
-## <desc>
-## Get the attributes of a persistent
-## filesystem which has extended
-## attributes, such as ext3, JFS, or XFS.
-## </desc>
-## <param name="domain">
-## The type of the domain doing the
-## getattr on the filesystem.
-## </param>
-## </interface>
+## <desc>
+## Get the attributes of a persistent
+## filesystem which has extended
+## attributes, such as ext3, JFS, or XFS.
+## </desc>
+## <param name="domain">
+## The type of the domain doing the
+## getattr on the filesystem.
+## </param>
#
interface(`fs_getattr_xattr_fs',`
gen_require(`
@@ -173,17 +156,15 @@ interface(`fs_getattr_xattr_fs',`
')
########################################
-## <interface name="fs_dontaudit_getattr_xattr_fs">
-## <desc>
-## Do not audit attempts to
-## get the attributes of a persistent
-## filesystem which has extended
-## attributes, such as ext3, JFS, or XFS.
-## </desc>
-## <param name="domain">
-## The type of the domain to not audit.
-## </param>
-## </interface>
+## <desc>
+## Do not audit attempts to
+## get the attributes of a persistent
+## filesystem which has extended
+## attributes, such as ext3, JFS, or XFS.
+## </desc>
+## <param name="domain">
+## The type of the domain to not audit.
+## </param>
#
interface(`fs_dontaudit_getattr_xattr_fs',`
gen_require(`
@@ -195,16 +176,14 @@ interface(`fs_dontaudit_getattr_xattr_fs',`
')
########################################
-## <interface name="fs_relabelfrom_xattr_fs">
-## <desc>
-## Allow changing of the label of a
-## filesystem with extended attributes
-## using the context= mount option.
-## </desc>
-## <param name="domain">
-## The type of the domain mounting the filesystem.
-## </param>
-## </interface>
+## <desc>
+## Allow changing of the label of a
+## filesystem with extended attributes
+## using the context= mount option.
+## </desc>
+## <param name="domain">
+## The type of the domain mounting the filesystem.
+## </param>
#
interface(`fs_relabelfrom_xattr_fs',`
gen_require(`
@@ -216,14 +195,12 @@ interface(`fs_relabelfrom_xattr_fs',`
')
########################################
-## <interface name="fs_mount_autofs">
-## <desc>
-## Mount an automount pseudo filesystem.
-## </desc>
-## <param name="domain">
-## The type of the domain mounting the filesystem.
-## </param>
-## </interface>
+## <desc>
+## Mount an automount pseudo filesystem.
+## </desc>
+## <param name="domain">
+## The type of the domain mounting the filesystem.
+## </param>
#
interface(`fs_mount_autofs',`
gen_require(`
@@ -236,15 +213,13 @@ interface(`fs_mount_autofs',`
########################################
-## <interface name="fs_remount_autofs">
-## <desc>
-## Remount an automount pseudo filesystem
-## This allows some mount options to be changed.
-## </desc>
-## <param name="domain">
-## The type of the domain remounting the filesystem.
-## </param>
-## </interface>
+## <desc>
+## Remount an automount pseudo filesystem
+## This allows some mount options to be changed.
+## </desc>
+## <param name="domain">
+## The type of the domain remounting the filesystem.
+## </param>
#
interface(`fs_remount_autofs',`
gen_require(`
@@ -256,14 +231,12 @@ interface(`fs_remount_autofs',`
')
########################################
-## <interface name="fs_unmount_autofs">
-## <desc>
-## Unmount an automount pseudo filesystem.
-## </desc>
-## <param name="domain">
-## The type of the domain unmounting the filesystem.
-## </param>
-## </interface>
+## <desc>
+## Unmount an automount pseudo filesystem.
+## </desc>
+## <param name="domain">
+## The type of the domain unmounting the filesystem.
+## </param>
#
interface(`fs_unmount_autofs',`
gen_require(`
@@ -275,16 +248,14 @@ interface(`fs_unmount_autofs',`
')
########################################
-## <interface name="fs_getattr_autofs">
-## <desc>
-## Get the attributes of an automount
-## pseudo filesystem.
-## </desc>
-## <param name="domain">
-## The type of the domain doing the
-## getattr on the filesystem.
-## </param>
-## </interface>
+## <desc>
+## Get the attributes of an automount
+## pseudo filesystem.
+## </desc>
+## <param name="domain">
+## The type of the domain doing the
+## getattr on the filesystem.
+## </param>
#
interface(`fs_getattr_autofs',`
gen_require(`
@@ -296,21 +267,19 @@ interface(`fs_getattr_autofs',`
')
########################################
-## <interface name="fs_register_binary_executable_type">
-## <desc>
-## Register an interpreter for new binary
-## file types, using the kernel binfmt_misc
-## support. A common use for this is to
-## register a JVM as an interpreter for
-## Java byte code. Registered binaries
-## can be directly executed on a command line
-## without specifying the interpreter.
-## </desc>
-## <param name="domain">
-## The type of the domain registering
-## the interpreter.
-## </param>
-## </interface>
+## <desc>
+## Register an interpreter for new binary
+## file types, using the kernel binfmt_misc
+## support. A common use for this is to
+## register a JVM as an interpreter for
+## Java byte code. Registered binaries
+## can be directly executed on a command line
+## without specifying the interpreter.
+## </desc>
+## <param name="domain">
+## The type of the domain registering
+## the interpreter.
+## </param>
#
interface(`fs_register_binary_executable_type',`
gen_require(`
@@ -324,14 +293,12 @@ interface(`fs_register_binary_executable_type',`
')
########################################
-## <interface name="fs_mount_cifs">
-## <desc>
-## Mount a CIFS or SMB network filesystem.
-## </desc>
-## <param name="domain">
-## The type of the domain mounting the filesystem.
-## </param>
-## </interface>
+## <desc>
+## Mount a CIFS or SMB network filesystem.
+## </desc>
+## <param name="domain">
+## The type of the domain mounting the filesystem.
+## </param>
#
interface(`fs_mount_cifs',`
gen_require(`
@@ -343,15 +310,13 @@ interface(`fs_mount_cifs',`
')
########################################
-## <interface name="fs_remount_cifs">
-## <desc>
-## Remount a CIFS or SMB network filesystem.
-## This allows some mount options to be changed.
-## </desc>
-## <param name="domain">
-## The type of the domain mounting the filesystem.
-## </param>
-## </interface>
+## <desc>
+## Remount a CIFS or SMB network filesystem.
+## This allows some mount options to be changed.
+## </desc>
+## <param name="domain">
+## The type of the domain mounting the filesystem.
+## </param>
#
interface(`fs_remount_cifs',`
gen_require(`
@@ -363,14 +328,12 @@ interface(`fs_remount_cifs',`
')
########################################
-## <interface name="fs_unmount_cifs">
-## <desc>
-## Unmount a CIFS or SMB network filesystem.
-## </desc>
-## <param name="domain">
-## The type of the domain mounting the filesystem.
-## </param>
-## </interface>
+## <desc>
+## Unmount a CIFS or SMB network filesystem.
+## </desc>
+## <param name="domain">
+## The type of the domain mounting the filesystem.
+## </param>
#
interface(`fs_unmount_cifs',`
gen_require(`
@@ -382,16 +345,14 @@ interface(`fs_unmount_cifs',`
')
########################################
-## <interface name="fs_getattr_cifs">
-## <desc>
-## Get the attributes of a CIFS or
-## SMB network filesystem.
-## </desc>
-## <param name="domain">
-## The type of the domain doing the
-## getattr on the filesystem.
-## </param>
-## </interface>
+## <desc>
+## Get the attributes of a CIFS or
+## SMB network filesystem.
+## </desc>
+## <param name="domain">
+## The type of the domain doing the
+## getattr on the filesystem.
+## </param>
#
interface(`fs_getattr_cifs',`
gen_require(`
@@ -403,14 +364,12 @@ interface(`fs_getattr_cifs',`
')
########################################
-## <interface name="fs_read_cifs_files">
-## <desc>
-## Read files on a CIFS or SMB filesystem.
-## </desc>
-## <param name="domain">
-## The type of the domain reading the files.
-## </param>
-## </interface>
+## <desc>
+## Read files on a CIFS or SMB filesystem.
+## </desc>
+## <param name="domain">
+## The type of the domain reading the files.
+## </param>
#
interface(`fs_read_cifs_files',`
gen_require(`
@@ -424,15 +383,13 @@ interface(`fs_read_cifs_files',`
')
########################################
-## <interface name="fs_dontaudit_rw_cifs_files">
-## <desc>
-## Do not audit attempts to read or
-## write files on a CIFS or SMB filesystem.
-## </desc>
-## <param name="domain">
-## The type of the domain to not audit.
-## </param>
-## </interface>
+## <desc>
+## Do not audit attempts to read or
+## write files on a CIFS or SMB filesystem.
+## </desc>
+## <param name="domain">
+## The type of the domain to not audit.
+## </param>
#
interface(`fs_dontaudit_rw_cifs_files',`
gen_require(`
@@ -444,14 +401,12 @@ interface(`fs_dontaudit_rw_cifs_files',`
')
########################################
-## <interface name="fs_read_cifs_symlinks">
-## <desc>
-## Read symbolic links on a CIFS or SMB filesystem.
-## </desc>
-## <param name="domain">
-## The type of the domain reading the symbolic links.
-## </param>
-## </interface>
+## <desc>
+## Read symbolic links on a CIFS or SMB filesystem.
+## </desc>
+## <param name="domain">
+## The type of the domain reading the symbolic links.
+## </param>
#
interface(`fs_read_cifs_symlinks',`
gen_require(`
@@ -465,16 +420,14 @@ interface(`fs_read_cifs_symlinks',`
')
########################################
-## <interface name="fs_execute_cifs_files">
-## <desc>
-## Execute files on a CIFS or SMB
-## network filesystem, in the caller
-## domain.
-## </desc>
-## <param name="domain">
-## The type of the domain executing the files.
-## </param>
-## </interface>
+## <desc>
+## Execute files on a CIFS or SMB
+## network filesystem, in the caller
+## domain.
+## </desc>
+## <param name="domain">
+## The type of the domain executing the files.
+## </param>
#
interface(`fs_execute_cifs_files',`
gen_require(`
@@ -487,15 +440,13 @@ interface(`fs_execute_cifs_files',`
')
########################################
-## <interface name="fs_dontaudit_rw_cifs_files">
-## <desc>
-## Do not audit attempts to read or
-## write files on a CIFS or SMB filesystems.
-## </desc>
-## <param name="domain">
-## The type of the domain to not audit.
-## </param>
-## </interface>
+## <desc>
+## Do not audit attempts to read or
+## write files on a CIFS or SMB filesystems.
+## </desc>
+## <param name="domain">
+## The type of the domain to not audit.
+## </param>
#
interface(`fs_read_cifs_files',`
gen_require(`
@@ -507,15 +458,13 @@ interface(`fs_read_cifs_files',`
')
########################################
-## <interface name="fs_manage_cifs_dirs">
-## <desc>
-## Create, read, write, and delete directories
-## on a CIFS or SMB network filesystem.
-## </desc>
-## <param name="domain">
-## The type of the domain managing the directories.
-## </param>
-## </interface>
+## <desc>
+## Create, read, write, and delete directories
+## on a CIFS or SMB network filesystem.
+## </desc>
+## <param name="domain">
+## The type of the domain managing the directories.
+## </param>
#
interface(`fs_manage_cifs_dirs',`
gen_require(`
@@ -527,15 +476,13 @@ interface(`fs_manage_cifs_dirs',`
')
########################################
-## <interface name="fs_manage_cifs_files">
-## <desc>
-## Create, read, write, and delete files
-## on a CIFS or SMB network filesystem.
-## </desc>
-## <param name="domain">
-## The type of the domain managing the files.
-## </param>
-## </interface>
+## <desc>
+## Create, read, write, and delete files
+## on a CIFS or SMB network filesystem.
+## </desc>
+## <param name="domain">
+## The type of the domain managing the files.
+## </param>
#
interface(`fs_manage_cifs_files',`
gen_require(`
@@ -549,15 +496,13 @@ interface(`fs_manage_cifs_files',`
')
########################################
-## <interface name="fs_manage_cifs_symlinks">
-## <desc>
-## Create, read, write, and delete symbolic links
-## on a CIFS or SMB network filesystem.
-## </desc>
-## <param name="domain">
-## The type of the domain managing the symbolic links.
-## </param>
-## </interface>
+## <desc>
+## Create, read, write, and delete symbolic links
+## on a CIFS or SMB network filesystem.
+## </desc>
+## <param name="domain">
+## The type of the domain managing the symbolic links.
+## </param>
#
interface(`fs_manage_cifs_symlinks',`
gen_require(`
@@ -571,15 +516,13 @@ interface(`fs_manage_cifs_symlinks',`
')
########################################
-## <interface name="fs_manage_cifs_named_pipes">
-## <desc>
-## Create, read, write, and delete named pipes
-## on a CIFS or SMB network filesystem.
-## </desc>
-## <param name="domain">
-## The type of the domain managing the pipes.
-## </param>
-## </interface>
+## <desc>
+## Create, read, write, and delete named pipes
+## on a CIFS or SMB network filesystem.
+## </desc>
+## <param name="domain">
+## The type of the domain managing the pipes.
+## </param>
#
interface(`fs_manage_cifs_named_pipes',`
gen_require(`
@@ -593,15 +536,13 @@ interface(`fs_manage_cifs_named_pipes',`
')
########################################
-## <interface name="fs_manage_cifs_named_sockets">
-## <desc>
-## Create, read, write, and delete named sockets
-## on a CIFS or SMB network filesystem.
-## </desc>
-## <param name="domain">
-## The type of the domain managing the sockets.
-## </param>
-## </interface>
+## <desc>
+## Create, read, write, and delete named sockets
+## on a CIFS or SMB network filesystem.
+## </desc>
+## <param name="domain">
+## The type of the domain managing the sockets.
+## </param>
#
interface(`fs_manage_cifs_named_sockets',`
gen_require(`
@@ -615,15 +556,13 @@ interface(`fs_manage_cifs_named_sockets',`
')
########################################
-## <interface name="fs_mount_dos_fs">
-## <desc>
-## Mount a DOS filesystem, such as
-## FAT32 or NTFS.
-## </desc>
-## <param name="domain">
-## The type of the domain mounting the filesystem.
-## </param>
-## </interface>
+## <desc>
+## Mount a DOS filesystem, such as
+## FAT32 or NTFS.
+## </desc>
+## <param name="domain">
+## The type of the domain mounting the filesystem.
+## </param>
#
interface(`fs_mount_dos_fs',`
gen_require(`
@@ -635,16 +574,14 @@ interface(`fs_mount_dos_fs',`
')
########################################
-## <interface name="fs_remount_dos_fs">
-## <desc>
-## Remount a DOS filesystem, such as
-## FAT32 or NTFS. This allows
-## some mount options to be changed.
-## </desc>
-## <param name="domain">
-## The type of the domain remounting the filesystem.
-## </param>
-## </interface>
+## <desc>
+## Remount a DOS filesystem, such as
+## FAT32 or NTFS. This allows
+## some mount options to be changed.
+## </desc>
+## <param name="domain">
+## The type of the domain remounting the filesystem.
+## </param>
#
interface(`fs_remount_dos_fs',`
gen_require(`
@@ -656,15 +593,13 @@ interface(`fs_remount_dos_fs',`
')
########################################
-## <interface name="fs_unmount_dos_fs">
-## <desc>
-## Unmount a DOS filesystem, such as
-## FAT32 or NTFS.
-## </desc>
-## <param name="domain">
-## The type of the domain unmounting the filesystem.
-## </param>
-## </interface>
+## <desc>
+## Unmount a DOS filesystem, such as
+## FAT32 or NTFS.
+## </desc>
+## <param name="domain">
+## The type of the domain unmounting the filesystem.
+## </param>
#
interface(`fs_unmount_dos_fs',`
gen_require(`
@@ -676,16 +611,14 @@ interface(`fs_unmount_dos_fs',`
')
########################################
-## <interface name="fs_getattr_dos_fs">
-## <desc>
-## Get the attributes of a DOS
-## filesystem, such as FAT32 or NTFS.
-## </desc>
-## <param name="domain">
-## The type of the domain doing the
-## getattr on the filesystem.
-## </param>
-## </interface>
+## <desc>
+## Get the attributes of a DOS
+## filesystem, such as FAT32 or NTFS.
+## </desc>
+## <param name="domain">
+## The type of the domain doing the
+## getattr on the filesystem.
+## </param>
#
interface(`fs_getattr_dos_fs',`
gen_require(`
@@ -697,15 +630,13 @@ interface(`fs_getattr_dos_fs',`
')
########################################
-## <interface name="fs_relabelfrom_dos_fs">
-## <desc>
-## Allow changing of the label of a
-## DOS filesystem using the context= mount option.
-## </desc>
-## <param name="domain">
-## The type of the domain mounting the filesystem.
-## </param>
-## </interface>
+## <desc>
+## Allow changing of the label of a
+## DOS filesystem using the context= mount option.
+## </desc>
+## <param name="domain">
+## The type of the domain mounting the filesystem.
+## </param>
#
interface(`fs_relabelfrom_dos_fs',`
gen_require(`
@@ -717,15 +648,13 @@ interface(`fs_relabelfrom_dos_fs',`
')
########################################
-## <interface name="fs_mount_iso9660_fs">
-## <desc>
-## Mount an iso9660 filesystem, which
-## is usually used on CDs.
-## </desc>
-## <param name="domain">
-## The type of the domain mounting the filesystem.
-## </param>
-## </interface>
+## <desc>
+## Mount an iso9660 filesystem, which
+## is usually used on CDs.
+## </desc>
+## <param name="domain">
+## The type of the domain mounting the filesystem.
+## </param>
#
interface(`fs_mount_iso9660_fs',`
gen_require(`
@@ -737,16 +666,14 @@ interface(`fs_mount_iso9660_fs',`
')
########################################
-## <interface name="fs_remount_iso9660_fs">
-## <desc>
-## Remount an iso9660 filesystem, which
-## is usually used on CDs. This allows
-## some mount options to be changed.
-## </desc>
-## <param name="domain">
-## The type of the domain remounting the filesystem.
-## </param>
-## </interface>
+## <desc>
+## Remount an iso9660 filesystem, which
+## is usually used on CDs. This allows
+## some mount options to be changed.
+## </desc>
+## <param name="domain">
+## The type of the domain remounting the filesystem.
+## </param>
#
interface(`fs_remount_iso9660_fs',`
gen_require(`
@@ -758,15 +685,13 @@ interface(`fs_remount_iso9660_fs',`
')
########################################
-## <interface name="fs_unmount_iso9660_fs">
-## <desc>
-## Unmount an iso9660 filesystem, which
-## is usually used on CDs.
-## </desc>
-## <param name="domain">
-## The type of the domain unmounting the filesystem.
-## </param>
-## </interface>
+## <desc>
+## Unmount an iso9660 filesystem, which
+## is usually used on CDs.
+## </desc>
+## <param name="domain">
+## The type of the domain unmounting the filesystem.
+## </param>
#
interface(`fs_unmount_iso9660_fs',`
gen_require(`
@@ -778,16 +703,14 @@ interface(`fs_unmount_iso9660_fs',`
')
########################################
-## <interface name="fs_mount_iso9660_fs">
-## <desc>
-## Get the attributes of an iso9660
-## filesystem, which is usually used on CDs.
-## </desc>
-## <param name="domain">
-## The type of the domain doing the
-## getattr on the filesystem.
-## </param>
-## </interface>
+## <desc>
+## Get the attributes of an iso9660
+## filesystem, which is usually used on CDs.
+## </desc>
+## <param name="domain">
+## The type of the domain doing the
+## getattr on the filesystem.
+## </param>
#
interface(`fs_getattr_iso9660_fs',`
gen_require(`
@@ -799,14 +722,12 @@ interface(`fs_getattr_iso9660_fs',`
')
########################################
-## <interface name="fs_mount_nfs">
-## <desc>
-## Mount a NFS filesystem.
-## </desc>
-## <param name="domain">
-## The type of the domain mounting the filesystem.
-## </param>
-## </interface>
+## <desc>
+## Mount a NFS filesystem.
+## </desc>
+## <param name="domain">
+## The type of the domain mounting the filesystem.
+## </param>
#
interface(`fs_mount_nfs',`
gen_require(`
@@ -818,15 +739,13 @@ interface(`fs_mount_nfs',`
')
########################################
-## <interface name="fs_remount_nfs">
-## <desc>
-## Remount a NFS filesystem. This allows
-## some mount options to be changed.
-## </desc>
-## <param name="domain">
-## The type of the domain remounting the filesystem.
-## </param>
-## </interface>
+## <desc>
+## Remount a NFS filesystem. This allows
+## some mount options to be changed.
+## </desc>
+## <param name="domain">
+## The type of the domain remounting the filesystem.
+## </param>
#
interface(`fs_remount_nfs',`
gen_require(`
@@ -838,14 +757,12 @@ interface(`fs_remount_nfs',`
')
########################################
-## <interface name="fs_mount_nfs">
-## <desc>
-## Unmount a NFS filesystem.
-## </desc>
-## <param name="domain">
-## The type of the domain unmounting the filesystem.
-## </param>
-## </interface>
+## <desc>
+## Unmount a NFS filesystem.
+## </desc>
+## <param name="domain">
+## The type of the domain unmounting the filesystem.
+## </param>
#
interface(`fs_unmount_nfs',`
gen_require(`
@@ -857,15 +774,13 @@ interface(`fs_unmount_nfs',`
')
########################################
-## <interface name="fs_getattr_nfs">
-## <desc>
-## Get the attributes of a NFS filesystem.
-## </desc>
-## <param name="domain">
-## The type of the domain doing the
-## getattr on the filesystem.
-## </param>
-## </interface>
+## <desc>
+## Get the attributes of a NFS filesystem.
+## </desc>
+## <param name="domain">
+## The type of the domain doing the
+## getattr on the filesystem.
+## </param>
#
interface(`fs_getattr_nfs',`
gen_require(`
@@ -877,14 +792,12 @@ interface(`fs_getattr_nfs',`
')
########################################
-## <interface name="fs_read_nfs_files">
-## <desc>
-## Read files on a NFS filesystem.
-## </desc>
-## <param name="domain">
-## The type of the domain reading the files.
-## </param>
-## </interface>
+## <desc>
+## Read files on a NFS filesystem.
+## </desc>
+## <param name="domain">
+## The type of the domain reading the files.
+## </param>
#
interface(`fs_read_nfs_files',`
gen_require(`
@@ -898,14 +811,12 @@ interface(`fs_read_nfs_files',`
')
########################################
-## <interface name="fs_execute_nfs_files">
-## <desc>
-## Execute files on a NFS filesystem.
-## </desc>
-## <param name="domain">
-## The type of the domain executing the files.
-## </param>
-## </interface>
+## <desc>
+## Execute files on a NFS filesystem.
+## </desc>
+## <param name="domain">
+## The type of the domain executing the files.
+## </param>
#
interface(`fs_execute_nfs_files',`
gen_require(`
@@ -918,15 +829,13 @@ interface(`fs_execute_nfs_files',`
')
########################################
-## <interface name="fs_dontaudit_rw_nfs_files">
-## <desc>
-## Do not audit attempts to read or
-## write files on a NFS filesystem.
-## </desc>
-## <param name="domain">
-## The type of the domain to not audit.
-## </param>
-## </interface>
+## <desc>
+## Do not audit attempts to read or
+## write files on a NFS filesystem.
+## </desc>
+## <param name="domain">
+## The type of the domain to not audit.
+## </param>
#
interface(`fs_dontaudit_rw_nfs_files',`
gen_require(`
@@ -938,14 +847,12 @@ interface(`fs_dontaudit_rw_nfs_files',`
')
########################################
-## <interface name="fs_read_nfs_symlinks">
-## <desc>
-## Read symbolic links on a NFS filesystem.
-## </desc>
-## <param name="domain">
-## The type of the domain reading the symbolic links.
-## </param>
-## </interface>
+## <desc>
+## Read symbolic links on a NFS filesystem.
+## </desc>
+## <param name="domain">
+## The type of the domain reading the symbolic links.
+## </param>
#
interface(`fs_read_nfs_symlinks',`
gen_require(`
@@ -959,15 +866,13 @@ interface(`fs_read_nfs_symlinks',`
')
########################################
-## <interface name="fs_manage_nfs_dirs">
-## <desc>
-## Create, read, write, and delete directories
-## on a NFS filesystem.
-## </desc>
-## <param name="domain">
-## The type of the domain managing the directories.
-## </param>
-## </interface>
+## <desc>
+## Create, read, write, and delete directories
+## on a NFS filesystem.
+## </desc>
+## <param name="domain">
+## The type of the domain managing the directories.
+## </param>
#
interface(`fs_manage_nfs_dirs',`
gen_require(`
@@ -979,15 +884,13 @@ interface(`fs_manage_nfs_dirs',`
')
########################################
-## <interface name="fs_manage_nfs_files">
-## <desc>
-## Create, read, write, and delete files
-## on a NFS filesystem.
-## </desc>
-## <param name="domain">
-## The type of the domain managing the files.
-## </param>
-## </interface>
+## <desc>
+## Create, read, write, and delete files
+## on a NFS filesystem.
+## </desc>
+## <param name="domain">
+## The type of the domain managing the files.
+## </param>
#
interface(`fs_manage_nfs_files',`
gen_require(`
@@ -1001,15 +904,13 @@ interface(`fs_manage_nfs_files',`
')
#########################################
-## <interface name="fs_manage_nfs_symlinks">
-## <desc>
-## Create, read, write, and delete symbolic links
-## on a CIFS or SMB network filesystem.
-## </desc>
-## <param name="domain">
-## The type of the domain managing the symbolic links.
-## </param>
-## </interface>
+## <desc>
+## Create, read, write, and delete symbolic links
+## on a CIFS or SMB network filesystem.
+## </desc>
+## <param name="domain">
+## The type of the domain managing the symbolic links.
+## </param>
#
interface(`fs_manage_nfs_symlinks',`
gen_require(`
@@ -1023,15 +924,13 @@ interface(`fs_manage_nfs_symlinks',`
')
#########################################
-## <interface name="fs_manage_nfs_named_pipes">
-## <desc>
-## Create, read, write, and delete named pipes
-## on a NFS filesystem.
-## </desc>
-## <param name="domain">
-## The type of the domain managing the pipes.
-## </param>
-## </interface>
+## <desc>
+## Create, read, write, and delete named pipes
+## on a NFS filesystem.
+## </desc>
+## <param name="domain">
+## The type of the domain managing the pipes.
+## </param>
#
interface(`fs_manage_nfs_named_pipes',`
gen_require(`
@@ -1045,15 +944,13 @@ interface(`fs_manage_nfs_named_pipes',`
')
#########################################
-## <interface name="fs_manage_nfs_named_sockets">
-## <desc>
-## Create, read, write, and delete named sockets
-## on a NFS filesystem.
-## </desc>
-## <param name="domain">
-## The type of the domain managing the sockets.
-## </param>
-## </interface>
+## <desc>
+## Create, read, write, and delete named sockets
+## on a NFS filesystem.
+## </desc>
+## <param name="domain">
+## The type of the domain managing the sockets.
+## </param>
#
interface(`fs_manage_nfs_named_sockets',`
gen_require(`
@@ -1067,14 +964,12 @@ interface(`fs_manage_nfs_named_sockets',`
')
########################################
-## <interface name="fs_mount_nfsd_fs">
-## <desc>
-## Mount a NFS server pseudo filesystem.
-## </desc>
-## <param name="domain">
-## The type of the domain mounting the filesystem.
-## </param>
-## </interface>
+## <desc>
+## Mount a NFS server pseudo filesystem.
+## </desc>
+## <param name="domain">
+## The type of the domain mounting the filesystem.
+## </param>
#
interface(`fs_mount_nfsd_fs',`
gen_require(`
@@ -1086,15 +981,13 @@ interface(`fs_mount_nfsd_fs',`
')
########################################
-## <interface name="fs_remount_nfsd_fs">
-## <desc>
-## Mount a NFS server pseudo filesystem.
-## This allows some mount options to be changed.
-## </desc>
-## <param name="domain">
-## The type of the domain remounting the filesystem.
-## </param>
-## </interface>
+## <desc>
+## Mount a NFS server pseudo filesystem.
+## This allows some mount options to be changed.
+## </desc>
+## <param name="domain">
+## The type of the domain remounting the filesystem.
+## </param>
#
interface(`fs_remount_nfsd_fs',`
gen_require(`
@@ -1106,14 +999,12 @@ interface(`fs_remount_nfsd_fs',`
')
########################################
-## <interface name="fs_unmount_nfsd_fs">
-## <desc>
-## Unmount a NFS server pseudo filesystem.
-## </desc>
-## <param name="domain">
-## The type of the domain unmounting the filesystem.
-## </param>
-## </interface>
+## <desc>
+## Unmount a NFS server pseudo filesystem.
+## </desc>
+## <param name="domain">
+## The type of the domain unmounting the filesystem.
+## </param>
#
interface(`fs_unmount_nfsd_fs',`
gen_require(`
@@ -1125,16 +1016,14 @@ interface(`fs_unmount_nfsd_fs',`
')
########################################
-## <interface name="fs_getattr_nfsd_fs">
-## <desc>
-## Get the attributes of a NFS server
-## pseudo filesystem.
-## </desc>
-## <param name="domain">
-## The type of the domain doing the
-## getattr on the filesystem.
-## </param>
-## </interface>
+## <desc>
+## Get the attributes of a NFS server
+## pseudo filesystem.
+## </desc>
+## <param name="domain">
+## The type of the domain doing the
+## getattr on the filesystem.
+## </param>
#
interface(`fs_getattr_nfsd_fs',`
gen_require(`
@@ -1146,14 +1035,12 @@ interface(`fs_getattr_nfsd_fs',`
')
########################################
-## <interface name="fs_mount_ramfs">
-## <desc>
-## Mount a RAM filesystem.
-## </desc>
-## <param name="domain">
-## The type of the domain mounting the filesystem.
-## </param>
-## </interface>
+## <desc>
+## Mount a RAM filesystem.
+## </desc>
+## <param name="domain">
+## The type of the domain mounting the filesystem.
+## </param>
#
interface(`fs_mount_ramfs',`
gen_require(`
@@ -1165,15 +1052,13 @@ interface(`fs_mount_ramfs',`
')
########################################
-## <interface name="fs_remount_ramfs">
-## <desc>
-## Remount a RAM filesystem. This allows
-## some mount options to be changed.
-## </desc>
-## <param name="domain">
-## The type of the domain remounting the filesystem.
-## </param>
-## </interface>
+## <desc>
+## Remount a RAM filesystem. This allows
+## some mount options to be changed.
+## </desc>
+## <param name="domain">
+## The type of the domain remounting the filesystem.
+## </param>
#
interface(`fs_remount_ramfs',`
gen_require(`
@@ -1185,14 +1070,12 @@ interface(`fs_remount_ramfs',`
')
########################################
-## <interface name="fs_unmount_ramfs">
-## <desc>
-## Unmount a RAM filesystem.
-## </desc>
-## <param name="domain">
-## The type of the domain unmounting the filesystem.
-## </param>
-## </interface>
+## <desc>
+## Unmount a RAM filesystem.
+## </desc>
+## <param name="domain">
+## The type of the domain unmounting the filesystem.
+## </param>
#
interface(`fs_unmount_ramfs',`
gen_require(`
@@ -1204,15 +1087,13 @@ interface(`fs_unmount_ramfs',`
')
########################################
-## <interface name="fs_getattr_ramfs">
-## <desc>
-## Get the attributes of a RAM filesystem.
-## </desc>
-## <param name="domain">
-## The type of the domain doing the
-## getattr on the filesystem.
-## </param>
-## </interface>
+## <desc>
+## Get the attributes of a RAM filesystem.
+## </desc>
+## <param name="domain">
+## The type of the domain doing the
+## getattr on the filesystem.
+## </param>
#
interface(`fs_getattr_ramfs',`
gen_require(`
@@ -1224,14 +1105,12 @@ interface(`fs_getattr_ramfs',`
')
########################################
-## <interface name="fs_mount_romfs">
-## <desc>
-## Mount a ROM filesystem.
-## </desc>
-## <param name="domain">
-## The type of the domain mounting the filesystem.
-## </param>
-## </interface>
+## <desc>
+## Mount a ROM filesystem.
+## </desc>
+## <param name="domain">
+## The type of the domain mounting the filesystem.
+## </param>
#
interface(`fs_mount_romfs',`
gen_require(`
@@ -1243,15 +1122,13 @@ interface(`fs_mount_romfs',`
')
########################################
-## <interface name="fs_remount_romfs">
-## <desc>
-## Remount a ROM filesystem. This allows
-## some mount options to be changed.
-## </desc>
-## <param name="domain">
-## The type of the domain remounting the filesystem.
-## </param>
-## </interface>
+## <desc>
+## Remount a ROM filesystem. This allows
+## some mount options to be changed.
+## </desc>
+## <param name="domain">
+## The type of the domain remounting the filesystem.
+## </param>
#
interface(`fs_remount_romfs',`
gen_require(`
@@ -1263,14 +1140,12 @@ interface(`fs_remount_romfs',`
')
########################################
-## <interface name="fs_unmount_romfs">
-## <desc>
-## Unmount a ROM filesystem.
-## </desc>
-## <param name="domain">
-## The type of the domain unmounting the filesystem.
-## </param>
-## </interface>
+## <desc>
+## Unmount a ROM filesystem.
+## </desc>
+## <param name="domain">
+## The type of the domain unmounting the filesystem.
+## </param>
#
interface(`fs_unmount_romfs',`
gen_require(`
@@ -1282,16 +1157,14 @@ interface(`fs_unmount_romfs',`
')
########################################
-## <interface name="fs_getattr_romfs">
-## <desc>
-## Get the attributes of a ROM
-## filesystem.
-## </desc>
-## <param name="domain">
-## The type of the domain doing the
-## getattr on the filesystem.
-## </param>
-## </interface>
+## <desc>
+## Get the attributes of a ROM
+## filesystem.
+## </desc>
+## <param name="domain">
+## The type of the domain doing the
+## getattr on the filesystem.
+## </param>
#
interface(`fs_getattr_romfs',`
gen_require(`
@@ -1303,14 +1176,12 @@ interface(`fs_getattr_romfs',`
')
########################################
-## <interface name="fs_mount_rpc_pipefs">
-## <desc>
-## Mount a RPC pipe filesystem.
-## </desc>
-## <param name="domain">
-## The type of the domain mounting the filesystem.
-## </param>
-## </interface>
+## <desc>
+## Mount a RPC pipe filesystem.
+## </desc>
+## <param name="domain">
+## The type of the domain mounting the filesystem.
+## </param>
#
interface(`fs_mount_rpc_pipefs',`
gen_require(`
@@ -1322,15 +1193,13 @@ interface(`fs_mount_rpc_pipefs',`
')
########################################
-## <interface name="fs_remount_rpc_pipefs">
-## <desc>
-## Remount a RPC pipe filesystem. This
-## allows some mount option to be changed.
-## </desc>
-## <param name="domain">
-## The type of the domain remounting the filesystem.
-## </param>
-## </interface>
+## <desc>
+## Remount a RPC pipe filesystem. This
+## allows some mount option to be changed.
+## </desc>
+## <param name="domain">
+## The type of the domain remounting the filesystem.
+## </param>
#
interface(`fs_remount_rpc_pipefs',`
gen_require(`
@@ -1342,14 +1211,12 @@ interface(`fs_remount_rpc_pipefs',`
')
########################################
-## <interface name="fs_unmount_rpc_pipefs">
-## <desc>
-## Unmount a RPC pipe filesystem.
-## </desc>
-## <param name="domain">
-## The type of the domain unmounting the filesystem.
-## </param>
-## </interface>
+## <desc>
+## Unmount a RPC pipe filesystem.
+## </desc>
+## <param name="domain">
+## The type of the domain unmounting the filesystem.
+## </param>
#
interface(`fs_unmount_rpc_pipefs',`
gen_require(`
@@ -1361,16 +1228,14 @@ interface(`fs_unmount_rpc_pipefs',`
')
########################################
-## <interface name="fs_getattr_rpc_pipefs">
-## <desc>
-## Get the attributes of a RPC pipe
-## filesystem.
-## </desc>
-## <param name="domain">
-## The type of the domain doing the
-## getattr on the filesystem.
-## </param>
-## </interface>
+## <desc>
+## Get the attributes of a RPC pipe
+## filesystem.
+## </desc>
+## <param name="domain">
+## The type of the domain doing the
+## getattr on the filesystem.
+## </param>
#
interface(`fs_getattr_rpc_pipefs',`
gen_require(`
@@ -1382,14 +1247,12 @@ interface(`fs_getattr_rpc_pipefs',`
')
########################################
-## <interface name="fs_mount_tmpfs">
-## <desc>
-## Mount a tmpfs filesystem.
-## </desc>
-## <param name="domain">
-## The type of the domain mounting the filesystem.
-## </param>
-## </interface>
+## <desc>
+## Mount a tmpfs filesystem.
+## </desc>
+## <param name="domain">
+## The type of the domain mounting the filesystem.
+## </param>
#
interface(`fs_mount_tmpfs',`
gen_require(`
@@ -1401,14 +1264,12 @@ interface(`fs_mount_tmpfs',`
')
########################################
-## <interface name="fs_remount_tmpfs">
-## <desc>
-## Remount a tmpfs filesystem.
-## </desc>
-## <param name="domain">
-## The type of the domain remounting the filesystem.
-## </param>
-## </interface>
+## <desc>
+## Remount a tmpfs filesystem.
+## </desc>
+## <param name="domain">
+## The type of the domain remounting the filesystem.
+## </param>
#
interface(`fs_remount_tmpfs',`
gen_require(`
@@ -1420,14 +1281,12 @@ interface(`fs_remount_tmpfs',`
')
########################################
-## <interface name="fs_unmount_tmpfs">
-## <desc>
-## Unmount a tmpfs filesystem.
-## </desc>
-## <param name="domain">
-## The type of the domain unmounting the filesystem.
-## </param>
-## </interface>
+## <desc>
+## Unmount a tmpfs filesystem.
+## </desc>
+## <param name="domain">
+## The type of the domain unmounting the filesystem.
+## </param>
#
interface(`fs_unmount_tmpfs',`
gen_require(`
@@ -1439,16 +1298,14 @@ interface(`fs_unmount_tmpfs',`
')
########################################
-## <interface name="fs_getattr_tmpfs">
-## <desc>
-## Get the attributes of a tmpfs
-## filesystem.
-## </desc>
-## <param name="domain">
-## The type of the domain doing the
-## getattr on the filesystem.
-## </param>
-## </interface>
+## <desc>
+## Get the attributes of a tmpfs
+## filesystem.
+## </desc>
+## <param name="domain">
+## The type of the domain doing the
+## getattr on the filesystem.
+## </param>
#
interface(`fs_getattr_tmpfs',`
gen_require(`
@@ -1460,14 +1317,12 @@ interface(`fs_getattr_tmpfs',`
')
########################################
-## <interface name="fs_associate_tmpfs">
-## <desc>
-## Allow the type to associate to tmpfs filesystems.
-## </desc>
-## <param name="type">
-## The type of the object to be associated.
-## </param>
-## </interface>
+## <desc>
+## Allow the type to associate to tmpfs filesystems.
+## </desc>
+## <param name="type">
+## The type of the object to be associated.
+## </param>
#
interface(`fs_associate_tmpfs',`
gen_require(`
@@ -1500,14 +1355,12 @@ interface(`fs_create_tmpfs_data',`
')
########################################
-## <interface name="fs_use_tmpfs_character_devices">
-## <desc>
-## Read and write character nodes on tmpfs filesystems.
-## </desc>
-## <param name="domain">
-## The type of the process performing this action.
-## </param>
-## </interface>
+## <desc>
+## Read and write character nodes on tmpfs filesystems.
+## </desc>
+## <param name="domain">
+## The type of the process performing this action.
+## </param>
#
interface(`fs_use_tmpfs_character_devices',`
gen_require(`
@@ -1521,14 +1374,12 @@ interface(`fs_use_tmpfs_character_devices',`
')
########################################
-## <interface name="fs_relabel_tmpfs_character_devices">
-## <desc>
-## Relabel character nodes on tmpfs filesystems.
-## </desc>
-## <param name="domain">
-## The type of the process performing this action.
-## </param>
-## </interface>
+## <desc>
+## Relabel character nodes on tmpfs filesystems.
+## </desc>
+## <param name="domain">
+## The type of the process performing this action.
+## </param>
#
interface(`fs_relabel_tmpfs_character_devices',`
gen_require(`
@@ -1542,14 +1393,12 @@ interface(`fs_relabel_tmpfs_character_devices',`
')
########################################
-## <interface name="fs_use_tmpfs_block_devices">
-## <desc>
-## Read and write block nodes on tmpfs filesystems.
-## </desc>
-## <param name="domain">
-## The type of the process performing this action.
-## </param>
-## </interface>
+## <desc>
+## Read and write block nodes on tmpfs filesystems.
+## </desc>
+## <param name="domain">
+## The type of the process performing this action.
+## </param>
#
interface(`fs_use_tmpfs_block_devices',`
gen_require(`
@@ -1563,14 +1412,12 @@ interface(`fs_use_tmpfs_block_devices',`
')
########################################
-## <interface name="fs_relabel_tmpfs_block_devices">
-## <desc>
-## Relabel block nodes on tmpfs filesystems.
-## </desc>
-## <param name="domain">
-## The type of the process performing this action.
-## </param>
-## </interface>
+## <desc>
+## Relabel block nodes on tmpfs filesystems.
+## </desc>
+## <param name="domain">
+## The type of the process performing this action.
+## </param>
#
interface(`fs_relabel_tmpfs_block_devices',`
gen_require(`
@@ -1584,15 +1431,13 @@ interface(`fs_relabel_tmpfs_block_devices',`
')
########################################
-## <interface name="fs_manage_tmpfs_character_devices">
-## <desc>
-## Read and write, create and delete character
-## nodes on tmpfs filesystems.
-## </desc>
-## <param name="domain">
-## The type of the process performing this action.
-## </param>
-## </interface>
+## <desc>
+## Read and write, create and delete character
+## nodes on tmpfs filesystems.
+## </desc>
+## <param name="domain">
+## The type of the process performing this action.
+## </param>
#
interface(`fs_manage_tmpfs_character_devices',`
gen_require(`
@@ -1606,15 +1451,13 @@ interface(`fs_manage_tmpfs_character_devices',`
')
########################################
-## <interface name="fs_manage_tmpfs_block_devices">
-## <desc>
-## Read and write, create and delete block nodes
-## on tmpfs filesystems.
-## </desc>
-## <param name="domain">
-## The type of the process performing this action.
-## </param>
-## </interface>
+## <desc>
+## Read and write, create and delete block nodes
+## on tmpfs filesystems.
+## </desc>
+## <param name="domain">
+## The type of the process performing this action.
+## </param>
#
interface(`fs_manage_tmpfs_block_devices',`
gen_require(`
@@ -1628,14 +1471,12 @@ interface(`fs_manage_tmpfs_block_devices',`
')
########################################
-## <interface name="fs_mount_all_fs">
-## <desc>
-## Mount all filesystems.
-## </desc>
-## <param name="domain">
-## The type of the domain mounting the filesystem.
-## </param>
-## </interface>
+## <desc>
+## Mount all filesystems.
+## </desc>
+## <param name="domain">
+## The type of the domain mounting the filesystem.
+## </param>
#
interface(`fs_mount_all_fs',`
gen_require(`
@@ -1647,15 +1488,13 @@ interface(`fs_mount_all_fs',`
')
########################################
-## <interface name="fs_remount_all_fs">
-## <desc>
-## Remount all filesystems. This
-## allows some mount options to be changed.
-## </desc>
-## <param name="domain">
-## The type of the domain mounting the filesystem.
-## </param>
-## </interface>
+## <desc>
+## Remount all filesystems. This
+## allows some mount options to be changed.
+## </desc>
+## <param name="domain">
+## The type of the domain mounting the filesystem.
+## </param>
#
interface(`fs_remount_all_fs',`
gen_require(`
@@ -1667,14 +1506,12 @@ interface(`fs_remount_all_fs',`
')
########################################
-## <interface name="fs_unmount_all_fs">
-## <desc>
-## Unmount all filesystems.
-## </desc>
-## <param name="domain">
-## The type of the domain unmounting the filesystem.
-## </param>
-## </interface>
+## <desc>
+## Unmount all filesystems.
+## </desc>
+## <param name="domain">
+## The type of the domain unmounting the filesystem.
+## </param>
#
interface(`fs_unmount_all_fs',`
gen_require(`
@@ -1686,16 +1523,14 @@ interface(`fs_unmount_all_fs',`
')
########################################
-## <interface name="fs_getattr_all_fs">
-## <desc>
-## Get the attributes of all persistent
-## filesystems.
-## </desc>
-## <param name="domain">
-## The type of the domain doing the
-## getattr on the filesystem.
-## </param>
-## </interface>
+## <desc>
+## Get the attributes of all persistent
+## filesystems.
+## </desc>
+## <param name="domain">
+## The type of the domain doing the
+## getattr on the filesystem.
+## </param>
#
interface(`fs_getattr_all_fs',`
gen_require(`
@@ -1707,15 +1542,13 @@ interface(`fs_getattr_all_fs',`
')
########################################
-## <interface name="fs_dontaudit_getattr_all_fs">
-## <desc>
-## Do not audit attempts to get the attributes
-## all filesystems.
-## </desc>
-## <param name="domain">
-## The type of the domain to not audit.
-## </param>
-## </interface>
+## <desc>
+## Do not audit attempts to get the attributes
+## all filesystems.
+## </desc>
+## <param name="domain">
+## The type of the domain to not audit.
+## </param>
#
interface(`fs_dontaudit_getattr_all_fs',`
gen_require(`
@@ -1727,14 +1560,12 @@ interface(`fs_dontaudit_getattr_all_fs',`
')
########################################
-## <interface name="fs_get_all_fs_quotas">
-## <desc>
-## Get the quotas of all filesystems.
-## </desc>
-## <param name="domain">
-## The type of the domain getting quotas.
-## </param>
-## </interface>
+## <desc>
+## Get the quotas of all filesystems.
+## </desc>
+## <param name="domain">
+## The type of the domain getting quotas.
+## </param>
#
interface(`fs_get_all_fs_quotas',`
gen_require(`
@@ -1746,14 +1577,12 @@ interface(`fs_get_all_fs_quotas',`
')
########################################
-## <interface name="fs_set_all_quotas">
-## <desc>
-## Set the quotas of all filesystems.
-## </desc>
-## <param name="domain">
-## The type of the domain setting quotas.
-## </param>
-## </interface>
+## <desc>
+## Set the quotas of all filesystems.
+## </desc>
+## <param name="domain">
+## The type of the domain setting quotas.
+## </param>
#
interface(`fs_set_all_quotas',`
gen_require(`
@@ -1785,4 +1614,3 @@ interface(`fs_getattr_all_files',`
allow $1 fs_type:sock_file getattr;
')
-## </module>
diff --git a/refpolicy/policy/modules/kernel/kernel.if b/refpolicy/policy/modules/kernel/kernel.if
index 601a219..eb2d5e1 100644
--- a/refpolicy/policy/modules/kernel/kernel.if
+++ b/refpolicy/policy/modules/kernel/kernel.if
@@ -1,22 +1,19 @@
-## <module name="kernel">
## <summary>
-## Policy for kernel threads, proc filesystem,
-## and unlabeled processes and objects.
+## Policy for kernel threads, proc filesystem,
+## and unlabeled processes and objects.
## </summary>
########################################
-## <interface name="kernel_userland_entry">
-## <desc>
-## Allows to start userland processes
-## by transitioning to the specified domain.
-## </desc>
-## <param name="domain">
-## The process type entered by kernel.
-## </param>
-## <param name="entrypoint">
-## The executable type for the entrypoint.
-## </param>
-## </interface>
+## <desc>
+## Allows to start userland processes
+## by transitioning to the specified domain.
+## </desc>
+## <param name="domain">
+## The process type entered by kernel.
+## </param>
+## <param name="entrypoint">
+## The executable type for the entrypoint.
+## </param>
#
interface(`kernel_userland_entry',`
gen_require(`
@@ -35,15 +32,13 @@ interface(`kernel_userland_entry',`
')
########################################
-## <interface name="kernel_rootfs_mountpoint">
-## <desc>
-## Allows the kernel to mount filesystems on
-## the specified directory type.
-## </desc>
-## <param name="directory_type">
-## The type of the directory to use as a mountpoint.
-## </param>
-## </interface>
+## <desc>
+## Allows the kernel to mount filesystems on
+## the specified directory type.
+## </desc>
+## <param name="directory_type">
+## The type of the directory to use as a mountpoint.
+## </param>
#
interface(`kernel_rootfs_mountpoint',`
gen_require(`
@@ -55,14 +50,12 @@ interface(`kernel_rootfs_mountpoint',`
')
########################################
-## <interface name="kernel_sigchld">
-## <desc>
-## Send a SIGCHLD signal to kernel threads.
-## </desc>
-## <param name="domain">
-## The type of the process sending the signal.
-## </param>
-## </interface>
+## <desc>
+## Send a SIGCHLD signal to kernel threads.
+## </desc>
+## <param name="domain">
+## The type of the process sending the signal.
+## </param>
#
interface(`kernel_sigchld',`
gen_require(`
@@ -74,15 +67,13 @@ interface(`kernel_sigchld',`
')
########################################
-## <interface name="kernel_share_state">
-## <desc>
-## Allows the kernel to share state information with
-## the caller.
-## </desc>
-## <param name="domain">
-## The type of the process with which to share state information.
-## </param>
-## </interface>
+## <desc>
+## Allows the kernel to share state information with
+## the caller.
+## </desc>
+## <param name="domain">
+## The type of the process with which to share state information.
+## </param>
#
interface(`kernel_share_state',`
gen_require(`
@@ -94,14 +85,12 @@ interface(`kernel_share_state',`
')
########################################
-## <interface name="kernel_use_fd">
-## <desc>
-## Permits caller to use kernel file descriptors.
-## </desc>
-## <param name="domain">
-## The type of the process using the descriptors.
-## </param>
-## </interface>
+## <desc>
+## Permits caller to use kernel file descriptors.
+## </desc>
+## <param name="domain">
+## The type of the process using the descriptors.
+## </param>
#
interface(`kernel_use_fd',`
gen_require(`
@@ -113,15 +102,13 @@ interface(`kernel_use_fd',`
')
########################################
-## <interface name="kernel_dontaudit_use_fd">
-## <desc>
-## Do not audit attempts to use
-## kernel file descriptors.
-## </desc>
-## <param name="domain">
-## The type of process not to audit.
-## </param>
-## </interface>
+## <desc>
+## Do not audit attempts to use
+## kernel file descriptors.
+## </desc>
+## <param name="domain">
+## The type of process not to audit.
+## </param>
#
interface(`kernel_dontaudit_use_fd',`
gen_require(`
@@ -133,14 +120,12 @@ interface(`kernel_dontaudit_use_fd',`
')
########################################
-## <interface name="kernel_load_module">
-## <desc>
-## Allows caller to load kernel modules
-## </desc>
-## <param name="domain">
-## The process type to allow to load kernel modules.
-## </param>
-## </interface>
+## <desc>
+## Allows caller to load kernel modules
+## </desc>
+## <param name="domain">
+## The process type to allow to load kernel modules.
+## </param>
#
interface(`kernel_load_module',`
gen_require(`
@@ -153,14 +138,12 @@ interface(`kernel_load_module',`
')
########################################
-## <interface name="kernel_read_ring_buffer">
-## <desc>
-## Allows caller to read the ring buffer.
-## </desc>
-## <param name="domain">
-## The process type allowed to read the ring buffer.
-## </param>
-## </interface>
+## <desc>
+## Allows caller to read the ring buffer.
+## </desc>
+## <param name="domain">
+## The process type allowed to read the ring buffer.
+## </param>
#
interface(`kernel_read_ring_buffer',`
gen_require(`
@@ -172,14 +155,12 @@ interface(`kernel_read_ring_buffer',`
')
########################################
-## <interface name="kernel_dontaudit_read_ring_buffer">
-## <desc>
-## Do not audit attempts to read the ring buffer.
-## </desc>
-## <param name="domain">
-## The domain to not audit.
-## </param>
-## </interface>
+## <desc>
+## Do not audit attempts to read the ring buffer.
+## </desc>
+## <param name="domain">
+## The domain to not audit.
+## </param>
#
interface(`kernel_dontaudit_read_ring_buffer',`
gen_require(`
@@ -191,14 +172,12 @@ interface(`kernel_dontaudit_read_ring_buffer',`
')
########################################
-## <interface name="kernel_change_ring_buffer_level">
-## <desc>
-##
-## </desc>
-## <param name="domain">
-##
-## </param>
-## </interface>
+## <desc>
+##
+## </desc>
+## <param name="domain">
+##
+## </param>
#
interface(`kernel_change_ring_buffer_level',`
gen_require(`
@@ -210,14 +189,12 @@ interface(`kernel_change_ring_buffer_level',`
')
########################################
-## <interface name="kernel_clear_ring_buffer">
-## <desc>
-## Allows the caller to clear the ring buffer.
-## </desc>
-## <param name="domain">
-## The process type clearing the buffer.
-## </param>
-## </interface>
+## <desc>
+## Allows the caller to clear the ring buffer.
+## </desc>
+## <param name="domain">
+## The process type clearing the buffer.
+## </param>
#
interface(`kernel_clear_ring_buffer',`
gen_require(`
@@ -229,14 +206,12 @@ interface(`kernel_clear_ring_buffer',`
')
########################################
-## <interface name="kernel_get_sysvipc_info">
-## <desc>
-## Get information on all System V IPC objects.
-## </desc>
-## <param name="domain">
-##
-## </param>
-## </interface>
+## <desc>
+## Get information on all System V IPC objects.
+## </desc>
+## <param name="domain">
+##
+## </param>
#
interface(`kernel_get_sysvipc_info',`
gen_require(`
@@ -248,14 +223,12 @@ interface(`kernel_get_sysvipc_info',`
')
########################################
-## <interface name="kernel_read_system_state">
-## <desc>
-## Allows caller to read system state information.
-## </desc>
-## <param name="domain">
-## The process type reading the system state information.
-## </param>
-## </interface>
+## <desc>
+## Allows caller to read system state information.
+## </desc>
+## <param name="domain">
+## The process type reading the system state information.
+## </param>
#
interface(`kernel_read_system_state',`
gen_require(`
@@ -271,15 +244,13 @@ interface(`kernel_read_system_state',`
')
########################################
-## <interface name="kernel_dontaudit_read_system_state">
-## <desc>
-## Do not audit attempts by caller to
-## read system state information.
-## </desc>
-## <param name="domain">
-## The process type not to audit.
-## </param>
-## </interface>
+## <desc>
+## Do not audit attempts by caller to
+## read system state information.
+## </desc>
+## <param name="domain">
+## The process type not to audit.
+## </param>
#
interface(`kernel_dontaudit_read_system_state',`
gen_require(`
@@ -291,14 +262,12 @@ interface(`kernel_dontaudit_read_system_state',`
')
#######################################
-## <interface name="kernel_read_software_raid_state">
-## <desc>
-## Allow caller to read the state information for software raid.
-## </desc>
-## <param name="domain">
-## The process type reading software raid state.
-## </param>
-## </interface>
+## <desc>
+## Allow caller to read the state information for software raid.
+## </desc>
+## <param name="domain">
+## The process type reading software raid state.
+## </param>
#
interface(`kernel_read_software_raid_state',`
gen_require(`
@@ -312,14 +281,12 @@ interface(`kernel_read_software_raid_state',`
')
########################################
-## <interface name="kernel_getattr_core">
-## <desc>
-## Allows caller to get attribues of core kernel interface.
-## </desc>
-## <param name="domain">
-## The process type getting the attibutes.
-## </param>
-## </interface>
+## <desc>
+## Allows caller to get attribues of core kernel interface.
+## </desc>
+## <param name="domain">
+## The process type getting the attibutes.
+## </param>
#
interface(`kernel_getattr_core',`
gen_require(`
@@ -333,15 +300,13 @@ interface(`kernel_getattr_core',`
')
########################################
-## <interface name="kernel_dontaudit_getattr_core">
-## <desc>
-## Do not audit attempts to get the attributes of
-## core kernel interfaces.
-## </desc>
-## <param name="domain">
-## The process type to not audit.
-## </param>
-## </interface>
+## <desc>
+## Do not audit attempts to get the attributes of
+## core kernel interfaces.
+## </desc>
+## <param name="domain">
+## The process type to not audit.
+## </param>
#
interface(`kernel_dontaudit_getattr_core',`
gen_require(`
@@ -353,15 +318,13 @@ interface(`kernel_dontaudit_getattr_core',`
')
########################################
-## <interface name="kernel_read_messages">
-## <desc>
-## Allow caller to read kernel messages
-## using the /proc/kmsg interface.
-## </desc>
-## <param name="domain">
-## The process type reading the messages.
-## </param>
-## </interface>
+## <desc>
+## Allow caller to read kernel messages
+## using the /proc/kmsg interface.
+## </desc>
+## <param name="domain">
+## The process type reading the messages.
+## </param>
#
interface(`kernel_read_messages',`
gen_require(`
@@ -377,15 +340,13 @@ interface(`kernel_read_messages',`
')
########################################
-## <interface name="kernel_getattr_message_if">
-## <desc>
-## Allow caller to get the attributes of kernel message
-## interface (/proc/kmsg).
-## </desc>
-## <param name="domain">
-## The process type getting the attributes.
-## </param>
-## </interface>
+## <desc>
+## Allow caller to get the attributes of kernel message
+## interface (/proc/kmsg).
+## </desc>
+## <param name="domain">
+## The process type getting the attributes.
+## </param>
#
interface(`kernel_getattr_message_if',`
gen_require(`
@@ -399,15 +360,13 @@ interface(`kernel_getattr_message_if',`
')
########################################
-## <interface name="kernel_dontaudit_getattr_message_if">
-## <desc>
-## Do not audit attempts by caller to get the attributes of kernel
-## message interfaces.
-## </desc>
-## <param name="domain">
-## The process type not to audit.
-## </param>
-## </interface>
+## <desc>
+## Do not audit attempts by caller to get the attributes of kernel
+## message interfaces.
+## </desc>
+## <param name="domain">
+## The process type not to audit.
+## </param>
#
interface(`kernel_dontaudit_getattr_message_if',`
gen_require(`
@@ -419,14 +378,12 @@ interface(`kernel_dontaudit_getattr_message_if',`
')
########################################
-## <interface name="kernel_read_network_state">
-## <desc>
-## Allow caller to read the network state information.
-## </desc>
-## <param name="domain">
-## The process type reading the state.
-## </param>
-## </interface>
+## <desc>
+## Allow caller to read the network state information.
+## </desc>
+## <param name="domain">
+## The process type reading the state.
+## </param>
##
#
interface(`kernel_read_network_state',`
@@ -442,14 +399,12 @@ interface(`kernel_read_network_state',`
')
########################################
-## <interface name="kernel_dontaudit_search_sysctl_dir">
-## <desc>
-## Do not audit attempts by caller to search the sysctl directory.
-## </desc>
-## <param name="domain">
-## The process type not to audit.
-## </param>
-## </interface>
+## <desc>
+## Do not audit attempts by caller to search the sysctl directory.
+## </desc>
+## <param name="domain">
+## The process type not to audit.
+## </param>
##
#
interface(`kernel_dontaudit_search_sysctl_dir',`
@@ -462,14 +417,12 @@ interface(`kernel_dontaudit_search_sysctl_dir',`
')
########################################
-## <interface name="kernel_read_device_sysctl">
-## <desc>
-## Allow caller to read the device sysctls.
-## </desc>
-## <param name="domain">
-## The process type to allow to read the device sysctls.
-## </param>
-## </interface>
+## <desc>
+## Allow caller to read the device sysctls.
+## </desc>
+## <param name="domain">
+## The process type to allow to read the device sysctls.
+## </param>
#
interface(`kernel_read_device_sysctl',`
gen_require(`
@@ -485,14 +438,12 @@ interface(`kernel_read_device_sysctl',`
')
########################################
-## <interface name="kernel_rw_device_sysctl">
-## <desc>
-## Read and write device sysctls.
-## </desc>
-## <param name="domain">
-## The type of the process performing this action.
-## </param>
-## </interface>
+## <desc>
+## Read and write device sysctls.
+## </desc>
+## <param name="domain">
+## The type of the process performing this action.
+## </param>
#
interface(`kernel_rw_device_sysctl',`
gen_require(`
@@ -507,14 +458,12 @@ interface(`kernel_rw_device_sysctl',`
')
########################################
-## <interface name="kernel_read_vm_sysctl">
-## <desc>
-## Allow caller to read virtual memory sysctls.
-## </desc>
-## <param name="domain">
-## The type of the process performing this action.
-## </param>
-## </interface>
+## <desc>
+## Allow caller to read virtual memory sysctls.
+## </desc>
+## <param name="domain">
+## The type of the process performing this action.
+## </param>
##
#
interface(`kernel_read_vm_sysctl',`
@@ -530,14 +479,12 @@ interface(`kernel_read_vm_sysctl',`
')
########################################
-## <interface name="kernel_rw_vm_sysctl">
-## <desc>
-## Read and write virtual memory sysctls.
-## </desc>
-## <param name="domain">
-## The type of the process performing this action.
-## </param>
-## </interface>
+## <desc>
+## Read and write virtual memory sysctls.
+## </desc>
+## <param name="domain">
+## The type of the process performing this action.
+## </param>
#
interface(`kernel_rw_vm_sysctl',`
gen_require(`
@@ -552,14 +499,12 @@ interface(`kernel_rw_vm_sysctl',`
')
########################################
-## <interface name="kernel_dontaudit_search_network_sysctl_dir">
-## <desc>
-## Do not audit attempts by caller to search sysctl network directories.
-## </desc>
-## <param name="domain">
-## The process type not to audit.
-## </param>
-## </interface>
+## <desc>
+## Do not audit attempts by caller to search sysctl network directories.
+## </desc>
+## <param name="domain">
+## The process type not to audit.
+## </param>
#
interface(`kernel_dontaudit_search_network_sysctl_dir',`
gen_require(`
@@ -571,14 +516,12 @@ interface(`kernel_dontaudit_search_network_sysctl_dir',`
')
########################################
-## <interface name="kernel_read_net_sysctl">
-## <desc>
-## Allow caller to read network sysctls.
-## </desc>
-## <param name="domain">
-## The type of the process performing this action.
-## </param>
-## </interface>
+## <desc>
+## Allow caller to read network sysctls.
+## </desc>
+## <param name="domain">
+## The type of the process performing this action.
+## </param>
##
#
interface(`kernel_read_net_sysctl',`
@@ -595,14 +538,12 @@ interface(`kernel_read_net_sysctl',`
')
########################################
-## <interface name="kernel_rw_net_sysctl">
-## <desc>
-## Allow caller to modiry contents of sysctl network files.
-## </desc>
-## <param name="domain">
-## The type of the process performing this action.
-## </param>
-## </interface>
+## <desc>
+## Allow caller to modiry contents of sysctl network files.
+## </desc>
+## <param name="domain">
+## The type of the process performing this action.
+## </param>
#
interface(`kernel_rw_net_sysctl',`
gen_require(`
@@ -618,15 +559,13 @@ interface(`kernel_rw_net_sysctl',`
')
########################################
-## <interface name="kernel_read_unix_sysctl">
-## <desc>
-## Allow caller to read unix domain
-## socket sysctls.
-## </desc>
-## <param name="domain">
-## The type of the process performing this action.
-## </param>
-## </interface>
+## <desc>
+## Allow caller to read unix domain
+## socket sysctls.
+## </desc>
+## <param name="domain">
+## The type of the process performing this action.
+## </param>
#
interface(`kernel_read_unix_sysctl',`
gen_require(`
@@ -642,15 +581,13 @@ interface(`kernel_read_unix_sysctl',`
')
########################################
-## <interface name="kernel_rw_unix_sysctl">
-## <desc>
-## Read and write unix domain
-## socket sysctls.
-## </desc>
-## <param name="domain">
-## The type of the process performing this action.
-## </param>
-## </interface>
+## <desc>
+## Read and write unix domain
+## socket sysctls.
+## </desc>
+## <param name="domain">
+## The type of the process performing this action.
+## </param>
#
interface(`kernel_rw_unix_sysctl',`
gen_require(`
@@ -666,14 +603,12 @@ interface(`kernel_rw_unix_sysctl',`
')
########################################
-## <interface name="kernel_read_hotplug_sysctl">
-## <desc>
-## Read the hotplug sysctl.
-## </desc>
-## <param name="domain">
-## The type of the process performing this action.
-## </param>
-## </interface>
+## <desc>
+## Read the hotplug sysctl.
+## </desc>
+## <param name="domain">
+## The type of the process performing this action.
+## </param>
#
interface(`kernel_read_hotplug_sysctl',`
gen_require(`
@@ -689,14 +624,12 @@ interface(`kernel_read_hotplug_sysctl',`
')
########################################
-## <interface name="kernel_rw_hotplug_sysctl">
-## <desc>
-## Read and write the hotplug sysctl.
-## </desc>
-## <param name="domain">
-## The type of the process performing this action.
-## </param>
-## </interface>
+## <desc>
+## Read and write the hotplug sysctl.
+## </desc>
+## <param name="domain">
+## The type of the process performing this action.
+## </param>
#
interface(`kernel_rw_hotplug_sysctl',`
gen_require(`
@@ -712,14 +645,12 @@ interface(`kernel_rw_hotplug_sysctl',`
')
########################################
-## <interface name="kernel_read_modprobe_sysctl">
-## <desc>
-## Read the modprobe sysctl.
-## </desc>
-## <param name="domain">
-## The type of the process performing this action.
-## </param>
-## </interface>
+## <desc>
+## Read the modprobe sysctl.
+## </desc>
+## <param name="domain">
+## The type of the process performing this action.
+## </param>
#
interface(`kernel_read_modprobe_sysctl',`
gen_require(`
@@ -735,14 +666,12 @@ interface(`kernel_read_modprobe_sysctl',`
')
########################################
-## <interface name="kernel_rw_modprobe_sysctl">
-## <desc>
-## Read and write the modprobe sysctl.
-## </desc>
-## <param name="domain">
-## The type of the process performing this action.
-## </param>
-## </interface>
+## <desc>
+## Read and write the modprobe sysctl.
+## </desc>
+## <param name="domain">
+## The type of the process performing this action.
+## </param>
#
interface(`kernel_rw_modprobe_sysctl',`
gen_require(`
@@ -758,14 +687,12 @@ interface(`kernel_rw_modprobe_sysctl',`
')
########################################
-## <interface name="kernel_read_kernel_sysctl">
-## <desc>
-## Read generic kernel sysctls.
-## </desc>
-## <param name="domain">
-## The type of the process performing this action.
-## </param>
-## </interface>
+## <desc>
+## Read generic kernel sysctls.
+## </desc>
+## <param name="domain">
+## The type of the process performing this action.
+## </param>
#
interface(`kernel_read_kernel_sysctl',`
gen_require(`
@@ -781,14 +708,12 @@ interface(`kernel_read_kernel_sysctl',`
')
########################################
-## <interface name="kernel_rw_kernel_sysctl">
-## <desc>
-## Read and write generic kernel sysctls.
-## </desc>
-## <param name="domain">
-## The type of the process performing this action.
-## </param>
-## </interface>
+## <desc>
+## Read and write generic kernel sysctls.
+## </desc>
+## <param name="domain">
+## The type of the process performing this action.
+## </param>
#
interface(`kernel_rw_kernel_sysctl',`
gen_require(`
@@ -804,14 +729,12 @@ interface(`kernel_rw_kernel_sysctl',`
')
########################################
-## <interface name="kernel_read_fs_sysctl">
-## <desc>
-## Read filesystem sysctls.
-## </desc>
-## <param name="domain">
-## The type of the process performing this action.
-## </param>
-## </interface>
+## <desc>
+## Read filesystem sysctls.
+## </desc>
+## <param name="domain">
+## The type of the process performing this action.
+## </param>
#
interface(`kernel_read_fs_sysctl',`
gen_require(`
@@ -827,14 +750,12 @@ interface(`kernel_read_fs_sysctl',`
')
########################################
-## <interface name="kernel_rw_fs_sysctl">
-## <desc>
-## Read and write fileystem sysctls.
-## </desc>
-## <param name="domain">
-## The type of the process performing this action.
-## </param>
-## </interface>
+## <desc>
+## Read and write fileystem sysctls.
+## </desc>
+## <param name="domain">
+## The type of the process performing this action.
+## </param>
#
interface(`kernel_rw_fs_sysctl',`
gen_require(`
@@ -850,14 +771,12 @@ interface(`kernel_rw_fs_sysctl',`
')
########################################
-## <interface name="kernel_read_irq_sysctl">
-## <desc>
-## Read IRQ sysctls.
-## </desc>
-## <param name="domain">
-## The type of the process performing this action.
-## </param>
-## </interface>
+## <desc>
+## Read IRQ sysctls.
+## </desc>
+## <param name="domain">
+## The type of the process performing this action.
+## </param>
#
interface(`kernel_read_irq_sysctl',`
gen_require(`
@@ -872,14 +791,12 @@ interface(`kernel_read_irq_sysctl',`
')
########################################
-## <interface name="kernel_rw_irq_sysctl">
-## <desc>
-## Read and write IRQ sysctls.
-## </desc>
-## <param name="domain">
-## The type of the process performing this action.
-## </param>
-## </interface>
+## <desc>
+## Read and write IRQ sysctls.
+## </desc>
+## <param name="domain">
+## The type of the process performing this action.
+## </param>
##
#
interface(`kernel_rw_irq_sysctl',`
@@ -929,14 +846,12 @@ interface(`kernel_rw_rpc_sysctl',`
')
########################################
-## <interface name="kernel_read_all_sysctl">
-## <desc>
-## Allow caller to read all sysctls.
-## </desc>
-## <param name="domain">
-## The type of the process performing this action.
-## </param>
-## </interface>
+## <desc>
+## Allow caller to read all sysctls.
+## </desc>
+## <param name="domain">
+## The type of the process performing this action.
+## </param>
#
interface(`kernel_read_all_sysctl',`
kernel_read_device_sysctl($1)
@@ -952,14 +867,12 @@ interface(`kernel_read_all_sysctl',`
')
########################################
-## <interface name="kernel_rw_all_sysctl">
-## <desc>
-## Read and write all sysctls.
-## </desc>
-## <param name="domain">
-## The type of the process performing this action.
-## </param>
-## </interface>
+## <desc>
+## Read and write all sysctls.
+## </desc>
+## <param name="domain">
+## The type of the process performing this action.
+## </param>
#
interface(`kernel_rw_all_sysctl',`
kernel_rw_device_sysctl($1)
@@ -975,14 +888,12 @@ interface(`kernel_rw_all_sysctl',`
')
########################################
-## <interface name="kernel_kill_unlabeled">
-## <desc>
-## Send a kill signal to unlabeled processes.
-## </desc>
-## <param name="domain">
-## The type of the process performing this action.
-## </param>
-## </interface>
+## <desc>
+## Send a kill signal to unlabeled processes.
+## </desc>
+## <param name="domain">
+## The type of the process performing this action.
+## </param>
#
interface(`kernel_kill_unlabeled',`
gen_require(`
@@ -994,14 +905,12 @@ interface(`kernel_kill_unlabeled',`
')
########################################
-## <interface name="kernel_signal_unlabeled">
-## <desc>
-## Send general signals to unlabeled processes.
-## </desc>
-## <param name="domain">
-## The type of the process performing this action.
-## </param>
-## </interface>
+## <desc>
+## Send general signals to unlabeled processes.
+## </desc>
+## <param name="domain">
+## The type of the process performing this action.
+## </param>
#
interface(`kernel_signal_unlabeled',`
gen_require(`
@@ -1013,14 +922,12 @@ interface(`kernel_signal_unlabeled',`
')
########################################
-## <interface name="kernel_signull_unlabeled">
-## <desc>
-## Send a null signal to unlabeled processes.
-## </desc>
-## <param name="domain">
-## The type of the process performing this action.
-## </param>
-## </interface>
+## <desc>
+## Send a null signal to unlabeled processes.
+## </desc>
+## <param name="domain">
+## The type of the process performing this action.
+## </param>
#
interface(`kernel_signull_unlabeled',`
gen_require(`
@@ -1032,14 +939,12 @@ interface(`kernel_signull_unlabeled',`
')
########################################
-## <interface name="kernel_sigstop_unlabeled">
-## <desc>
-## Send a stop signal to unlabeled processes.
-## </desc>
-## <param name="domain">
-## The type of the process performing this action.
-## </param>
-## </interface>
+## <desc>
+## Send a stop signal to unlabeled processes.
+## </desc>
+## <param name="domain">
+## The type of the process performing this action.
+## </param>
#
interface(`kernel_sigstop_unlabeled',`
gen_require(`
@@ -1051,14 +956,12 @@ interface(`kernel_sigstop_unlabeled',`
')
########################################
-## <interface name="kernel_sigchld_unlabeled">
-## <desc>
-## Send a child terminated signal to unlabeled processes.
-## </desc>
-## <param name="domain">
-## The type of the process performing this action.
-## </param>
-## </interface>
+## <desc>
+## Send a child terminated signal to unlabeled processes.
+## </desc>
+## <param name="domain">
+## The type of the process performing this action.
+## </param>
#
interface(`kernel_sigchld_unlabeled',`
gen_require(`
@@ -1070,15 +973,13 @@ interface(`kernel_sigchld_unlabeled',`
')
########################################
-## <interface name="kernel_dontaudit_getattr_unlabeled_blk_dev">
-## <desc>
-## Do not audit attempts by caller to get attributes for
-## unlabeled block devices.
-## </desc>
-## <param name="domain">
-## The process type not to audit.
-## </param>
-## </interface>
+## <desc>
+## Do not audit attempts by caller to get attributes for
+## unlabeled block devices.
+## </desc>
+## <param name="domain">
+## The process type not to audit.
+## </param>
#
interface(`kernel_dontaudit_getattr_unlabeled_blk_dev',`
gen_require(`
@@ -1090,14 +991,12 @@ interface(`kernel_dontaudit_getattr_unlabeled_blk_dev',`
')
########################################
-## <interface name="kernel_relabel_unlabeled">
-## <desc>
-## Allow caller to relabel unlabeled objects.
-## </desc>
-## <param name="domain">
-## The process type relabeling the objects.
-## </param>
-## </interface>
+## <desc>
+## Allow caller to relabel unlabeled objects.
+## </desc>
+## <param name="domain">
+## The process type relabeling the objects.
+## </param>
#
interface(`kernel_relabel_unlabeled',`
gen_require(`
@@ -1114,4 +1013,3 @@ interface(`kernel_relabel_unlabeled',`
allow $1 unlabeled_t:dir_file_class_set { getattr relabelfrom };
')
-## </module>
diff --git a/refpolicy/policy/modules/kernel/metadata.xml b/refpolicy/policy/modules/kernel/metadata.xml
index 7cd7056..e69de29 100644
--- a/refpolicy/policy/modules/kernel/metadata.xml
+++ b/refpolicy/policy/modules/kernel/metadata.xml
@@ -1 +0,0 @@
-<layer name="kernel">
diff --git a/refpolicy/policy/modules/kernel/selinux.if b/refpolicy/policy/modules/kernel/selinux.if
index 61592aa..f8a01cf 100644
--- a/refpolicy/policy/modules/kernel/selinux.if
+++ b/refpolicy/policy/modules/kernel/selinux.if
@@ -1,17 +1,14 @@
-## <module name="selinux">
## <summary>
-## Policy for kernel security interface, in particular, selinuxfs.
+## Policy for kernel security interface, in particular, selinuxfs.
## </summary>
########################################
-## <interface name="selinux_get_fs_mount">
-## <desc>
-## Gets the caller the mountpoint of the selinuxfs filesystem.
-## </desc>
-## <param name="domain">
-## The process type requesting the selinuxfs mountpoint.
-## </param>
-## </interface>
+## <desc>
+## Gets the caller the mountpoint of the selinuxfs filesystem.
+## </desc>
+## <param name="domain">
+## The process type requesting the selinuxfs mountpoint.
+## </param>
#
interface(`selinux_get_fs_mount',`
# read /proc/filesystems to see if selinuxfs is supported
@@ -20,15 +17,13 @@ interface(`selinux_get_fs_mount',`
')
########################################
-## <interface name="selinux_get_enforce_mode">
-## <desc>
-## Allows the caller to get the mode of policy enforcement
-## (enforcing or permissive mode).
-## </desc>
-## <param name="domain">
-## The process type to allow to get the enforcing mode.
-## </param>
-## </interface>
+## <desc>
+## Allows the caller to get the mode of policy enforcement
+## (enforcing or permissive mode).
+## </desc>
+## <param name="domain">
+## The process type to allow to get the enforcing mode.
+## </param>
#
interface(`selinux_get_enforce_mode',`
gen_require(`
@@ -42,15 +37,13 @@ interface(`selinux_get_enforce_mode',`
')
########################################
-## <interface name="selinux_set_enforce_mode">
-## <desc>
-## Allow caller to set the mode of policy enforcement
-## (enforcing or permissive mode).
-## </desc>
-## <param name="domain">
-## The process type to allow to set the enforcement mode.
-## </param>
-## </interface>
+## <desc>
+## Allow caller to set the mode of policy enforcement
+## (enforcing or permissive mode).
+## </desc>
+## <param name="domain">
+## The process type to allow to set the enforcement mode.
+## </param>
#
interface(`selinux_set_enforce_mode',`
gen_require(`
@@ -69,14 +62,12 @@ interface(`selinux_set_enforce_mode',`
')
########################################
-## <interface name="selinux_load_policy">
-## <desc>
-## Allow caller to load the policy into the kernel.
-## </desc>
-## <param name="domain">
-## The process type that will load the policy.
-## </param>
-## </interface>
+## <desc>
+## Allow caller to load the policy into the kernel.
+## </desc>
+## <param name="domain">
+## The process type that will load the policy.
+## </param>
#
interface(`selinux_load_policy',`
gen_require(`
@@ -95,18 +86,16 @@ interface(`selinux_load_policy',`
')
########################################
-## <interface name="selinux_set_boolean">
-## <desc>
-## Allow caller to set the state of Booleans to
-## enable or disable conditional portions of the policy.
-## </desc>
-## <param name="domain">
-## The process type allowed to set the Boolean.
-## </param>
-## <param name="booltype" optional="true">
-## The type of Booleans the caller is allowed to set.
-## </param>
-## </interface>
+## <desc>
+## Allow caller to set the state of Booleans to
+## enable or disable conditional portions of the policy.
+## </desc>
+## <param name="domain">
+## The process type allowed to set the Boolean.
+## </param>
+## <param name="booltype" optional="true">
+## The type of Booleans the caller is allowed to set.
+## </param>
#
interface(`selinux_set_boolean',`
gen_require(`
@@ -130,14 +119,12 @@ interface(`selinux_set_boolean',`
')
########################################
-## <interface name="selinux_set_parameters">
-## <desc>
-## Allow caller to set selinux security parameters.
-## </desc>
-## <param name="domain">
-## The process type to allow to set security parameters.
-## </param>
-## </interface>
+## <desc>
+## Allow caller to set selinux security parameters.
+## </desc>
+## <param name="domain">
+## The process type to allow to set security parameters.
+## </param>
#
interface(`selinux_set_parameters',`
gen_require(`
@@ -156,14 +143,12 @@ interface(`selinux_set_parameters',`
')
########################################
-## <interface name="selinux_validate_context">
-## <desc>
-## Allows caller to validate security contexts.
-## </desc>
-## <param name="domain">
-## The process type permitted to validate contexts.
-## </param>
-## </interface>
+## <desc>
+## Allows caller to validate security contexts.
+## </desc>
+## <param name="domain">
+## The process type permitted to validate contexts.
+## </param>
#
interface(`selinux_validate_context',`
gen_require(`
@@ -179,14 +164,12 @@ interface(`selinux_validate_context',`
')
########################################
-## <interface name="selinux_compute_access_vector">
-## <desc>
-## Allows caller to compute an access vector.
-## </desc>
-## <param name="domain">
-## The process type allowed to compute an access vector.
-## </param>
-## </interface>
+## <desc>
+## Allows caller to compute an access vector.
+## </desc>
+## <param name="domain">
+## The process type allowed to compute an access vector.
+## </param>
#
interface(`selinux_compute_access_vector',`
gen_require(`
@@ -202,14 +185,12 @@ interface(`selinux_compute_access_vector',`
')
########################################
-## <interface name="selinux_compute_create_context">
-## <desc>
-##
-## </desc>
-## <param name="domain">
-##
-## </param>
-## </interface>
+## <desc>
+##
+## </desc>
+## <param name="domain">
+##
+## </param>
#
interface(`selinux_compute_create_context',`
gen_require(`
@@ -225,14 +206,12 @@ interface(`selinux_compute_create_context',`
')
########################################
-## <interface name="selinux_compute_relabel_context">
-## <desc>
-##
-## </desc>
-## <param name="domain">
-## The process type to
-## </param>
-## </interface>
+## <desc>
+##
+## </desc>
+## <param name="domain">
+## The process type to
+## </param>
#
interface(`selinux_compute_relabel_context',`
gen_require(`
@@ -248,14 +227,12 @@ interface(`selinux_compute_relabel_context',`
')
########################################
-## <interface name="selinux_compute_user_contexts">
-## <desc>
-## Allows caller to compute possible contexts for a user.
-## </desc>
-## <param name="domain">
-## The process type allowed to compute user contexts.
-## </param>
-## </interface>
+## <desc>
+## Allows caller to compute possible contexts for a user.
+## </desc>
+## <param name="domain">
+## The process type allowed to compute user contexts.
+## </param>
#
interface(`selinux_compute_user_contexts',`
gen_require(`
@@ -270,4 +247,3 @@ interface(`selinux_compute_user_contexts',`
allow $1 security_t:security compute_user;
')
-## </module>
diff --git a/refpolicy/policy/modules/kernel/storage.if b/refpolicy/policy/modules/kernel/storage.if
index f4f9325..79fb67b 100644
--- a/refpolicy/policy/modules/kernel/storage.if
+++ b/refpolicy/policy/modules/kernel/storage.if
@@ -1,16 +1,13 @@
-## <module name="storage">
## <summary>Policy controlling access to storage devices</summary>
########################################
-## <interface name="storage_getattr_fixed_disk">
-## <desc>
-## Allow the caller to get the attributes of fixed disk
-## device nodes.
-## </desc>
-## <param name="domain">
-## The type of the process performing this action.
-## </param>
-## </interface>
+## <desc>
+## Allow the caller to get the attributes of fixed disk
+## device nodes.
+## </desc>
+## <param name="domain">
+## The type of the process performing this action.
+## </param>
#
interface(`storage_getattr_fixed_disk',`
gen_require(`
@@ -23,15 +20,13 @@ interface(`storage_getattr_fixed_disk',`
')
########################################
-## <interface name="storage_dontaudit_getattr_fixed_disk">
-## <desc>
-## Do not audit attempts made by the caller to get
-## the attributes of fixed disk device nodes.
-## </desc>
-## <param name="domain">
-## The type of the process to not audit.
-## </param>
-## </interface>
+## <desc>
+## Do not audit attempts made by the caller to get
+## the attributes of fixed disk device nodes.
+## </desc>
+## <param name="domain">
+## The type of the process to not audit.
+## </param>
#
interface(`storage_dontaudit_getattr_fixed_disk',`
gen_require(`
@@ -43,15 +38,13 @@ interface(`storage_dontaudit_getattr_fixed_disk',`
')
########################################
-## <interface name="storage_setattr_fixed_disk">
-## <desc>
-## Allow the caller to set the attributes of fixed disk
-## device nodes.
-## </desc>
-## <param name="domain">
-## The type of the process performing this action.
-## </param>
-## </interface>
+## <desc>
+## Allow the caller to set the attributes of fixed disk
+## device nodes.
+## </desc>
+## <param name="domain">
+## The type of the process performing this action.
+## </param>
#
interface(`storage_setattr_fixed_disk',`
gen_require(`
@@ -64,15 +57,13 @@ interface(`storage_setattr_fixed_disk',`
')
########################################
-## <interface name="storage_dontaudit_setattr_fixed_disk">
-## <desc>
-## Do not audit attempts made by the caller to set
-## the attributes of fixed disk device nodes.
-## </desc>
-## <param name="domain">
-## The type of the process to not audit.
-## </param>
-## </interface>
+## <desc>
+## Do not audit attempts made by the caller to set
+## the attributes of fixed disk device nodes.
+## </desc>
+## <param name="domain">
+## The type of the process to not audit.
+## </param>
#
interface(`storage_dontaudit_setattr_fixed_disk',`
gen_require(`
@@ -84,17 +75,15 @@ interface(`storage_dontaudit_setattr_fixed_disk',`
')
########################################
-## <interface name="storage_raw_read_fixed_disk">
-## <desc>
-## Allow the caller to directly read from a fixed disk.
-## This is extremly dangerous as it can bypass the
-## SELinux protections for filesystem objects, and
-## should only be used by trusted domains.
-## </desc>
-## <param name="domain">
-## The type of the process performing this action.
-## </param>
-## </interface>
+## <desc>
+## Allow the caller to directly read from a fixed disk.
+## This is extremly dangerous as it can bypass the
+## SELinux protections for filesystem objects, and
+## should only be used by trusted domains.
+## </desc>
+## <param name="domain">
+## The type of the process performing this action.
+## </param>
#
interface(`storage_raw_read_fixed_disk',`
gen_require(`
@@ -109,17 +98,15 @@ interface(`storage_raw_read_fixed_disk',`
')
########################################
-## <interface name="storage_raw_write_fixed_disk">
-## <desc>
-## Allow the caller to directly write to a fixed disk.
-## This is extremly dangerous as it can bypass the
-## SELinux protections for filesystem objects, and
-## should only be used by trusted domains.
-## </desc>
-## <param name="domain">
-## The type of the process performing this action.
-## </param>
-## </interface>
+## <desc>
+## Allow the caller to directly write to a fixed disk.
+## This is extremly dangerous as it can bypass the
+## SELinux protections for filesystem objects, and
+## should only be used by trusted domains.
+## </desc>
+## <param name="domain">
+## The type of the process performing this action.
+## </param>
#
interface(`storage_raw_write_fixed_disk',`
gen_require(`
@@ -134,14 +121,12 @@ interface(`storage_raw_write_fixed_disk',`
')
########################################
-## <interface name="storage_create_fixed_disk">
-## <desc>
-## Create block devices in /dev with the fixed disk type.
-## </desc>
-## <param name="domain">
-## The type of the process performing this action.
-## </param>
-## </interface>
+## <desc>
+## Create block devices in /dev with the fixed disk type.
+## </desc>
+## <param name="domain">
+## The type of the process performing this action.
+## </param>
#
interface(`storage_create_fixed_disk_dev_entry',`
gen_require(`
@@ -156,14 +141,12 @@ interface(`storage_create_fixed_disk_dev_entry',`
')
########################################
-## <interface name="storage_manage_fixed_disk">
-## <desc>
-## Create, read, write, and delete fixed disk device nodes.
-## </desc>
-## <param name="domain">
-## The type of the process performing this action.
-## </param>
-## </interface>
+## <desc>
+## Create, read, write, and delete fixed disk device nodes.
+## </desc>
+## <param name="domain">
+## The type of the process performing this action.
+## </param>
#
interface(`storage_manage_fixed_disk',`
gen_require(`
@@ -178,17 +161,15 @@ interface(`storage_manage_fixed_disk',`
')
########################################
-## <interface name="storage_raw_read_lvm_volume">
-## <desc>
-## Allow the caller to directly read from a logical volume.
-## This is extremly dangerous as it can bypass the
-## SELinux protections for filesystem objects, and
-## should only be used by trusted domains.
-## </desc>
-## <param name="domain">
-## The type of the process performing this action.
-## </param>
-## </interface>
+## <desc>
+## Allow the caller to directly read from a logical volume.
+## This is extremly dangerous as it can bypass the
+## SELinux protections for filesystem objects, and
+## should only be used by trusted domains.
+## </desc>
+## <param name="domain">
+## The type of the process performing this action.
+## </param>
#
interface(`storage_raw_read_lvm_volume',`
gen_require(`
@@ -203,17 +184,15 @@ interface(`storage_raw_read_lvm_volume',`
')
########################################
-## <interface name="storage_raw_write_lvm_volume">
-## <desc>
-## Allow the caller to directly read from a logical volume.
-## This is extremly dangerous as it can bypass the
-## SELinux protections for filesystem objects, and
-## should only be used by trusted domains.
-## </desc>
-## <param name="domain">
-## The type of the process performing this action.
-## </param>
-## </interface>
+## <desc>
+## Allow the caller to directly read from a logical volume.
+## This is extremly dangerous as it can bypass the
+## SELinux protections for filesystem objects, and
+## should only be used by trusted domains.
+## </desc>
+## <param name="domain">
+## The type of the process performing this action.
+## </param>
#
interface(`storage_raw_write_lvm_volume',`
gen_require(`
@@ -228,15 +207,13 @@ interface(`storage_raw_write_lvm_volume',`
')
########################################
-## <interface name="storage_getattr_scsi_generic">
-## <desc>
-## Allow the caller to get the attributes of
-## the generic SCSI interface device nodes.
-## </desc>
-## <param name="domain">
-## The type of the process performing this action.
-## </param>
-## </interface>
+## <desc>
+## Allow the caller to get the attributes of
+## the generic SCSI interface device nodes.
+## </desc>
+## <param name="domain">
+## The type of the process performing this action.
+## </param>
#
interface(`storage_getattr_scsi_generic',`
gen_require(`
@@ -249,15 +226,13 @@ interface(`storage_getattr_scsi_generic',`
')
########################################
-## <interface name="storage_setattr_scsi_generic">
-## <desc>
-## Allow the caller to set the attributes of
-## the generic SCSI interface device nodes.
-## </desc>
-## <param name="domain">
-## The type of the process performing this action.
-## </param>
-## </interface>
+## <desc>
+## Allow the caller to set the attributes of
+## the generic SCSI interface device nodes.
+## </desc>
+## <param name="domain">
+## The type of the process performing this action.
+## </param>
#
interface(`storage_setattr_scsi_generic',`
gen_require(`
@@ -270,18 +245,16 @@ interface(`storage_setattr_scsi_generic',`
')
########################################
-## <interface name="storage_read_scsi_generic">
-## <desc>
-## Allow the caller to directly read, in a
-## generic fashion, from any SCSI device.
-## This is extremly dangerous as it can bypass the
-## SELinux protections for filesystem objects, and
-## should only be used by trusted domains.
-## </desc>
-## <param name="domain">
-## The type of the process performing this action.
-## </param>
-## </interface>
+## <desc>
+## Allow the caller to directly read, in a
+## generic fashion, from any SCSI device.
+## This is extremly dangerous as it can bypass the
+## SELinux protections for filesystem objects, and
+## should only be used by trusted domains.
+## </desc>
+## <param name="domain">
+## The type of the process performing this action.
+## </param>
#
interface(`storage_read_scsi_generic',`
gen_require(`
@@ -296,18 +269,16 @@ interface(`storage_read_scsi_generic',`
')
########################################
-## <interface name="storage_write_scsi_generic">
-## <desc>
-## Allow the caller to directly write, in a
-## generic fashion, from any SCSI device.
-## This is extremly dangerous as it can bypass the
-## SELinux protections for filesystem objects, and
-## should only be used by trusted domains.
-## </desc>
-## <param name="domain">
-## The type of the process performing this action.
-## </param>
-## </interface>
+## <desc>
+## Allow the caller to directly write, in a
+## generic fashion, from any SCSI device.
+## This is extremly dangerous as it can bypass the
+## SELinux protections for filesystem objects, and
+## should only be used by trusted domains.
+## </desc>
+## <param name="domain">
+## The type of the process performing this action.
+## </param>
#
interface(`storage_write_scsi_generic',`
gen_require(`
@@ -322,15 +293,13 @@ interface(`storage_write_scsi_generic',`
')
########################################
-## <interface name="storage_getattr_scsi_generic">
-## <desc>
-## Get attributes of the device nodes
-## for the SCSI generic inerface.
-## </desc>
-## <param name="domain">
-## The type of the process performing this action.
-## </param>
-## </interface>
+## <desc>
+## Get attributes of the device nodes
+## for the SCSI generic inerface.
+## </desc>
+## <param name="domain">
+## The type of the process performing this action.
+## </param>
#
interface(`storage_getattr_scsi_generic',`
gen_require(`
@@ -343,15 +312,13 @@ interface(`storage_getattr_scsi_generic',`
')
########################################
-## <interface name="storage_setattr_scsi_generic">
-## <desc>
-## Set attributes of the device nodes
-## for the SCSI generic inerface.
-## </desc>
-## <param name="domain">
-## The type of the process performing this action.
-## </param>
-## </interface>
+## <desc>
+## Set attributes of the device nodes
+## for the SCSI generic inerface.
+## </desc>
+## <param name="domain">
+## The type of the process performing this action.
+## </param>
#
interface(`storage_set_scsi_generic_attributes',`
gen_require(`
@@ -364,15 +331,13 @@ interface(`storage_set_scsi_generic_attributes',`
')
########################################
-## <interface name="storage_getattr_removable_device">
-## <desc>
-## Allow the caller to get the attributes of removable
-## devices device nodes.
-## </desc>
-## <param name="domain">
-## The type of the process performing this action.
-## </param>
-## </interface>
+## <desc>
+## Allow the caller to get the attributes of removable
+## devices device nodes.
+## </desc>
+## <param name="domain">
+## The type of the process performing this action.
+## </param>
#
interface(`storage_getattr_removable_device',`
gen_require(`
@@ -385,15 +350,13 @@ interface(`storage_getattr_removable_device',`
')
########################################
-## <interface name="storage_dontaudit_getattr_removable_device">
-## <desc>
-## Do not audit attempts made by the caller to get
-## the attributes of removable devices device nodes.
-## </desc>
-## <param name="domain">
-## The type of the process to not audit.
-## </param>
-## </interface>
+## <desc>
+## Do not audit attempts made by the caller to get
+## the attributes of removable devices device nodes.
+## </desc>
+## <param name="domain">
+## The type of the process to not audit.
+## </param>
#
interface(`storage_dontaudit_getattr_removable_device',`
gen_require(`
@@ -405,15 +368,13 @@ interface(`storage_dontaudit_getattr_removable_device',`
')
########################################
-## <interface name="storage_setattr_removable_device">
-## <desc>
-## Allow the caller to set the attributes of removable
-## devices device nodes.
-## </desc>
-## <param name="domain">
-## The type of the process performing this action.
-## </param>
-## </interface>
+## <desc>
+## Allow the caller to set the attributes of removable
+## devices device nodes.
+## </desc>
+## <param name="domain">
+## The type of the process performing this action.
+## </param>
#
interface(`storage_setattr_removable_device',`
gen_require(`
@@ -426,15 +387,13 @@ interface(`storage_setattr_removable_device',`
')
########################################
-## <interface name="storage_dontaudit_setattr_removable_device">
-## <desc>
-## Do not audit attempts made by the caller to set
-## the attributes of removable devices device nodes.
-## </desc>
-## <param name="domain">
-## The type of the process to not audit.
-## </param>
-## </interface>
+## <desc>
+## Do not audit attempts made by the caller to set
+## the attributes of removable devices device nodes.
+## </desc>
+## <param name="domain">
+## The type of the process to not audit.
+## </param>
#
interface(`storage_dontaudit_setattr_removable_device',`
gen_require(`
@@ -446,18 +405,16 @@ interface(`storage_dontaudit_setattr_removable_device',`
')
########################################
-## <interface name="storage_raw_read_removable_device">
-## <desc>
-## Allow the caller to directly read from
-## a removable device.
-## This is extremly dangerous as it can bypass the
-## SELinux protections for filesystem objects, and
-## should only be used by trusted domains.
-## </desc>
-## <param name="domain">
-## The type of the process performing this action.
-## </param>
-## </interface>
+## <desc>
+## Allow the caller to directly read from
+## a removable device.
+## This is extremly dangerous as it can bypass the
+## SELinux protections for filesystem objects, and
+## should only be used by trusted domains.
+## </desc>
+## <param name="domain">
+## The type of the process performing this action.
+## </param>
#
interface(`storage_raw_read_removable_device',`
gen_require(`
@@ -470,18 +427,16 @@ interface(`storage_raw_read_removable_device',`
')
########################################
-## <interface name="storage_raw_write_removable_device">
-## <desc>
-## Allow the caller to directly write to
-## a removable device.
-## This is extremly dangerous as it can bypass the
-## SELinux protections for filesystem objects, and
-## should only be used by trusted domains.
-## </desc>
-## <param name="domain">
-## The type of the process performing this action.
-## </param>
-## </interface>
+## <desc>
+## Allow the caller to directly write to
+## a removable device.
+## This is extremly dangerous as it can bypass the
+## SELinux protections for filesystem objects, and
+## should only be used by trusted domains.
+## </desc>
+## <param name="domain">
+## The type of the process performing this action.
+## </param>
#
interface(`storage_raw_write_removable_device',`
gen_require(`
@@ -494,15 +449,13 @@ interface(`storage_raw_write_removable_device',`
')
########################################
-## <interface name="storage_read_tape_device">
-## <desc>
-## Allow the caller to directly read
-## a tape device.
-## </desc>
-## <param name="domain">
-## The type of the process performing this action.
-## </param>
-## </interface>
+## <desc>
+## Allow the caller to directly read
+## a tape device.
+## </desc>
+## <param name="domain">
+## The type of the process performing this action.
+## </param>
#
interface(`storage_read_tape_device',`
gen_require(`
@@ -515,15 +468,13 @@ interface(`storage_read_tape_device',`
')
########################################
-## <interface name="storage_write_tape_device">
-## <desc>
-## Allow the caller to directly read
-## a tape device.
-## </desc>
-## <param name="domain">
-## The type of the process performing this action.
-## </param>
-## </interface>
+## <desc>
+## Allow the caller to directly read
+## a tape device.
+## </desc>
+## <param name="domain">
+## The type of the process performing this action.
+## </param>
#
interface(`storage_write_tape_device',`
gen_require(`
@@ -536,15 +487,13 @@ interface(`storage_write_tape_device',`
')
########################################
-## <interface name="storage_getattr_tape_device">
-## <desc>
-## Allow the caller to get the attributes
-## of device nodes of tape devices.
-## </desc>
-## <param name="domain">
-## The type of the process performing this action.
-## </param>
-## </interface>
+## <desc>
+## Allow the caller to get the attributes
+## of device nodes of tape devices.
+## </desc>
+## <param name="domain">
+## The type of the process performing this action.
+## </param>
#
interface(`storage_getattr_tape_device',`
gen_require(`
@@ -557,15 +506,13 @@ interface(`storage_getattr_tape_device',`
')
########################################
-## <interface name="storage_setattr_tape_device">
-## <desc>
-## Allow the caller to set the attributes
-## of device nodes of tape devices.
-## </desc>
-## <param name="domain">
-## The type of the process performing this action.
-## </param>
-## </interface>
+## <desc>
+## Allow the caller to set the attributes
+## of device nodes of tape devices.
+## </desc>
+## <param name="domain">
+## The type of the process performing this action.
+## </param>
#
interface(`storage_setattr_tape_device',`
gen_require(`
@@ -577,4 +524,3 @@ interface(`storage_setattr_tape_device',`
allow $1 tape_device_t:blk_file setattr;
')
-## </module>
diff --git a/refpolicy/policy/modules/kernel/terminal.if b/refpolicy/policy/modules/kernel/terminal.if
index 4fbefc2..0ef21f1 100644
--- a/refpolicy/policy/modules/kernel/terminal.if
+++ b/refpolicy/policy/modules/kernel/terminal.if
@@ -1,15 +1,12 @@
-## <module name="terminal">
## <summary>Policy for terminals.</summary>
########################################
-## <interface name="term_pty">
-## <desc>
-## Transform specified type into a pty type.
-## </desc>
-## <param name="pty_type">
-## An object type that will applied to a pty.
-## </param>
-## </interface>
+## <desc>
+## Transform specified type into a pty type.
+## </desc>
+## <param name="pty_type">
+## An object type that will applied to a pty.
+## </param>
#
interface(`term_pty',`
gen_require(`
@@ -23,20 +20,18 @@ interface(`term_pty',`
')
########################################
-## <interface name="term_user_pty">
-## <desc>
-## Transform specified type into an user
-## pty type. This allows it to be relabeled via
-## type change by login programs such as ssh.
-## </desc>
-## <param name="userdomain">
-## The type of the user domain associated with
-## this pty.
-## </param>
-## <param name="object_type">
-## An object type that will applied to a pty.
-## </param>
-## </interface>
+## <desc>
+## Transform specified type into an user
+## pty type. This allows it to be relabeled via
+## type change by login programs such as ssh.
+## </desc>
+## <param name="userdomain">
+## The type of the user domain associated with
+## this pty.
+## </param>
+## <param name="object_type">
+## An object type that will applied to a pty.
+## </param>
#
interface(`term_user_pty',`
gen_require(`
@@ -48,15 +43,13 @@ interface(`term_user_pty',`
')
########################################
-## <interface name="term_login_pty">
-## <desc>
-## Transform specified type into a pty type
-## used by login programs, such as sshd.
-## </desc>
-## <param name="pty_type">
-## An object type that will applied to a pty.
-## </param>
-## </interface>
+## <desc>
+## Transform specified type into a pty type
+## used by login programs, such as sshd.
+## </desc>
+## <param name="pty_type">
+## An object type that will applied to a pty.
+## </param>
#
interface(`term_login_pty',`
gen_require(`
@@ -68,14 +61,12 @@ interface(`term_login_pty',`
')
########################################
-## <interface name="term_tty">
-## <desc>
-## Transform specified type into a tty type.
-## </desc>
-## <param name="tty_type">
-## An object type that will applied to a tty.
-## </param>
-## </interface>
+## <desc>
+## Transform specified type into a tty type.
+## </desc>
+## <param name="tty_type">
+## An object type that will applied to a tty.
+## </param>
#
interface(`term_tty',`
gen_require(`
@@ -98,17 +89,15 @@ interface(`term_tty',`
')
########################################
-## <interface name="term_create_pty">
-## <desc>
-## Create a pty in the /dev/pts directory.
-## </desc>
-## <param name="domain">
-## The type of the process creating the pty.
-## </param>
-## <param name="pty_type">
-## The type of the pty.
-## </param>
-## </interface>
+## <desc>
+## Create a pty in the /dev/pts directory.
+## </desc>
+## <param name="domain">
+## The type of the process creating the pty.
+## </param>
+## <param name="pty_type">
+## The type of the pty.
+## </param>
#
interface(`term_create_pty',`
gen_require(`
@@ -128,15 +117,13 @@ interface(`term_create_pty',`
')
########################################
-## <interface name="term_use_all_terms">
-## <desc>
-## Read and write the console, all
-## ttys and all ptys.
-## </desc>
-## <param name="domain">
-## The type of the process performing this action.
-## </param>
-## </interface>
+## <desc>
+## Read and write the console, all
+## ttys and all ptys.
+## </desc>
+## <param name="domain">
+## The type of the process performing this action.
+## </param>
#
interface(`term_use_all_terms',`
gen_require(`
@@ -152,14 +139,12 @@ interface(`term_use_all_terms',`
')
########################################
-## <interface name="term_write_console">
-## <desc>
-## Write to the console.
-## </desc>
-## <param name="domain">
-## The type of the process performing this action.
-## </param>
-## </interface>
+## <desc>
+## Write to the console.
+## </desc>
+## <param name="domain">
+## The type of the process performing this action.
+## </param>
#
interface(`term_write_console',`
gen_require(`
@@ -172,14 +157,12 @@ interface(`term_write_console',`
')
########################################
-## <interface name="term_use_console">
-## <desc>
-## Read from and write to the console.
-## </desc>
-## <param name="domain">
-## The type of the process performing this action.
-## </param>
-## </interface>
+## <desc>
+## Read from and write to the console.
+## </desc>
+## <param name="domain">
+## The type of the process performing this action.
+## </param>
#
interface(`term_use_console',`
gen_require(`
@@ -192,15 +175,13 @@ interface(`term_use_console',`
')
########################################
-## <interface name="term_dontaudit_use_console">
-## <desc>
-## Do not audit attemtps to read from
-## or write to the console.
-## </desc>
-## <param name="domain">
-## The type of the process performing this action.
-## </param>
-## </interface>
+## <desc>
+## Do not audit attemtps to read from
+## or write to the console.
+## </desc>
+## <param name="domain">
+## The type of the process performing this action.
+## </param>
#
interface(`term_dontaudit_use_console',`
gen_require(`
@@ -212,15 +193,13 @@ interface(`term_dontaudit_use_console',`
')
########################################
-## <interface name="term_setattr_console">
-## <desc>
-## Set the attributes of the console
-## device node.
-## </desc>
-## <param name="domain">
-## The type of the process performing this action.
-## </param>
-## </interface>
+## <desc>
+## Set the attributes of the console
+## device node.
+## </desc>
+## <param name="domain">
+## The type of the process performing this action.
+## </param>
#
interface(`term_setattr_console',`
gen_require(`
@@ -233,15 +212,13 @@ interface(`term_setattr_console',`
')
########################################
-## <interface name="term_list_ptys">
-## <desc>
-## Read the /dev/pts directory to
-## list all ptys.
-## </desc>
-## <param name="domain">
-## The type of the process performing this action.
-## </param>
-## </interface>
+## <desc>
+## Read the /dev/pts directory to
+## list all ptys.
+## </desc>
+## <param name="domain">
+## The type of the process performing this action.
+## </param>
#
interface(`term_list_ptys',`
gen_require(`
@@ -254,15 +231,13 @@ interface(`term_list_ptys',`
')
########################################
-## <interface name="term_dontaudit_list_ptys">
-## <desc>
-## Do not audit attempts to read the
-## /dev/pts directory to.
-## </desc>
-## <param name="domain">
-## The type of the process to not audit.
-## </param>
-## </interface>
+## <desc>
+## Do not audit attempts to read the
+## /dev/pts directory to.
+## </desc>
+## <param name="domain">
+## The type of the process to not audit.
+## </param>
#
interface(`term_dontaudit_list_ptys',`
gen_require(`
@@ -274,16 +249,14 @@ interface(`term_dontaudit_list_ptys',`
')
########################################
-## <interface name="term_use_generic_pty">
-## <desc>
-## Read and write the generic pty
-## type. This is generally only used in
-## the targeted policy.
-## </desc>
-## <param name="domain">
-## The type of the process performing this action.
-## </param>
-## </interface>
+## <desc>
+## Read and write the generic pty
+## type. This is generally only used in
+## the targeted policy.
+## </desc>
+## <param name="domain">
+## The type of the process performing this action.
+## </param>
#
interface(`term_use_generic_pty',`
gen_require(`
@@ -296,16 +269,14 @@ interface(`term_use_generic_pty',`
')
########################################
-## <interface name="term_dontaudit_use_generic_pty">
-## <desc>
-## Dot not audit attempts to read and
-## write the generic pty type. This is
-## generally only used in the targeted policy.
-## </desc>
-## <param name="domain">
-## The type of the process to not audit.
-## </param>
-## </interface>
+## <desc>
+## Dot not audit attempts to read and
+## write the generic pty type. This is
+## generally only used in the targeted policy.
+## </desc>
+## <param name="domain">
+## The type of the process to not audit.
+## </param>
#
interface(`term_dontaudit_use_generic_pty',`
gen_require(`
@@ -317,15 +288,13 @@ interface(`term_dontaudit_use_generic_pty',`
')
########################################
-## <interface name="term_use_controlling_term">
-## <desc>
-## Read and write the controlling
-## terminal (/dev/tty).
-## </desc>
-## <param name="domain">
-## The type of the process performing this action.
-## </param>
-## </interface>
+## <desc>
+## Read and write the controlling
+## terminal (/dev/tty).
+## </desc>
+## <param name="domain">
+## The type of the process performing this action.
+## </param>
#
interface(`term_use_controlling_term',`
gen_require(`
@@ -338,15 +307,13 @@ interface(`term_use_controlling_term',`
')
########################################
-## <interface name="term_dontaudit_use_ptmx">
-## <desc>
-## Do not audit attempts to read and
-## write the pty multiplexor (/dev/ptmx).
-## </desc>
-## <param name="domain">
-## The type of the process to not audit.
-## </param>
-## </interface>
+## <desc>
+## Do not audit attempts to read and
+## write the pty multiplexor (/dev/ptmx).
+## </desc>
+## <param name="domain">
+## The type of the process to not audit.
+## </param>
#
interface(`term_dontaudit_use_ptmx',`
gen_require(`
@@ -358,15 +325,13 @@ interface(`term_dontaudit_use_ptmx',`
')
########################################
-## <interface name="term_getattr_all_user_ptys">
-## <desc>
-## Get the attributes of all user
-## pty device nodes.
-## </desc>
-## <param name="domain">
-## The type of the process performing this action.
-## </param>
-## </interface>
+## <desc>
+## Get the attributes of all user
+## pty device nodes.
+## </desc>
+## <param name="domain">
+## The type of the process performing this action.
+## </param>
#
interface(`term_getattr_all_user_ptys',`
gen_require(`
@@ -381,14 +346,12 @@ interface(`term_getattr_all_user_ptys',`
')
########################################
-## <interface name="term_use_all_user_ptys">
-## <desc>
-## Read and write all user ptys.
-## </desc>
-## <param name="domain">
-## The type of the process performing this action.
-## </param>
-## </interface>
+## <desc>
+## Read and write all user ptys.
+## </desc>
+## <param name="domain">
+## The type of the process performing this action.
+## </param>
#
interface(`term_use_all_user_ptys',`
gen_require(`
@@ -403,15 +366,13 @@ interface(`term_use_all_user_ptys',`
')
########################################
-## <interface name="term_dontaudit_use_all_user_ptys">
-## <desc>
-## Do not audit attempts to read any
-## user ptys.
-## </desc>
-## <param name="domain">
-## The type of the process to not audit.
-## </param>
-## </interface>
+## <desc>
+## Do not audit attempts to read any
+## user ptys.
+## </desc>
+## <param name="domain">
+## The type of the process to not audit.
+## </param>
#
interface(`term_dontaudit_use_all_user_ptys',`
gen_require(`
@@ -423,15 +384,13 @@ interface(`term_dontaudit_use_all_user_ptys',`
')
########################################
-## <interface name="term_relabel_all_user_ptys">
-## <desc>
-## Relabel from and to all user
-## user pty device nodes.
-## </desc>
-## <param name="domain">
-## The type of the process performing this action.
-## </param>
-## </interface>
+## <desc>
+## Relabel from and to all user
+## user pty device nodes.
+## </desc>
+## <param name="domain">
+## The type of the process performing this action.
+## </param>
#
interface(`term_relabel_all_user_ptys',`
gen_require(`
@@ -444,15 +403,13 @@ interface(`term_relabel_all_user_ptys',`
')
########################################
-## <interface name="term_getattr_unallocated_ttys">
-## <desc>
-## Get the attributes of all unallocated
-## tty device nodes.
-## </desc>
-## <param name="domain">
-## The type of the process performing this action.
-## </param>
-## </interface>
+## <desc>
+## Get the attributes of all unallocated
+## tty device nodes.
+## </desc>
+## <param name="domain">
+## The type of the process performing this action.
+## </param>
#
interface(`term_getattr_unallocated_ttys',`
gen_require(`
@@ -465,15 +422,13 @@ interface(`term_getattr_unallocated_ttys',`
')
########################################
-## <interface name="term_setattr_unallocated_ttys">
-## <desc>
-## Set the attributes of all unallocated
-## tty device nodes.
-## </desc>
-## <param name="domain">
-## The type of the process performing this action.
-## </param>
-## </interface>
+## <desc>
+## Set the attributes of all unallocated
+## tty device nodes.
+## </desc>
+## <param name="domain">
+## The type of the process performing this action.
+## </param>
#
interface(`term_setattr_unallocated_ttys',`
gen_require(`
@@ -486,15 +441,13 @@ interface(`term_setattr_unallocated_ttys',`
')
########################################
-## <interface name="term_relabel_unallocated_ttys">
-## <desc>
-## Relabel from and to the unallocated
-## tty type.
-## </desc>
-## <param name="domain">
-## The type of the process performing this action.
-## </param>
-## </interface>
+## <desc>
+## Relabel from and to the unallocated
+## tty type.
+## </desc>
+## <param name="domain">
+## The type of the process performing this action.
+## </param>
#
interface(`term_relabel_unallocated_ttys',`
gen_require(`
@@ -507,15 +460,13 @@ interface(`term_relabel_unallocated_ttys',`
')
########################################
-## <interface name="term_reset_tty_labels">
-## <desc>
-## Relabel from all user tty types to
-## the unallocated tty type.
-## </desc>
-## <param name="domain">
-## The type of the process performing this action.
-## </param>
-## </interface>
+## <desc>
+## Relabel from all user tty types to
+## the unallocated tty type.
+## </desc>
+## <param name="domain">
+## The type of the process performing this action.
+## </param>
#
interface(`term_reset_tty_labels',`
gen_require(`
@@ -530,14 +481,12 @@ interface(`term_reset_tty_labels',`
')
########################################
-## <interface name="term_write_unallocated_ttys">
-## <desc>
-## Write to unallocated ttys.
-## </desc>
-## <param name="domain">
-## The type of the process performing this action.
-## </param>
-## </interface>
+## <desc>
+## Write to unallocated ttys.
+## </desc>
+## <param name="domain">
+## The type of the process performing this action.
+## </param>
#
interface(`term_write_unallocated_ttys',`
gen_require(`
@@ -550,14 +499,12 @@ interface(`term_write_unallocated_ttys',`
')
########################################
-## <interface name="term_use_unallocated_tty">
-## <desc>
-## Read and write unallocated ttys.
-## </desc>
-## <param name="domain">
-## The type of the process performing this action.
-## </param>
-## </interface>
+## <desc>
+## Read and write unallocated ttys.
+## </desc>
+## <param name="domain">
+## The type of the process performing this action.
+## </param>
#
interface(`term_use_unallocated_tty',`
gen_require(`
@@ -570,15 +517,13 @@ interface(`term_use_unallocated_tty',`
')
########################################
-## <interface name="term_dontaudit_use_unallocated_tty">
-## <desc>
-## Do not audit attempts to read or
-## write unallocated ttys.
-## </desc>
-## <param name="domain">
-## The type of the process to not audit.
-## </param>
-## </interface>
+## <desc>
+## Do not audit attempts to read or
+## write unallocated ttys.
+## </desc>
+## <param name="domain">
+## The type of the process to not audit.
+## </param>
#
interface(`term_dontaudit_use_unallocated_tty',`
gen_require(`
@@ -590,15 +535,13 @@ interface(`term_dontaudit_use_unallocated_tty',`
')
########################################
-## <interface name="term_getattr_all_user_ttys">
-## <desc>
-## Get the attributes of all user tty
-## device nodes.
-## </desc>
-## <param name="domain">
-## The type of the process performing this action.
-## </param>
-## </interface>
+## <desc>
+## Get the attributes of all user tty
+## device nodes.
+## </desc>
+## <param name="domain">
+## The type of the process performing this action.
+## </param>
#
interface(`term_getattr_all_user_ttys',`
gen_require(`
@@ -611,16 +554,14 @@ interface(`term_getattr_all_user_ttys',`
')
########################################
-## <interface name="term_dontaudit_getattr_all_user_ttys">
-## <desc>
-## Do not audit attempts to get the
-## attributes of any user tty
-## device nodes.
-## </desc>
-## <param name="domain">
-## The type of the process performing this action.
-## </param>
-## </interface>
+## <desc>
+## Do not audit attempts to get the
+## attributes of any user tty
+## device nodes.
+## </desc>
+## <param name="domain">
+## The type of the process performing this action.
+## </param>
#
interface(`term_dontaudit_getattr_all_user_ttys',`
gen_require(`
@@ -633,15 +574,13 @@ interface(`term_dontaudit_getattr_all_user_ttys',`
')
########################################
-## <interface name="term_setattr_all_user_ttys">
-## <desc>
-## Set the attributes of all user tty
-## device nodes.
-## </desc>
-## <param name="domain">
-## The type of the process performing this action.
-## </param>
-## </interface>
+## <desc>
+## Set the attributes of all user tty
+## device nodes.
+## </desc>
+## <param name="domain">
+## The type of the process performing this action.
+## </param>
#
interface(`term_setattr_all_user_ttys',`
gen_require(`
@@ -654,15 +593,13 @@ interface(`term_setattr_all_user_ttys',`
')
########################################
-## <interface name="term_relabel_all_user_ttys">
-## <desc>
-## Relabel from and to all user
-## user tty device nodes.
-## </desc>
-## <param name="domain">
-## The type of the process performing this action.
-## </param>
-## </interface>
+## <desc>
+## Relabel from and to all user
+## user tty device nodes.
+## </desc>
+## <param name="domain">
+## The type of the process performing this action.
+## </param>
#
interface(`term_relabel_all_user_ttys',`
gen_require(`
@@ -675,14 +612,12 @@ interface(`term_relabel_all_user_ttys',`
')
########################################
-## <interface name="term_write_all_user_ttys">
-## <desc>
-## Write to all user ttys.
-## </desc>
-## <param name="domain">
-## The type of the process performing this action.
-## </param>
-## </interface>
+## <desc>
+## Write to all user ttys.
+## </desc>
+## <param name="domain">
+## The type of the process performing this action.
+## </param>
#
interface(`term_write_all_user_ttys',`
gen_require(`
@@ -695,14 +630,12 @@ interface(`term_write_all_user_ttys',`
')
########################################
-## <interface name="term_use_all_user_ttys">
-## <desc>
-## Read and write all user to all user ttys.
-## </desc>
-## <param name="domain">
-## The type of the process performing this action.
-## </param>
-## </interface>
+## <desc>
+## Read and write all user to all user ttys.
+## </desc>
+## <param name="domain">
+## The type of the process performing this action.
+## </param>
#
interface(`term_use_all_user_ttys',`
gen_require(`
@@ -715,15 +648,13 @@ interface(`term_use_all_user_ttys',`
')
########################################
-## <interface name="term_dontaudit_use_all_user_ttys">
-## <desc>
-## Do not audit attempts to read or write
-## any user ttys.
-## </desc>
-## <param name="domain">
-## The type of the process performing this action.
-## </param>
-## </interface>
+## <desc>
+## Do not audit attempts to read or write
+## any user ttys.
+## </desc>
+## <param name="domain">
+## The type of the process performing this action.
+## </param>
#
interface(`term_dontaudit_use_all_user_ttys',`
gen_require(`
@@ -734,4 +665,3 @@ interface(`term_dontaudit_use_all_user_ttys',`
dontaudit $1 ttynode:chr_file { read write };
')
-## </module>
diff --git a/refpolicy/policy/modules/services/metadata.xml b/refpolicy/policy/modules/services/metadata.xml
index a6814b8..e69de29 100644
--- a/refpolicy/policy/modules/services/metadata.xml
+++ b/refpolicy/policy/modules/services/metadata.xml
@@ -1 +0,0 @@
-<layer name="services">
diff --git a/refpolicy/policy/modules/services/mta.if b/refpolicy/policy/modules/services/mta.if
index a48d3f4..7dd5c68 100644
--- a/refpolicy/policy/modules/services/mta.if
+++ b/refpolicy/policy/modules/services/mta.if
@@ -1,4 +1,3 @@
-## <module name="mta">
## <summary>Policy common to all email tranfer agents.</summary>
#######################################
@@ -194,14 +193,12 @@ interface(`mta_exec',`
')
########################################
-## <interface name="mta_read_aliases">
-## <desc>
-## Read mail address aliases.
-## </desc>
-## <param name="domain">
-## The type of the process performing this action.
-## </param>
-## </interface>
+## <desc>
+## Read mail address aliases.
+## </desc>
+## <param name="domain">
+## The type of the process performing this action.
+## </param>
#
interface(`mta_read_aliases',`
gen_require(`
@@ -293,4 +290,3 @@ interface(`mta_manage_queue',`
allow $1 mqueue_spool_t:file create_file_perms;
')
-## </module>
diff --git a/refpolicy/policy/modules/services/remotelogin.if b/refpolicy/policy/modules/services/remotelogin.if
index 064d244..d25467a 100644
--- a/refpolicy/policy/modules/services/remotelogin.if
+++ b/refpolicy/policy/modules/services/remotelogin.if
@@ -1,15 +1,12 @@
-## <module name="remotelogin">
## <summary>Policy for rshd, rlogind, and telnetd.</summary>
########################################
-## <interface name="remotelogin_domtrans">
-## <desc>
-## Domain transition to the remote login domain.
-## </desc>
-## <param name="domain">
-## The type of the process performing this action.
-## </param>
-## </interface>
+## <desc>
+## Domain transition to the remote login domain.
+## </desc>
+## <param name="domain">
+## The type of the process performing this action.
+## </param>
#
interface(`remotelogin_domtrans',`
gen_require(`
@@ -19,4 +16,3 @@ interface(`remotelogin_domtrans',`
auth_domtrans_login_program($1,remote_login_t)
')
-## </module>
diff --git a/refpolicy/policy/modules/services/sendmail.if b/refpolicy/policy/modules/services/sendmail.if
index 6a3d98d..8923bb3 100644
--- a/refpolicy/policy/modules/services/sendmail.if
+++ b/refpolicy/policy/modules/services/sendmail.if
@@ -1,15 +1,12 @@
-## <module name="sendmail">
## <summary>Policy for sendmail.</summary>
########################################
-## <interface name="sendmail_domtrans">
-## <desc>
-## Domain transition to sendmail.
-## </desc>
-## <param name="domain">
-## The type of the process performing this action.
-## </param>
-## </interface>
+## <desc>
+## Domain transition to sendmail.
+## </desc>
+## <param name="domain">
+## The type of the process performing this action.
+## </param>
#
interface(`sendmail_domtrans',`
gen_require(`
@@ -29,4 +26,3 @@ interface(`sendmail_domtrans',`
allow sendmail_t $1:process sigchld;
')
-## </module>
diff --git a/refpolicy/policy/modules/system/authlogin.if b/refpolicy/policy/modules/system/authlogin.if
index 567032a..573068f 100644
--- a/refpolicy/policy/modules/system/authlogin.if
+++ b/refpolicy/policy/modules/system/authlogin.if
@@ -1,4 +1,3 @@
-## <module name="authlogin">
## <summary>Common policy for authentication and user login.</summary>
#######################################
@@ -89,14 +88,12 @@ interface(`authlogin_per_userdomain_template',`
') dnl end authlogin_per_userdomain_template
########################################
-## <interface name="auth_login_entry_type">
-## <desc>
-## Use the login program as an entry point program.
-## </desc>
-## <param name="domain">
-## The type of process using the login program as entry point.
-## </param>
-## </interface>
+## <desc>
+## Use the login program as an entry point program.
+## </desc>
+## <param name="domain">
+## The type of process using the login program as entry point.
+## </param>
#
interface(`auth_login_entry_type',`
gen_require(`
@@ -107,17 +104,15 @@ interface(`auth_login_entry_type',`
')
########################################
-## <interface name="auth_domtrans_login_program">
-## <desc>
-## Execute a login_program in the target domain.
-## </desc>
-## <param name="domain">
-## The type of the process performing this action.
-## </param>
-## <param name="target_domain">
-## The type of the login_program process.
-## </param>
-## </interface>
+## <desc>
+## Execute a login_program in the target domain.
+## </desc>
+## <param name="domain">
+## The type of the process performing this action.
+## </param>
+## <param name="target_domain">
+## The type of the login_program process.
+## </param>
#
interface(`auth_domtrans_login_program',`
gen_require(`
@@ -137,14 +132,12 @@ interface(`auth_domtrans_login_program',`
')
########################################
-## <interface name="auth_domtrans_chk_passwd">
-## <desc>
-## Run unix_chkpwd to check a password.
-## </desc>
-## <param name="domain">
-## The type of the process performing this action.
-## </param>
-## </interface>
+## <desc>
+## Run unix_chkpwd to check a password.
+## </desc>
+## <param name="domain">
+## The type of the process performing this action.
+## </param>
#
interface(`auth_domtrans_chk_passwd',`
gen_require(`
@@ -181,14 +174,12 @@ interface(`auth_domtrans_chk_passwd',`
')
########################################
-## <interface name="auth_dontaudit_getattr_shadow">
-## <desc>
-##
-## </desc>
-## <param name="domain">
-## The type of the process performing this action.
-## </param>
-## </interface>
+## <desc>
+##
+## </desc>
+## <param name="domain">
+## The type of the process performing this action.
+## </param>
#
interface(`auth_dontaudit_getattr_shadow',`
gen_require(`
@@ -200,14 +191,12 @@ interface(`auth_dontaudit_getattr_shadow',`
')
########################################
-## <interface name="auth_read_shadow">
-## <desc>
-## Read the shadow passwords file (/etc/shadow)
-## </desc>
-## <param name="domain">
-## The type of the process performing this action.
-## </param>
-## </interface>
+## <desc>
+## Read the shadow passwords file (/etc/shadow)
+## </desc>
+## <param name="domain">
+## The type of the process performing this action.
+## </param>
#
interface(`auth_read_shadow',`
gen_require(`
@@ -222,15 +211,13 @@ interface(`auth_read_shadow',`
')
########################################
-## <interface name="auth_dontaudit_read_shadow">
-## <desc>
-## Do not audit attempts to read the shadow
-## password file (/etc/shadow).
-## </desc>
-## <param name="domain">
-## The type of the domain to not audit.
-## </param>
-## </interface>
+## <desc>
+## Do not audit attempts to read the shadow
+## password file (/etc/shadow).
+## </desc>
+## <param name="domain">
+## The type of the domain to not audit.
+## </param>
#
interface(`auth_dontaudit_read_shadow',`
gen_require(`
@@ -242,14 +229,12 @@ interface(`auth_dontaudit_read_shadow',`
')
########################################
-## <interface name="auth_rw_shadow">
-## <desc>
-## Read and write the shadow password file (/etc/shadow).
-## </desc>
-## <param name="domain">
-## The type of the process performing this action.
-## </param>
-## </interface>
+## <desc>
+## Read and write the shadow password file (/etc/shadow).
+## </desc>
+## <param name="domain">
+## The type of the process performing this action.
+## </param>
#
interface(`auth_rw_shadow',`
gen_require(`
@@ -325,14 +310,12 @@ interface(`auth_rw_lastlog',`
')
########################################
-## <interface name="auth_domtrans_pam">
-## <desc>
-## Execute pam programs in the pam domain.
-## </desc>
-## <param name="domain">
-## The type of the process performing this action.
-## </param>
-## </interface>
+## <desc>
+## Execute pam programs in the pam domain.
+## </desc>
+## <param name="domain">
+## The type of the process performing this action.
+## </param>
#
interface(`auth_domtrans_pam',`
gen_require(`
@@ -351,20 +334,18 @@ interface(`auth_domtrans_pam',`
')
########################################
-## <interface name="auth_run_pam">
-## <desc>
-## Execute pam programs in the PAM domain.
-## </desc>
-## <param name="domain">
-## The type of the process performing this action.
-## </param>
-## <param name="role">
-## The role to allow the PAM domain.
-## </param>
-## <param name="terminal">
-## The type of the terminal allow the PAM domain to use.
-## </param>
-## </interface>
+## <desc>
+## Execute pam programs in the PAM domain.
+## </desc>
+## <param name="domain">
+## The type of the process performing this action.
+## </param>
+## <param name="role">
+## The role to allow the PAM domain.
+## </param>
+## <param name="terminal">
+## The type of the terminal allow the PAM domain to use.
+## </param>
#
interface(`auth_run_pam',`
gen_require(`
@@ -378,14 +359,12 @@ interface(`auth_run_pam',`
')
########################################
-## <interface name="auth_exec_pam">
-## <desc>
-## Execute the pam program.
-## </desc>
-## <param name="domain">
-## The type of the process performing this action.
-## </param>
-## </interface>
+## <desc>
+## Execute the pam program.
+## </desc>
+## <param name="domain">
+## The type of the process performing this action.
+## </param>
#
interface(`auth_exec_pam',`
gen_require(`
@@ -413,14 +392,12 @@ interface(`auth_read_pam_pid',`
')
########################################
-## <interface name="auth_delete_pam_pid">
-## <desc>
-## Delete pam PID files.
-## </desc>
-## <param name="domain">
-## The type of the process performing this action.
-## </param>
-## </interface>
+## <desc>
+## Delete pam PID files.
+## </desc>
+## <param name="domain">
+## The type of the process performing this action.
+## </param>
#
interface(`auth_delete_pam_pid',`
gen_require(`
@@ -507,19 +484,17 @@ interface(`auth_manage_pam_console_data',`
')
########################################
-## <interface name="auth_relabel_all_files_except_shadow">
-## <desc>
-## Relabel all files on the filesystem, except
-## the shadow passwords and listed exceptions.
-## </desc>
-## <param name="domain">
-## The type of the domain perfoming this action.
-## </param>
-## <param name="exception_types" optional="true">
-## The types to be excluded. Each type or attribute
-## must be negated by the caller.
-## </param>
-## </interface>
+## <desc>
+## Relabel all files on the filesystem, except
+## the shadow passwords and listed exceptions.
+## </desc>
+## <param name="domain">
+## The type of the domain perfoming this action.
+## </param>
+## <param name="exception_types" optional="true">
+## The types to be excluded. Each type or attribute
+## must be negated by the caller.
+## </param>
#
interface(`auth_relabel_all_files_except_shadow',`
@@ -531,19 +506,17 @@ interface(`auth_relabel_all_files_except_shadow',`
')
########################################
-## <interface name="auth_manage_all_files_except_shadow">
-## <desc>
-## Manage all files on the filesystem, except
-## the shadow passwords and listed exceptions.
-## </desc>
-## <param name="domain">
-## The type of the domain perfoming this action.
-## </param>
-## <param name="exception_types" optional="true">
-## The types to be excluded. Each type or attribute
-## must be negated by the caller.
-## </param>
-## </interface>
+## <desc>
+## Manage all files on the filesystem, except
+## the shadow passwords and listed exceptions.
+## </desc>
+## <param name="domain">
+## The type of the domain perfoming this action.
+## </param>
+## <param name="exception_types" optional="true">
+## The types to be excluded. Each type or attribute
+## must be negated by the caller.
+## </param>
#
interface(`auth_manage_all_files_except_shadow',`
@@ -555,14 +528,12 @@ interface(`auth_manage_all_files_except_shadow',`
')
########################################
-## <interface name="auth_domtrans_utempter">
-## <desc>
-## Execute utempter programs in the utempter domain.
-## </desc>
-## <param name="domain">
-## The type of the process performing this action.
-## </param>
-## </interface>
+## <desc>
+## Execute utempter programs in the utempter domain.
+## </desc>
+## <param name="domain">
+## The type of the process performing this action.
+## </param>
#
interface(`auth_domtrans_utempter',`
gen_require(`
@@ -581,20 +552,18 @@ interface(`auth_domtrans_utempter',`
')
########################################
-## <interface name="auth_run_utempter">
-## <desc>
-## Execute utempter programs in the utempter domain.
-## </desc>
-## <param name="domain">
-## The type of the process performing this action.
-## </param>
-## <param name="role">
-## The role to allow the utempter domain.
-## </param>
-## <param name="terminal">
-## The type of the terminal allow the utempter domain to use.
-## </param>
-## </interface>
+## <desc>
+## Execute utempter programs in the utempter domain.
+## </desc>
+## <param name="domain">
+## The type of the process performing this action.
+## </param>
+## <param name="role">
+## The role to allow the utempter domain.
+## </param>
+## <param name="terminal">
+## The type of the terminal allow the utempter domain to use.
+## </param>
#
interface(`auth_run_utempter',`
gen_require(`
@@ -648,4 +617,3 @@ interface(`auth_rw_login_records',`
logging_search_logs($1)
')
-## </module>
diff --git a/refpolicy/policy/modules/system/clock.if b/refpolicy/policy/modules/system/clock.if
index 3e9f853..cb254ac 100644
--- a/refpolicy/policy/modules/system/clock.if
+++ b/refpolicy/policy/modules/system/clock.if
@@ -1,15 +1,12 @@
-## <module name="clock">
## <summary>Policy for reading and setting the hardware clock.</summary>
########################################
-## <interface name="clock_domtrans">
-## <desc>
-## Execute hwclock in the clock domain.
-## </desc>
-## <param name="domain">
-## The type of the process performing this action.
-## </param>
-## </interface>
+## <desc>
+## Execute hwclock in the clock domain.
+## </desc>
+## <param name="domain">
+## The type of the process performing this action.
+## </param>
#
interface(`clock_domtrans',`
gen_require(`
@@ -27,21 +24,19 @@ interface(`clock_domtrans',`
')
########################################
-## <interface name="clock_run">
-## <desc>
-## Execute hwclock in the clock domain, and
-## allow the specified role the hwclock domain.
-## </desc>
-## <param name="domain">
-## The type of the process performing this action.
-## </param>
-## <param name="role">
-## The role to be allowed the clock domain.
-## </param>
-## <param name="terminal">
-## The type of the terminal allow the clock domain to use.
-## </param>
-## </interface>
+## <desc>
+## Execute hwclock in the clock domain, and
+## allow the specified role the hwclock domain.
+## </desc>
+## <param name="domain">
+## The type of the process performing this action.
+## </param>
+## <param name="role">
+## The role to be allowed the clock domain.
+## </param>
+## <param name="terminal">
+## The type of the terminal allow the clock domain to use.
+## </param>
#
interface(`clock_run',`
gen_require(`
@@ -55,14 +50,12 @@ interface(`clock_run',`
')
########################################
-## <interface name="clock_exec">
## <desc>
## Execute hwclock
## </desc>
## <param name="domain">
## The type of the process performing this action.
## </param>
-## </interface>
#
interface(`clock_exec',`
gen_require(`
@@ -73,14 +66,12 @@ interface(`clock_exec',`
')
########################################
-## <interface name="clock_rw_adjtime">
## <desc>
## Allow executing domain to modify clock drift
## </desc>
## <param name="domain">
## The type of the process performing this action.
## </param>
-## </interface>
#
interface(`clock_rw_adjtime',`
gen_require(`
@@ -92,4 +83,3 @@ interface(`clock_rw_adjtime',`
files_list_etc($1)
')
-## </module>
diff --git a/refpolicy/policy/modules/system/corecommands.if b/refpolicy/policy/modules/system/corecommands.if
index 5496e11..f5ddc8f 100644
--- a/refpolicy/policy/modules/system/corecommands.if
+++ b/refpolicy/policy/modules/system/corecommands.if
@@ -1,7 +1,6 @@
-## <module name="corecommands">
## <summary>
-## Core policy for shells, and generic programs
-## in /bin, /sbin, /usr/bin, and /usr/sbin.
+## Core policy for shells, and generic programs
+## in /bin, /sbin, /usr/bin, and /usr/sbin.
## </summary>
#######################################
@@ -148,19 +147,17 @@ interface(`corecmd_exec_ls',`
')
########################################
-## <interface name="corecmd_shell_spec_domtrans">
-## <desc>
-## Execute a shell in the target domain. This
-## is an explicit transition, requiring the
-## caller to use setexeccon().
-## </desc>
-## <param name="domain">
-## The type of the process performing this action.
-## </param>
-## <param name="target_domain">
-## The type of the shell process.
-## </param>
-## </interface>
+## <desc>
+## Execute a shell in the target domain. This
+## is an explicit transition, requiring the
+## caller to use setexeccon().
+## </desc>
+## <param name="domain">
+## The type of the process performing this action.
+## </param>
+## <param name="target_domain">
+## The type of the shell process.
+## </param>
#
interface(`corecmd_shell_spec_domtrans',`
gen_require(`
@@ -184,17 +181,15 @@ interface(`corecmd_shell_spec_domtrans',`
')
########################################
-## <interface name="corecmd_domtrans_shell">
-## <desc>
-## Execute a shell in the target domain.
-## </desc>
-## <param name="domain">
-## The type of the process performing this action.
-## </param>
-## <param name="target_domain">
-## The type of the shell process.
-## </param>
-## </interface>
+## <desc>
+## Execute a shell in the target domain.
+## </desc>
+## <param name="domain">
+## The type of the process performing this action.
+## </param>
+## <param name="target_domain">
+## The type of the shell process.
+## </param>
#
interface(`corecmd_domtrans_shell',`
gen_require(`
@@ -219,4 +214,3 @@ interface(`corecmd_chroot_exec_chroot',`
allow $1 self:capability sys_chroot;
')
-## </module>
diff --git a/refpolicy/policy/modules/system/domain.if b/refpolicy/policy/modules/system/domain.if
index 3be9174..b77214b 100644
--- a/refpolicy/policy/modules/system/domain.if
+++ b/refpolicy/policy/modules/system/domain.if
@@ -1,4 +1,3 @@
-## <module name="domain">
## <summary>Core policy for domains.</summary>
########################################
@@ -92,15 +91,13 @@ interface(`domain_dyntrans_type',`
')
########################################
-## <interface name="domain_subj_id_change_exempt">
-## <desc>
-## Makes caller an exception to the constraint preventing
-## changing of user identity.
-## </desc>
-## <param name="domain">
-## The process type to make an exception to the constraint.
-## </param>
-## </interface>
+## <desc>
+## Makes caller an exception to the constraint preventing
+## changing of user identity.
+## </desc>
+## <param name="domain">
+## The process type to make an exception to the constraint.
+## </param>
#
interface(`domain_subj_id_change_exempt',`
gen_require(`
@@ -111,15 +108,13 @@ interface(`domain_subj_id_change_exempt',`
')
########################################
-## <interface name="domain_role_change_exempt">
-## <desc>
-## Makes caller an exception to the constraint preventing
-## changing of role.
-## </desc>
-## <param name="domain">
-## The process type to make an exception to the constraint.
-## </param>
-## </interface>
+## <desc>
+## Makes caller an exception to the constraint preventing
+## changing of role.
+## </desc>
+## <param name="domain">
+## The process type to make an exception to the constraint.
+## </param>
#
interface(`domain_role_change_exempt',`
gen_require(`
@@ -130,15 +125,13 @@ interface(`domain_role_change_exempt',`
')
########################################
-## <interface name="domain_obj_id_change_exempt">
-## <desc>
-## Makes caller an exception to the constraint preventing
-## changing the user identity in object contexts.
-## </desc>
-## <param name="domain">
-## The process type to make an exception to the constraint.
-## </param>
-## </interface>
+## <desc>
+## Makes caller an exception to the constraint preventing
+## changing the user identity in object contexts.
+## </desc>
+## <param name="domain">
+## The process type to make an exception to the constraint.
+## </param>
#
interface(`domain_obj_id_change_exempt',`
gen_require(`
@@ -188,14 +181,12 @@ interface(`domain_setpriority_all_domains',`
')
########################################
-## <interface name="domain_signal_all_domains">
-## <desc>
-## Send general signals to all domains.
-## </desc>
-## <param name="domain">
-## The type of the process performing this action.
-## </param>
-## </interface>
+## <desc>
+## Send general signals to all domains.
+## </desc>
+## <param name="domain">
+## The type of the process performing this action.
+## </param>
#
interface(`domain_signal_all_domains',`
gen_require(`
@@ -207,14 +198,12 @@ interface(`domain_signal_all_domains',`
')
########################################
-## <interface name="domain_signull_all_domains">
-## <desc>
-## Send a null signal to all domains.
-## </desc>
-## <param name="domain">
-## The type of the process performing this action.
-## </param>
-## </interface>
+## <desc>
+## Send a null signal to all domains.
+## </desc>
+## <param name="domain">
+## The type of the process performing this action.
+## </param>
#
interface(`domain_signull_all_domains',`
gen_require(`
@@ -226,14 +215,12 @@ interface(`domain_signull_all_domains',`
')
########################################
-## <interface name="domain_sigstop_all_domains">
-## <desc>
-## Send a stop signal to all domains.
-## </desc>
-## <param name="domain">
-## The type of the process performing this action.
-## </param>
-## </interface>
+## <desc>
+## Send a stop signal to all domains.
+## </desc>
+## <param name="domain">
+## The type of the process performing this action.
+## </param>
#
interface(`domain_sigstop_all_domains',`
gen_require(`
@@ -245,14 +232,12 @@ interface(`domain_sigstop_all_domains',`
')
########################################
-## <interface name="domain_sigchld_all_domains">
-## <desc>
-## Send a child terminated signal to all domains.
-## </desc>
-## <param name="domain">
-## The type of the process performing this action.
-## </param>
-## </interface>
+## <desc>
+## Send a child terminated signal to all domains.
+## </desc>
+## <param name="domain">
+## The type of the process performing this action.
+## </param>
#
interface(`domain_sigchld_all_domains',`
gen_require(`
@@ -264,14 +249,12 @@ interface(`domain_sigchld_all_domains',`
')
########################################
-## <interface name="domain_kill_all_domains">
-## <desc>
-## Send a kill signal to all domains.
-## </desc>
-## <param name="domain">
-## The type of the process performing this action.
-## </param>
-## </interface>
+## <desc>
+## Send a kill signal to all domains.
+## </desc>
+## <param name="domain">
+## The type of the process performing this action.
+## </param>
#
interface(`domain_kill_all_domains',`
gen_require(`
@@ -285,14 +268,12 @@ interface(`domain_kill_all_domains',`
')
########################################
-## <interface name="domain_read_all_domains_state">
-## <desc>
-## Read the process state (/proc/pid) of all domains.
-## </desc>
-## <param name="domain">
-## The type of the process performing this action.
-## </param>
-## </interface>
+## <desc>
+## Read the process state (/proc/pid) of all domains.
+## </desc>
+## <param name="domain">
+## The type of the process performing this action.
+## </param>
#
interface(`domain_read_all_domains_state',`
gen_require(`
@@ -316,15 +297,13 @@ interface(`domain_read_all_domains_state',`
')
########################################
-## <interface name="domain_dontaudit_list_all_domains_proc">
-## <desc>
-## Do not audit attempts to read the process state
-## directories of all domains.
-## </desc>
-## <param name="domain">
-## The type of the process performing this action.
-## </param>
-## </interface>
+## <desc>
+## Do not audit attempts to read the process state
+## directories of all domains.
+## </desc>
+## <param name="domain">
+## The type of the process performing this action.
+## </param>
#
interface(`domain_dontaudit_list_all_domains_proc',`
gen_require(`
@@ -336,14 +315,12 @@ interface(`domain_dontaudit_list_all_domains_proc',`
')
########################################
-## <interface name="domain_getsession_all_domains">
-## <desc>
-## Get the session ID of all domains.
-## </desc>
-## <param name="domain">
-## The type of the process performing this action.
-## </param>
-## </interface>
+## <desc>
+## Get the session ID of all domains.
+## </desc>
+## <param name="domain">
+## The type of the process performing this action.
+## </param>
#
interface(`domain_getsession_all_domains',`
gen_require(`
@@ -355,15 +332,13 @@ interface(`domain_getsession_all_domains',`
')
########################################
-## <interface name="domain_dontaudit_getattr_all_udp_sockets">
-## <desc>
-## Do not audit attempts to get the attributes
-## of all domains UDP sockets.
-## </desc>
-## <param name="domain">
-## The type of the process performing this action.
-## </param>
-## </interface>
+## <desc>
+## Do not audit attempts to get the attributes
+## of all domains UDP sockets.
+## </desc>
+## <param name="domain">
+## The type of the process performing this action.
+## </param>
#
interface(`domain_dontaudit_getattr_all_udp_sockets',`
gen_require(`
@@ -375,15 +350,13 @@ interface(`domain_dontaudit_getattr_all_udp_sockets',`
')
########################################
-## <interface name="domain_dontaudit_getattr_all_tcp_sockets">
-## <desc>
-## Do not audit attempts to get the attributes
-## of all domains TCP sockets.
-## </desc>
-## <param name="domain">
-## The type of the process performing this action.
-## </param>
-## </interface>
+## <desc>
+## Do not audit attempts to get the attributes
+## of all domains TCP sockets.
+## </desc>
+## <param name="domain">
+## The type of the process performing this action.
+## </param>
#
interface(`domain_dontaudit_getattr_all_tcp_sockets',`
gen_require(`
@@ -395,15 +368,13 @@ interface(`domain_dontaudit_getattr_all_tcp_sockets',`
')
########################################
-## <interface name="domain_dontaudit_getattr_all_unix_dgram_sockets">
-## <desc>
-## Do not audit attempts to get the attributes
-## of all domains unix datagram sockets.
-## </desc>
-## <param name="domain">
-## The type of the process performing this action.
-## </param>
-## </interface>
+## <desc>
+## Do not audit attempts to get the attributes
+## of all domains unix datagram sockets.
+## </desc>
+## <param name="domain">
+## The type of the process performing this action.
+## </param>
#
interface(`domain_dontaudit_getattr_all_unix_dgram_sockets',`
gen_require(`
@@ -415,15 +386,13 @@ interface(`domain_dontaudit_getattr_all_unix_dgram_sockets',`
')
########################################
-## <interface name="domain_dontaudit_getattr_all_unnamed_pipes">
-## <desc>
-## Do not audit attempts to get the attributes
-## of all domains unnamed pipes.
-## </desc>
-## <param name="domain">
-## The type of the process performing this action.
-## </param>
-## </interface>
+## <desc>
+## Do not audit attempts to get the attributes
+## of all domains unnamed pipes.
+## </desc>
+## <param name="domain">
+## The type of the process performing this action.
+## </param>
#
interface(`domain_dontaudit_getattr_all_unnamed_pipes',`
gen_require(`
@@ -461,7 +430,6 @@ interface(`domain_read_all_entry_files',`
allow $1 entry_type:file r_file_perms;
')
-## </module>
#
# These next macros are not interfaces, but actually are
diff --git a/refpolicy/policy/modules/system/files.if b/refpolicy/policy/modules/system/files.if
index 53fc9d3..1bddf1d 100644
--- a/refpolicy/policy/modules/system/files.if
+++ b/refpolicy/policy/modules/system/files.if
@@ -1,19 +1,18 @@
-## <module name="files">
## <summary>
-## Basic filesystem types and interfaces.
+## Basic filesystem types and interfaces.
## </summary>
## <desc>
-## <p>
-## This module contains basic filesystem types and interfaces. This
-## includes:
-## <ul>
-## <li>The concept of different file types including basic
-## files, mount points, tmp files, etc.</li>
-## <li>Access to groups of files and all files.</li>
-## <li>Types and interfaces for the basic filesystem layout
-## (/, /etc, /tmp, /usr, etc.).</li>
-## </ul>
-## </p>
+## <p>
+## This module contains basic filesystem types and interfaces. This
+## includes:
+## <ul>
+## <li>The concept of different file types including basic
+## files, mount points, tmp files, etc.</li>
+## <li>Access to groups of files and all files.</li>
+## <li>Types and interfaces for the basic filesystem layout
+## (/, /etc, /tmp, /usr, etc.).</li>
+## </ul>
+## </p>
## </desc>
########################################
@@ -83,15 +82,13 @@ interface(`files_tmp_file',`
')
########################################
-## <interface name="files_tmpfs_file">
-## <desc>
-## Transform the type into a file, for use on a
-## virtual memory filesystem (tmpfs).
-## </desc>
-## <param name="type">
-## The type to be transformed.
-## </param>
-## </interface>
+## <desc>
+## Transform the type into a file, for use on a
+## virtual memory filesystem (tmpfs).
+## </desc>
+## <param name="type">
+## The type to be transformed.
+## </param>
#
interface(`files_tmpfs_file',`
gen_require(`
@@ -125,19 +122,17 @@ interface(`files_getattr_all_files',`
')
########################################
-## <interface name="files_relabel_all_files">
-## <desc>
-## Relabel all files on the filesystem, except
-## the listed exceptions.
-## </desc>
-## <param name="domain">
-## The type of the domain perfoming this action.
-## </param>
-## <param name="exception_types" optional="true">
-## The types to be excluded. Each type or attribute
-## must be negated by the caller.
-## </param>
-## </interface>
+## <desc>
+## Relabel all files on the filesystem, except
+## the listed exceptions.
+## </desc>
+## <param name="domain">
+## The type of the domain perfoming this action.
+## </param>
+## <param name="exception_types" optional="true">
+## The types to be excluded. Each type or attribute
+## must be negated by the caller.
+## </param>
#
interface(`files_relabel_all_files',`
gen_require(`
@@ -164,19 +159,17 @@ interface(`files_relabel_all_files',`
')
########################################
-## <interface name="files_manage_all_files">
-## <desc>
-## Manage all files on the filesystem, except
-## the listed exceptions.
-## </desc>
-## <param name="domain">
-## The type of the domain perfoming this action.
-## </param>
-## <param name="exception_types" optional="true">
-## The types to be excluded. Each type or attribute
-## must be negated by the caller.
-## </param>
-## </interface>
+## <desc>
+## Manage all files on the filesystem, except
+## the listed exceptions.
+## </desc>
+## <param name="domain">
+## The type of the domain perfoming this action.
+## </param>
+## <param name="exception_types" optional="true">
+## The types to be excluded. Each type or attribute
+## must be negated by the caller.
+## </param>
#
interface(`files_manage_all_files',`
gen_require(`
@@ -306,25 +299,23 @@ interface(`files_list_root',`
')
########################################
-## <interface name="files_create_root">
-## <desc>
-## Create an object in the root directory, with a private
-## type. If no object class is specified, the
-## default is file.
-## </desc>
-## <param name="domain">
-## The type of the process performing this action.
-## </param>
-## <param name="private type" optional="true">
-## The type of the object to be created. If no type
-## is specified, the type of the root directory will
-## be used.
-## </param>
-## <param name="object" optional="true">
-## The object class of the object being created. If
-## no class is specified, file will be used.
-## </param>
-## </interface>
+## <desc>
+## Create an object in the root directory, with a private
+## type. If no object class is specified, the
+## default is file.
+## </desc>
+## <param name="domain">
+## The type of the process performing this action.
+## </param>
+## <param name="private type" optional="true">
+## The type of the object to be created. If no type
+## is specified, the type of the root directory will
+## be used.
+## </param>
+## <param name="object" optional="true">
+## The object class of the object being created. If
+## no class is specified, file will be used.
+## </param>
#
interface(`files_create_root',`
gen_require(`
@@ -498,14 +489,12 @@ interface(`files_manage_generic_etc_files',`
')
########################################
-## <interface name="files_delete_generic_etc_files">
-## <desc>
-## Delete system configuration files in /etc.
-## </desc>
-## <param name="domain">
-## The type of the process performing this action.
-## </param>
-## </interface>
+## <desc>
+## Delete system configuration files in /etc.
+## </desc>
+## <param name="domain">
+## The type of the process performing this action.
+## </param>
#
interface(`files_delete_generic_etc_files',`
gen_require(`
@@ -642,14 +631,12 @@ interface(`files_dontaudit_search_isid_type_dir',`
')
########################################
-## <interface name="files_list_home">
-## <desc>
-## Get listing home home directories.
-## </desc>
-## <param name="domain">
-## The type of the process performing this action.
-## </param>
-## </interface>
+## <desc>
+## Get listing home home directories.
+## </desc>
+## <param name="domain">
+## The type of the process performing this action.
+## </param>
#
interface(`files_list_home',`
gen_require(`
@@ -743,14 +730,12 @@ interface(`files_read_usr_files',`
')
########################################
-## <interface name="files_exec_usr_files">
-## <desc>
-## Execute programs in /usr/src in the caller domain.
-## </desc>
-## <param name="domain">
-## The type of the process performing this action.
-## </param>
-## </interface>
+## <desc>
+## Execute programs in /usr/src in the caller domain.
+## </desc>
+## <param name="domain">
+## The type of the process performing this action.
+## </param>
#
interface(`files_exec_usr_files',`
gen_require(`
@@ -810,14 +795,12 @@ interface(`files_dontaudit_search_var',`
')
########################################
-## <interface name="files_search_var_lib">
-## <desc>
-## Search the /var/lib directory.
-## </desc>
-## <param name="domain">
-## The type of the process performing this action.
-## </param>
-## </interface>
+## <desc>
+## Search the /var/lib directory.
+## </desc>
+## <param name="domain">
+## The type of the process performing this action.
+## </param>
#
interface(`files_search_var_lib',`
gen_require(`
@@ -987,14 +970,12 @@ interface(`files_rw_generic_pids',`
')
########################################
-## <interface name="files_dontaudit_write_all_pids">
-## <desc>
-## Do not audit attempts to write to daemon runtime data files.
-## </desc>
-## <param name="domain">
-## The type of the process performing this action.
-## </param>
-## </interface>
+## <desc>
+## Do not audit attempts to write to daemon runtime data files.
+## </desc>
+## <param name="domain">
+## The type of the process performing this action.
+## </param>
#
interface(`files_dontaudit_write_all_pids',`
gen_require(`
@@ -1006,14 +987,12 @@ interface(`files_dontaudit_write_all_pids',`
')
########################################
-## <interface name="files_dontaudit_ioctl_all_pids">
-## <desc>
-## Do not audit attempts to ioctl daemon runtime data files.
-## </desc>
-## <param name="domain">
-## The type of the process performing this action.
-## </param>
-## </interface>
+## <desc>
+## Do not audit attempts to ioctl daemon runtime data files.
+## </desc>
+## <param name="domain">
+## The type of the process performing this action.
+## </param>
#
interface(`files_dontaudit_ioctl_all_pids',`
gen_require(`
@@ -1123,4 +1102,3 @@ interface(`files_manage_spools',`
allow $1 var_spool_t:file create_file_perms;
')
-## </module>
diff --git a/refpolicy/policy/modules/system/getty.if b/refpolicy/policy/modules/system/getty.if
index a1d895f..dd1ec0e 100644
--- a/refpolicy/policy/modules/system/getty.if
+++ b/refpolicy/policy/modules/system/getty.if
@@ -1,15 +1,12 @@
-## <module name="getty">
## <summary>Policy for getty.</summary>
########################################
-## <interface name="getty_domtrans">
## <desc>
## Execute gettys in the getty domain.
## </desc>
## <param name="domain">
## The type of the process performing this action.
## </param>
-## </interface>
#
interface(`getty_domtrans',`
gen_require(`
@@ -29,14 +26,12 @@ interface(`getty_domtrans',`
')
########################################
-## <interface name="getty_read_log">
## <desc>
## Allow process to read getty log file.
## </desc>
## <param name="domain">
## The type of the process performing this action.
## </param>
-## </interface>
#
interface(`getty_read_log',`
gen_require(`
@@ -49,14 +44,12 @@ interface(`getty_read_log',`
')
########################################
-## <interface name="getty_read_config">
## <desc>
## Allow process to read getty config file.
## </desc>
## <param name="domain">
## The type of the process performing this action.
## </param>
-## </interface>
#
interface(`getty_read_config',`
gen_require(`
@@ -69,14 +62,12 @@ interface(`getty_read_config',`
')
########################################
-## <interface name="getty_modify_config">
## <desc>
## Allow process to edit getty config file.
## </desc>
## <param name="domain">
## The type of the process performing this action.
## </param>
-## </interface>
#
interface(`getty_modify_config',`
gen_require(`
@@ -88,4 +79,3 @@ interface(`getty_modify_config',`
allow $1 getty_etc_t:file rw_file_perms;
')
-## </module>
diff --git a/refpolicy/policy/modules/system/hostname.if b/refpolicy/policy/modules/system/hostname.if
index 52cdcca..622cc90 100644
--- a/refpolicy/policy/modules/system/hostname.if
+++ b/refpolicy/policy/modules/system/hostname.if
@@ -1,16 +1,13 @@
-## <module name="hostname">
## <summary>Policy for changing the system host name.</summary>
########################################
-## <interface name="hostname_domtrans">
-## <desc>
-## Execute hostname in the hostname domain.
-## </desc>
-## <param name="domain">
-## The type of the process performing this action.
-## Has a sigchld signal backchannel.
-## </param>
-## </interface>
+## <desc>
+## Execute hostname in the hostname domain.
+## </desc>
+## <param name="domain">
+## The type of the process performing this action.
+## Has a sigchld signal backchannel.
+## </param>
#
interface(`hostname_domtrans',`
gen_require(`
@@ -30,22 +27,20 @@ interface(`hostname_domtrans',`
')
########################################
-## <interface name="hostname_run">
-## <desc>
-## Execute hostname in the hostname domain, and
-## allow the specified role the hostname domain.
-## Has a sigchld signal backchannel.
-## </desc>
-## <param name="domain">
-## The type of the process performing this action.
-## </param>
-## <param name="role">
-## The role to be allowed the hostname domain.
-## </param>
-## <param name="terminal">
-## The type of the terminal allow the hostname domain to use.
-## </param>
-## </interface>
+## <desc>
+## Execute hostname in the hostname domain, and
+## allow the specified role the hostname domain.
+## Has a sigchld signal backchannel.
+## </desc>
+## <param name="domain">
+## The type of the process performing this action.
+## </param>
+## <param name="role">
+## The role to be allowed the hostname domain.
+## </param>
+## <param name="terminal">
+## The type of the terminal allow the hostname domain to use.
+## </param>
#
interface(`hostname_run',`
gen_require(`
@@ -59,7 +54,6 @@ interface(`hostname_run',`
')
########################################
-## <interface name="hostname_exec">
## <desc>
## Execute hostname in the hostname domain, and
## Has a sigchld signal backchannel.
@@ -67,7 +61,6 @@ interface(`hostname_run',`
## <param name="domain">
## The type of the process performing this action.
## </param>
-## </interface>
#
interface(`hostname_exec',`
gen_require(`
@@ -77,4 +70,3 @@ interface(`hostname_exec',`
can_exec($1,hostname_exec_t)
')
-## </module>
diff --git a/refpolicy/policy/modules/system/hotplug.if b/refpolicy/policy/modules/system/hotplug.if
index 842f950..64c18a7 100644
--- a/refpolicy/policy/modules/system/hotplug.if
+++ b/refpolicy/policy/modules/system/hotplug.if
@@ -1,7 +1,6 @@
-## <module name="hotplug">
## <summary>
-## Policy for hotplug system, for supporting the
-## connection and disconnection of devices at runtime.
+## Policy for hotplug system, for supporting the
+## connection and disconnection of devices at runtime.
## </summary>
#######################################
@@ -78,14 +77,12 @@ interface(`hotplug_dontaudit_search_config',`
')
########################################
-## <interface name="hotplug_read_config">
-## <desc>
-## Read the configuration files for hotplug.
-## </desc>
-## <param name="domain">
-## The type of the process performing this action.
-## </param>
-## </interface>
+## <desc>
+## Read the configuration files for hotplug.
+## </desc>
+## <param name="domain">
+## The type of the process performing this action.
+## </param>
#
interface(`hotplug_read_config',`
gen_require(`
@@ -101,4 +98,3 @@ interface(`hotplug_read_config',`
allow $1 hotplug_etc_t:lnk_file r_file_perms;
')
-## </module>
diff --git a/refpolicy/policy/modules/system/init.if b/refpolicy/policy/modules/system/init.if
index c7ecd2d..d56ece0 100644
--- a/refpolicy/policy/modules/system/init.if
+++ b/refpolicy/policy/modules/system/init.if
@@ -1,4 +1,3 @@
-## <module name="init">
## <summary>System initialization programs (init and init scripts).</summary>
########################################
@@ -260,14 +259,12 @@ interface(`init_exec_script',`
')
########################################
-## <interface name="init_read_script_process_state">
-## <desc>
-## Read the process state (/proc/pid) of the init scripts.
-## </desc>
-## <param name="domain">
-## The type of the process performing this action.
-## </param>
-## </interface>
+## <desc>
+## Read the process state (/proc/pid) of the init scripts.
+## </desc>
+## <param name="domain">
+## The type of the process performing this action.
+## </param>
#
interface(`init_read_script_process_state',`
gen_require(`
@@ -330,14 +327,12 @@ interface(`init_get_script_process_group',`
')
########################################
-## <interface name="init_rw_script_pipe">
-## <desc>
-## Read and write init script unnamed pipes.
-## </desc>
-## <param name="domain">
-## The type of the process performing this action.
-## </param>
-## </interface>
+## <desc>
+## Read and write init script unnamed pipes.
+## </desc>
+## <param name="domain">
+## The type of the process performing this action.
+## </param>
#
interface(`init_rw_script_pipe',`
gen_require(`
@@ -376,14 +371,12 @@ interface(`init_dontaudit_use_script_pty',`
')
########################################
-## <interface name="init_rw_script_tmp_files">
-## <desc>
-## Read and write init script temporary data.
-## </desc>
-## <param name="domain">
-## The type of the process performing this action.
-## </param>
-## </interface>
+## <desc>
+## Read and write init script temporary data.
+## </desc>
+## <param name="domain">
+## The type of the process performing this action.
+## </param>
#
interface(`init_rw_script_tmp_files',`
gen_require(`
@@ -449,4 +442,3 @@ interface(`init_dontaudit_rw_script_pid',`
dontaudit $1 initrc_var_run_t:file { getattr read write append };
')
-## </module>
diff --git a/refpolicy/policy/modules/system/iptables.if b/refpolicy/policy/modules/system/iptables.if
index d8783d0..23d55fa 100644
--- a/refpolicy/policy/modules/system/iptables.if
+++ b/refpolicy/policy/modules/system/iptables.if
@@ -1,15 +1,12 @@
-## <module name="iptables">
## <summary>Policy for iptables.</summary>
########################################
-## <interface name="iptables_domtrans">
-## <desc>
-## Execute iptables in the iptables domain.
-## </desc>
-## <param name="domain">
-## The type of the process performing this action.
-## </param>
-## </interface>
+## <desc>
+## Execute iptables in the iptables domain.
+## </desc>
+## <param name="domain">
+## The type of the process performing this action.
+## </param>
#
interface(`iptables_domtrans',`
gen_require(`
@@ -29,21 +26,19 @@ interface(`iptables_domtrans',`
')
########################################
-## <interface name="iptables_run">
-## <desc>
-## Execute iptables in the iptables domain, and
-## allow the specified role the iptables domain.
-## </desc>
-## <param name="domain">
-## The type of the process performing this action.
-## </param>
-## <param name="role">
-## The role to be allowed the iptables domain.
-## </param>
-## <param name="terminal">
-## The type of the terminal allow the iptables domain to use.
-## </param>
-## </interface>
+## <desc>
+## Execute iptables in the iptables domain, and
+## allow the specified role the iptables domain.
+## </desc>
+## <param name="domain">
+## The type of the process performing this action.
+## </param>
+## <param name="role">
+## The role to be allowed the iptables domain.
+## </param>
+## <param name="terminal">
+## The type of the terminal allow the iptables domain to use.
+## </param>
#
interface(`iptables_run',`
gen_require(`
@@ -57,14 +52,12 @@ interface(`iptables_run',`
')
########################################
-## <interface name="iptables_exec">
-## <desc>
-## Execute iptables in the caller domain.
-## </desc>
-## <param name="domain">
-## The type of the process performing this action.
-## </param>
-## </interface>
+## <desc>
+## Execute iptables in the caller domain.
+## </desc>
+## <param name="domain">
+## The type of the process performing this action.
+## </param>
#
interface(`iptables_exec',`
gen_require(`
@@ -75,4 +68,3 @@ interface(`iptables_exec',`
can_exec($1,iptables_exec_t)
')
-## </module>
diff --git a/refpolicy/policy/modules/system/libraries.if b/refpolicy/policy/modules/system/libraries.if
index 08449e0..06145f6 100644
--- a/refpolicy/policy/modules/system/libraries.if
+++ b/refpolicy/policy/modules/system/libraries.if
@@ -1,15 +1,12 @@
-## <module name="libraries">
## <summary>Policy for system libraries.</summary>
########################################
-## <interface name="libs_domtrans_ldconfig">
-## <desc>
-## Execute ldconfig in the ldconfig domain.
-## </desc>
-## <param name="domain">
-## The type of the process performing this action.
-## </param>
-## </interface>
+## <desc>
+## Execute ldconfig in the ldconfig domain.
+## </desc>
+## <param name="domain">
+## The type of the process performing this action.
+## </param>
#
interface(`libs_domtrans_ldconfig',`
gen_require(`
@@ -29,20 +26,18 @@ interface(`libs_domtrans_ldconfig',`
')
########################################
-## <interface name="libs_run_ldconfig">
-## <desc>
-## Execute ldconfig in the ldconfig domain.
-## </desc>
-## <param name="domain">
-## The type of the process performing this action.
-## </param>
-## <param name="role">
-## The role to allow the ldconfig domain.
-## </param>
-## <param name="terminal">
-## The type of the terminal allow the ldconfig domain to use.
-## </param>
-## </interface>
+## <desc>
+## Execute ldconfig in the ldconfig domain.
+## </desc>
+## <param name="domain">
+## The type of the process performing this action.
+## </param>
+## <param name="role">
+## The role to allow the ldconfig domain.
+## </param>
+## <param name="terminal">
+## The type of the terminal allow the ldconfig domain to use.
+## </param>
#
interface(`libs_run_ldconfig',`
gen_require(`
@@ -56,15 +51,13 @@ interface(`libs_run_ldconfig',`
')
########################################
-## <interface name="libs_use_ld_so">
-## <desc>
-## Use the dynamic link/loader for automatic loading
-## of shared libraries.
-## </desc>
-## <param name="domain">
-## The type of the process performing this action.
-## </param>
-## </interface>
+## <desc>
+## Use the dynamic link/loader for automatic loading
+## of shared libraries.
+## </desc>
+## <param name="domain">
+## The type of the process performing this action.
+## </param>
#
interface(`libs_use_ld_so',`
gen_require(`
@@ -83,15 +76,13 @@ interface(`libs_use_ld_so',`
')
########################################
-## <interface name="libs_legacy_use_ld_so">
-## <desc>
-## Use the dynamic link/loader for automatic loading
-## of shared libraries with legacy support.
-## </desc>
-## <param name="domain">
-## The type of the process performing this action.
-## </param>
-## </interface>
+## <desc>
+## Use the dynamic link/loader for automatic loading
+## of shared libraries with legacy support.
+## </desc>
+## <param name="domain">
+## The type of the process performing this action.
+## </param>
#
interface(`libs_legacy_use_ld_so',`
gen_require(`
@@ -105,16 +96,14 @@ interface(`libs_legacy_use_ld_so',`
')
########################################
-## <interface name="libs_exec_ld_so">
-## <desc>
-## Execute the dynamic link/loader in the caller's
-## domain. This is commonly needed for the
-## /usr/bin/ldd program.
-## </desc>
-## <param name="domain">
-## The type of the process performing this action.
-## </param>
-## </interface>
+## <desc>
+## Execute the dynamic link/loader in the caller's
+## domain. This is commonly needed for the
+## /usr/bin/ldd program.
+## </desc>
+## <param name="domain">
+## The type of the process performing this action.
+## </param>
#
interface(`libs_exec_ld_so',`
gen_require(`
@@ -130,15 +119,13 @@ interface(`libs_exec_ld_so',`
')
########################################
-## <interface name="libs_rw_ld_so_cache">
-## <desc>
-## Modify the dynamic link/loader's cached listing
-## of shared libraries.
-## </desc>
-## <param name="domain">
-## The type of the process performing this action.
-## </param>
-## </interface>
+## <desc>
+## Modify the dynamic link/loader's cached listing
+## of shared libraries.
+## </desc>
+## <param name="domain">
+## The type of the process performing this action.
+## </param>
#
interface(`libs_rw_ld_so_cache',`
gen_require(`
@@ -151,14 +138,12 @@ interface(`libs_rw_ld_so_cache',`
')
########################################
-## <interface name="libs_search_lib">
-## <desc>
-## Search lib directories.
-## </desc>
-## <param name="domain">
-## The type of the process performing this action.
-## </param>
-## </interface>
+## <desc>
+## Search lib directories.
+## </desc>
+## <param name="domain">
+## The type of the process performing this action.
+## </param>
#
interface(`libs_search_lib',`
gen_require(`
@@ -170,15 +155,13 @@ interface(`libs_search_lib',`
')
########################################
-## <interface name="libs_read_lib">
-## <desc>
-## Read files in the library directories, such
-## as static libraries.
-## </desc>
-## <param name="domain">
-## The type of the process performing this action.
-## </param>
-## </interface>
+## <desc>
+## Read files in the library directories, such
+## as static libraries.
+## </desc>
+## <param name="domain">
+## The type of the process performing this action.
+## </param>
#
interface(`libs_read_lib',`
gen_require(`
@@ -194,14 +177,12 @@ interface(`libs_read_lib',`
')
########################################
-## <interface name="libs_exec_lib_files">
-## <desc>
-## Execute library scripts in the caller domain.
-## </desc>
-## <param name="domain">
-## The type of the process performing this action.
-## </param>
-## </interface>
+## <desc>
+## Execute library scripts in the caller domain.
+## </desc>
+## <param name="domain">
+## The type of the process performing this action.
+## </param>
#
interface(`libs_exec_lib_files',`
gen_require(`
@@ -217,14 +198,12 @@ interface(`libs_exec_lib_files',`
')
########################################
-## <interface name="libs_use_shared_libs">
-## <desc>
-## Load and execute functions from shared libraries.
-## </desc>
-## <param name="domain">
-## The type of the process performing this action.
-## </param>
-## </interface>
+## <desc>
+## Load and execute functions from shared libraries.
+## </desc>
+## <param name="domain">
+## The type of the process performing this action.
+## </param>
#
interface(`libs_use_shared_libs',`
gen_require(`
@@ -242,15 +221,13 @@ interface(`libs_use_shared_libs',`
')
########################################
-## <interface name="libs_legacy_use_shared_libs">
-## <desc>
-## Load and execute functions from shared libraries,
-## with legacy support.
-## </desc>
-## <param name="domain">
-## The type of the process performing this action.
-## </param>
-## </interface>
+## <desc>
+## Load and execute functions from shared libraries,
+## with legacy support.
+## </desc>
+## <param name="domain">
+## The type of the process performing this action.
+## </param>
#
interface(`libs_legacy_use_shared_libs',`
gen_require(`
@@ -262,4 +239,3 @@ interface(`libs_legacy_use_shared_libs',`
allow $1 { shlib_t texrel_shlib_t }:file execmod;
')
-## </module>
diff --git a/refpolicy/policy/modules/system/locallogin.if b/refpolicy/policy/modules/system/locallogin.if
index fa9d179..07dc767 100644
--- a/refpolicy/policy/modules/system/locallogin.if
+++ b/refpolicy/policy/modules/system/locallogin.if
@@ -1,15 +1,12 @@
-## <module name="locallogin">
## <summary>Policy for local logins.</summary>
########################################
-## <interface name="locallogin_domtrans">
## <desc>
## Execute local logins in the locallogin domain.
## </desc>
## <param name="domain">
## The type of the process performing this action.
## </param>
-## </interface>
#
interface(`locallogin_domtrans',`
gen_require(`
@@ -20,14 +17,12 @@ interface(`locallogin_domtrans',`
')
########################################
-## <interface name="locallogin_use_fd">
## <desc>
## Allow processes to inherit local login file descriptors
## </desc>
## <param name="domain">
## The type of the process performing this action.
## </param>
-## </interface>
#
interface(`locallogin_use_fd',`
gen_require(`
@@ -38,4 +33,3 @@ interface(`locallogin_use_fd',`
allow $1 local_login_t:fd use;
')
-## </module>
diff --git a/refpolicy/policy/modules/system/logging.if b/refpolicy/policy/modules/system/logging.if
index 4dcd83f..e3da815 100644
--- a/refpolicy/policy/modules/system/logging.if
+++ b/refpolicy/policy/modules/system/logging.if
@@ -1,4 +1,3 @@
-## <module name="logging">
## <summary>Policy for the kernel message logger and system logging daemon.</summary>
#######################################
@@ -60,16 +59,14 @@ interface(`logging_send_syslog_msg',`
')
########################################
-## <interface name="logging_search_logs">
-## <desc>
-## Allows the domain to open a file in the
-## log directory, but does not allow the listing
-## of the contents of the log directory.
-## </desc>
-## <param name="domain">
-## The type of the process performing this action.
-## </param>
-## </interface>
+## <desc>
+## Allows the domain to open a file in the
+## log directory, but does not allow the listing
+## of the contents of the log directory.
+## </desc>
+## <param name="domain">
+## The type of the process performing this action.
+## </param>
#
interface(`logging_search_logs',`
gen_require(`
@@ -176,4 +173,3 @@ interface(`logging_rw_generic_logs',`
allow $1 var_log_t:file rw_file_perms;
')
-## </module>
diff --git a/refpolicy/policy/modules/system/lvm.if b/refpolicy/policy/modules/system/lvm.if
index 9b2a325..1f1ee77 100644
--- a/refpolicy/policy/modules/system/lvm.if
+++ b/refpolicy/policy/modules/system/lvm.if
@@ -1,15 +1,12 @@
-## <module name="lvm">
## <summary>Policy for logical volume management programs.</summary>
########################################
-## <interface name="lvm_domtrans">
-## <desc>
-## Execute lvm programs in the lvm domain.
-## </desc>
-## <param name="domain">
-## The type of the process performing this action.
-## </param>
-## </interface>
+## <desc>
+## Execute lvm programs in the lvm domain.
+## </desc>
+## <param name="domain">
+## The type of the process performing this action.
+## </param>
#
interface(`lvm_domtrans',`
gen_require(`
@@ -29,20 +26,18 @@ interface(`lvm_domtrans',`
')
########################################
-## <interface name="lvm_run">
-## <desc>
-## Execute lvm programs in the lvm domain.
-## </desc>
-## <param name="domain">
-## The type of the process performing this action.
-## </param>
-## <param name="role">
-## The role to allow the LVM domain.
-## </param>
-## <param name="terminal">
-## The type of the terminal allow the LVM domain to use.
-## </param>
-## </interface>
+## <desc>
+## Execute lvm programs in the lvm domain.
+## </desc>
+## <param name="domain">
+## The type of the process performing this action.
+## </param>
+## <param name="role">
+## The role to allow the LVM domain.
+## </param>
+## <param name="terminal">
+## The type of the terminal allow the LVM domain to use.
+## </param>
#
interface(`lvm_run',`
gen_require(`
@@ -56,14 +51,12 @@ interface(`lvm_run',`
')
########################################
-## <interface name="lvm_read_config">
-## <desc>
-## Read LVM configuration files.
-## </desc>
-## <param name="domain">
-## The type of the process performing this action.
-## </param>
-## </interface>
+## <desc>
+## Read LVM configuration files.
+## </desc>
+## <param name="domain">
+## The type of the process performing this action.
+## </param>
#
interface(`lvm_read_config',`
gen_require(`
@@ -77,4 +70,3 @@ interface(`lvm_read_config',`
allow $1 lvm_etc_t:file r_file_perms;
')
-## </module>
diff --git a/refpolicy/policy/modules/system/metadata.xml b/refpolicy/policy/modules/system/metadata.xml
index 581649f..e69de29 100644
--- a/refpolicy/policy/modules/system/metadata.xml
+++ b/refpolicy/policy/modules/system/metadata.xml
@@ -1 +0,0 @@
-<layer name="system">
diff --git a/refpolicy/policy/modules/system/miscfiles.if b/refpolicy/policy/modules/system/miscfiles.if
index 99549df..a439efd 100644
--- a/refpolicy/policy/modules/system/miscfiles.if
+++ b/refpolicy/policy/modules/system/miscfiles.if
@@ -1,8 +1,6 @@
-## <module name="miscfiles">
## <summary>Miscelaneous files.</summary>
########################################
-## <interface name="miscfiles_rw_man_cache">
## <desc>
## Allow process to create files and dirs in /var/cache/man
## and /var/catman/
@@ -10,7 +8,6 @@
## <param name="domain">
## Type type of the process performing this action.
## </param>
-## </interface>
#
interface(`miscfiles_rw_man_cache',`
gen_require(`
@@ -25,14 +22,12 @@ interface(`miscfiles_rw_man_cache',`
')
########################################
-## <interface name="miscfiles_read_fonts">
## <desc>
## Allow process to read fonts files
## </desc>
## <param name="domain">
## Type type of the process performing this action.
## </param>
-## </interface>
#
interface(`miscfiles_read_fonts',`
gen_require(`
@@ -50,14 +45,12 @@ interface(`miscfiles_read_fonts',`
')
########################################
-## <interface name="miscfiles_read_localization">
## <desc>
## Allow process to read localization info
## </desc>
## <param name="domain">
## Type type of the process performing this action.
## </param>
-## </interface>
#
interface(`miscfiles_read_localization',`
gen_require(`
@@ -79,14 +72,12 @@ interface(`miscfiles_read_localization',`
')
########################################
-## <interface name="miscfiles_legacy_read_localization">
## <desc>
## Allow process to read legacy time localization info
## </desc>
## <param name="domain">
## Type type of the process performing this action.
## </param>
-## </interface>
#
interface(`miscfiles_legacy_read_localization',`
gen_require(`
@@ -99,14 +90,12 @@ interface(`miscfiles_legacy_read_localization',`
')
########################################
-## <interface name="miscfiles_read_man_pages">
## <desc>
## Allow process to read manpages
## </desc>
## <param name="domain">
## Type type of the process performing this action.
## </param>
-## </interface>
#
interface(`miscfiles_read_man_pages',`
gen_require(`
@@ -122,4 +111,3 @@ interface(`miscfiles_read_man_pages',`
allow $1 man_t:lnk_file r_file_perms;
')
-## </module>
diff --git a/refpolicy/policy/modules/system/modutils.if b/refpolicy/policy/modules/system/modutils.if
index 8c9eb47..eb6d927 100644
--- a/refpolicy/policy/modules/system/modutils.if
+++ b/refpolicy/policy/modules/system/modutils.if
@@ -1,15 +1,12 @@
-## <module name="modutils">
## <summary>Policy for kernel module utilities</summary>
########################################
-## <interface name="modutils_read_kernel_module_dependencies">
-## <desc>
-## Read the dependencies of kernel modules.
-## </desc>
-## <param name="domain">
-## The type of the process performing this action.
-## </param>
-## </interface>
+## <desc>
+## Read the dependencies of kernel modules.
+## </desc>
+## <param name="domain">
+## The type of the process performing this action.
+## </param>
#
interface(`modutils_read_kernel_module_dependencies',`
gen_require(`
@@ -22,15 +19,13 @@ interface(`modutils_read_kernel_module_dependencies',`
')
########################################
-## <interface name="modutils_read_module_conf">
-## <desc>
-## Read the configuration options used when
-## loading modules.
-## </desc>
-## <param name="domain">
-## The type of the process performing this action.
-## </param>
-## </interface>
+## <desc>
+## Read the configuration options used when
+## loading modules.
+## </desc>
+## <param name="domain">
+## The type of the process performing this action.
+## </param>
#
interface(`modutils_read_module_conf',`
gen_require(`
@@ -47,14 +42,12 @@ interface(`modutils_read_module_conf',`
')
########################################
-## <interface name="modutils_domtrans_insmod">
-## <desc>
-## Execute insmod in the insmod domain.
-## </desc>
-## <param name="domain">
-## The type of the process performing this action.
-## </param>
-## </interface>
+## <desc>
+## Execute insmod in the insmod domain.
+## </desc>
+## <param name="domain">
+## The type of the process performing this action.
+## </param>
#
interface(`modutils_domtrans_insmod',`
gen_require(`
@@ -74,23 +67,21 @@ interface(`modutils_domtrans_insmod',`
')
########################################
-## <interface name="modutils_run_insmod">
-## <desc>
-## Execute insmod in the insmod domain, and
-## allow the specified role the insmod domain,
-## and use the caller's terminal. Has a sigchld
-## backchannel.
-## </desc>
-## <param name="domain">
-## The type of the process performing this action.
-## </param>
-## <param name="role">
-## The role to be allowed the insmod domain.
-## </param>
-## <param name="terminal">
-## The type of the terminal allow the insmod domain to use.
-## </param>
-## </interface>
+## <desc>
+## Execute insmod in the insmod domain, and
+## allow the specified role the insmod domain,
+## and use the caller's terminal. Has a sigchld
+## backchannel.
+## </desc>
+## <param name="domain">
+## The type of the process performing this action.
+## </param>
+## <param name="role">
+## The role to be allowed the insmod domain.
+## </param>
+## <param name="terminal">
+## The type of the terminal allow the insmod domain to use.
+## </param>
#
interface(`modutils_run_insmod',`
gen_require(`
@@ -117,14 +108,12 @@ interface(`modutils_exec_insmod',`
')
########################################
-## <interface name="modutils_domtrans_depmod">
-## <desc>
-## Execute depmod in the depmod domain.
-## </desc>
-## <param name="domain">
-## The type of the process performing this action.
-## </param>
-## </interface>
+## <desc>
+## Execute depmod in the depmod domain.
+## </desc>
+## <param name="domain">
+## The type of the process performing this action.
+## </param>
#
interface(`modutils_domtrans_depmod',`
gen_require(`
@@ -144,20 +133,18 @@ interface(`modutils_domtrans_depmod',`
')
########################################
-## <interface name="modutils_run_depmod">
-## <desc>
-## Execute depmod in the depmod domain.
-## </desc>
-## <param name="domain">
-## The type of the process performing this action.
-## </param>
-## <param name="role">
-## The role to be allowed the depmod domain.
-## </param>
-## <param name="terminal">
-## The type of the terminal allow the depmod domain to use.
-## </param>
-## </interface>
+## <desc>
+## Execute depmod in the depmod domain.
+## </desc>
+## <param name="domain">
+## The type of the process performing this action.
+## </param>
+## <param name="role">
+## The role to be allowed the depmod domain.
+## </param>
+## <param name="terminal">
+## The type of the terminal allow the depmod domain to use.
+## </param>
#
interface(`modutils_run_depmod',`
gen_require(`
@@ -184,14 +171,12 @@ interface(`modutils_exec_depmod',`
')
########################################
-## <interface name="modutils_domtrans_update_mods">
-## <desc>
-## Execute depmod in the depmod domain.
-## </desc>
-## <param name="domain">
-## The type of the process performing this action.
-## </param>
-## </interface>
+## <desc>
+## Execute depmod in the depmod domain.
+## </desc>
+## <param name="domain">
+## The type of the process performing this action.
+## </param>
#
interface(`modutils_domtrans_update_mods',`
gen_require(`
@@ -211,20 +196,18 @@ interface(`modutils_domtrans_update_mods',`
')
########################################
-## <interface name="modutils_run_update_mods">
-## <desc>
-## Execute update_modules in the update_modules domain.
-## </desc>
-## <param name="domain">
-## The type of the process performing this action.
-## </param>
-## <param name="role">
-## The role to be allowed the update_modules domain.
-## </param>
-## <param name="terminal">
-## The type of the terminal allow the update_modules domain to use.
-## </param>
-## </interface>
+## <desc>
+## Execute update_modules in the update_modules domain.
+## </desc>
+## <param name="domain">
+## The type of the process performing this action.
+## </param>
+## <param name="role">
+## The role to be allowed the update_modules domain.
+## </param>
+## <param name="terminal">
+## The type of the terminal allow the update_modules domain to use.
+## </param>
#
interface(`modutils_run_update_mods',`
gen_require(`
@@ -250,4 +233,3 @@ interface(`modutils_exec_update_mods',`
can_exec($1, update_modules_exec_t)
')
-## </module>
diff --git a/refpolicy/policy/modules/system/mount.if b/refpolicy/policy/modules/system/mount.if
index ec6c88a..03f6d50 100644
--- a/refpolicy/policy/modules/system/mount.if
+++ b/refpolicy/policy/modules/system/mount.if
@@ -1,15 +1,12 @@
-## <module name="mount">
## <summary>Policy for mount.</summary>
########################################
-## <interface name="mount_domtrans">
-## <desc>
-## Execute mount in the mount domain.
-## </desc>
-## <param name="domain">
-## The type of the process performing this action.
-## </param>
-## </interface>
+## <desc>
+## Execute mount in the mount domain.
+## </desc>
+## <param name="domain">
+## The type of the process performing this action.
+## </param>
#
interface(`mount_domtrans',`
gen_require(`
@@ -28,22 +25,20 @@ interface(`mount_domtrans',`
')
########################################
-## <interface name="mount_run">
-## <desc>
-## Execute mount in the mount domain, and
-## allow the specified role the mount domain,
-## and use the caller's terminal.
-## </desc>
-## <param name="domain">
-## The type of the process performing this action.
-## </param>
-## <param name="role">
-## The role to be allowed the mount domain.
-## </param>
-## <param name="terminal">
-## The type of the terminal allow the mount domain to use.
-## </param>
-## </interface>
+## <desc>
+## Execute mount in the mount domain, and
+## allow the specified role the mount domain,
+## and use the caller's terminal.
+## </desc>
+## <param name="domain">
+## The type of the process performing this action.
+## </param>
+## <param name="role">
+## The role to be allowed the mount domain.
+## </param>
+## <param name="terminal">
+## The type of the terminal allow the mount domain to use.
+## </param>
#
interface(`mount_run',`
gen_require(`
@@ -57,14 +52,12 @@ interface(`mount_run',`
')
########################################
-## <interface name="mount_use_fd">
## <desc>
## Use file descriptors for mount.
## </desc>
## <param name="domain">
## The type of the process performing this action.
## </param>
-## </interface>
#
interface(`mount_use_fd',`
gen_require(`
@@ -76,7 +69,6 @@ interface(`mount_use_fd',`
')
########################################
-## <interface name="mount_send_nfs_client_request">
## <desc>
## Allow the mount domain to send nfs requests for mounting
## network drives
@@ -84,7 +76,6 @@ interface(`mount_use_fd',`
## <param name="domain">
## The type of the process performing this action.
## </param>
-## </interface>
#
interface(`mount_send_nfs_client_request',`
gen_require(`
@@ -95,4 +86,3 @@ interface(`mount_send_nfs_client_request',`
allow $1 mount_t:udp_socket rw_socket_perms;
')
-## </module>
diff --git a/refpolicy/policy/modules/system/selinuxutil.if b/refpolicy/policy/modules/system/selinuxutil.if
index e42bd22..f5e0ec7 100644
--- a/refpolicy/policy/modules/system/selinuxutil.if
+++ b/refpolicy/policy/modules/system/selinuxutil.if
@@ -1,15 +1,12 @@
-## <module name="selinuxutil">
## <summary>Policy for SELinux policy and userland applications.</summary>
#######################################
-## <interface name="seutil_domtrans_checkpol">
-## <desc>
-## Execute checkpolicy in the checkpolicy domain.
-## </desc>
-## <param name="domain">
-## The type of the process performing this action.
-## </param>
-## </interface>
+## <desc>
+## Execute checkpolicy in the checkpolicy domain.
+## </desc>
+## <param name="domain">
+## The type of the process performing this action.
+## </param>
#
interface(`seutil_domtrans_checkpol',`
gen_require(`
@@ -30,23 +27,21 @@ interface(`seutil_domtrans_checkpol',`
')
########################################
-## <interface name="seutil_run_checkpol">
-## <desc>
-## Execute checkpolicy in the checkpolicy domain, and
-## allow the specified role the checkpolicy domain,
-## and use the caller's terminal.
-## Has a SIGCHLD signal backchannel.
-## </desc>
-## <param name="domain">
-## The type of the process performing this action.
-## </param>
-## <param name="role">
-## The role to be allowed the checkpolicy domain.
-## </param>
-## <param name="terminal">
-## The type of the terminal allow the checkpolicy domain to use.
-## </param>
-## </interface>
+## <desc>
+## Execute checkpolicy in the checkpolicy domain, and
+## allow the specified role the checkpolicy domain,
+## and use the caller's terminal.
+## Has a SIGCHLD signal backchannel.
+## </desc>
+## <param name="domain">
+## The type of the process performing this action.
+## </param>
+## <param name="role">
+## The role to be allowed the checkpolicy domain.
+## </param>
+## <param name="terminal">
+## The type of the terminal allow the checkpolicy domain to use.
+## </param>
#
interface(`seutil_run_checkpol',`
gen_require(`
@@ -74,14 +69,12 @@ interface(`seutil_exec_checkpol',`
')
#######################################
-## <interface name="seutil_domtrans_loadpol">
-## <desc>
-## Execute load_policy in the load_policy domain.
-## </desc>
-## <param name="domain">
-## The type of the process performing this action.
-## </param>
-## </interface>
+## <desc>
+## Execute load_policy in the load_policy domain.
+## </desc>
+## <param name="domain">
+## The type of the process performing this action.
+## </param>
#
interface(`seutil_domtrans_loadpol',`
gen_require(`
@@ -101,23 +94,21 @@ interface(`seutil_domtrans_loadpol',`
')
########################################
-## <interface name="seutil_run_loadpol">
-## <desc>
-## Execute load_policy in the load_policy domain, and
-## allow the specified role the load_policy domain,
-## and use the caller's terminal.
-## Has a SIGCHLD signal backchannel.
-## </desc>
-## <param name="domain">
-## The type of the process performing this action.
-## </param>
-## <param name="role">
-## The role to be allowed the load_policy domain.
-## </param>
-## <param name="terminal">
-## The type of the terminal allow the load_policy domain to use.
-## </param>
-## </interface>
+## <desc>
+## Execute load_policy in the load_policy domain, and
+## allow the specified role the load_policy domain,
+## and use the caller's terminal.
+## Has a SIGCHLD signal backchannel.
+## </desc>
+## <param name="domain">
+## The type of the process performing this action.
+## </param>
+## <param name="role">
+## The role to be allowed the load_policy domain.
+## </param>
+## <param name="terminal">
+## The type of the terminal allow the load_policy domain to use.
+## </param>
#
interface(`seutil_run_loadpol',`
gen_require(`
@@ -158,14 +149,12 @@ interface(`seutil_read_loadpol',`
')
#######################################
-## <interface name="seutil_domtrans_newrole">
-## <desc>
-## Execute newrole in the load_policy domain.
-## </desc>
-## <param name="domain">
-## The type of the process performing this action.
-## </param>
-## </interface>
+## <desc>
+## Execute newrole in the load_policy domain.
+## </desc>
+## <param name="domain">
+## The type of the process performing this action.
+## </param>
#
interface(`seutil_domtrans_newrole',`
gen_require(`
@@ -186,22 +175,20 @@ interface(`seutil_domtrans_newrole',`
')
########################################
-## <interface name="seutil_run_newrole">
-## <desc>
-## Execute newrole in the newrole domain, and
-## allow the specified role the newrole domain,
-## and use the caller's terminal.
-## </desc>
-## <param name="domain">
-## The type of the process performing this action.
-## </param>
-## <param name="role">
-## The role to be allowed the newrole domain.
-## </param>
-## <param name="terminal">
-## The type of the terminal allow the newrole domain to use.
-## </param>
-## </interface>
+## <desc>
+## Execute newrole in the newrole domain, and
+## allow the specified role the newrole domain,
+## and use the caller's terminal.
+## </desc>
+## <param name="domain">
+## The type of the process performing this action.
+## </param>
+## <param name="role">
+## The role to be allowed the newrole domain.
+## </param>
+## <param name="terminal">
+## The type of the terminal allow the newrole domain to use.
+## </param>
#
interface(`seutil_run_newrole',`
gen_require(`
@@ -229,15 +216,13 @@ interface(`seutil_exec_newrole',`
')
########################################
-## <interface name="seutil_dontaudit_newrole_signal">
-## <desc>
-## Do not audit the caller attempts to send
-## a signal to newrole.
-## </desc>
-## <param name="domain">
-## The type of the process performing this action.
-## </param>
-## </interface>
+## <desc>
+## Do not audit the caller attempts to send
+## a signal to newrole.
+## </desc>
+## <param name="domain">
+## The type of the process performing this action.
+## </param>
#
interface(`seutil_dontaudit_newrole_signal',`
gen_require(`
@@ -275,14 +260,12 @@ interface(`seutil_use_newrole_fd',`
')
#######################################
-## <interface name="seutil_domtrans_restorecon">
-## <desc>
-## Execute restorecon in the restorecon domain.
-## </desc>
-## <param name="domain">
-## The type of the process performing this action.
-## </param>
-## </interface>
+## <desc>
+## Execute restorecon in the restorecon domain.
+## </desc>
+## <param name="domain">
+## The type of the process performing this action.
+## </param>
#
interface(`seutil_domtrans_restorecon',`
gen_require(`
@@ -302,22 +285,20 @@ interface(`seutil_domtrans_restorecon',`
')
########################################
-## <interface name="seutil_run_restorecon">
-## <desc>
-## Execute restorecon in the restorecon domain, and
-## allow the specified role the restorecon domain,
-## and use the caller's terminal.
-## </desc>
-## <param name="domain">
-## The type of the process performing this action.
-## </param>
-## <param name="role">
-## The role to be allowed the restorecon domain.
-## </param>
-## <param name="terminal">
-## The type of the terminal allow the restorecon domain to use.
-## </param>
-## </interface>
+## <desc>
+## Execute restorecon in the restorecon domain, and
+## allow the specified role the restorecon domain,
+## and use the caller's terminal.
+## </desc>
+## <param name="domain">
+## The type of the process performing this action.
+## </param>
+## <param name="role">
+## The role to be allowed the restorecon domain.
+## </param>
+## <param name="terminal">
+## The type of the terminal allow the restorecon domain to use.
+## </param>
#
interface(`seutil_run_restorecon',`
gen_require(`
@@ -344,14 +325,12 @@ interface(`seutil_exec_restorecon',`
')
########################################
-## <interface name="seutil_domtrans_runinit">
-## <desc>
-## Execute run_init in the run_init domain.
-## </desc>
-## <param name="domain">
-## The type of the process performing this action.
-## </param>
-## </interface>
+## <desc>
+## Execute run_init in the run_init domain.
+## </desc>
+## <param name="domain">
+## The type of the process performing this action.
+## </param>
#
interface(`seutil_domtrans_runinit',`
gen_require(`
@@ -372,22 +351,20 @@ interface(`seutil_domtrans_runinit',`
')
########################################
-## <interface name="seutil_run_runinit">
-## <desc>
-## Execute run_init in the run_init domain, and
-## allow the specified role the run_init domain,
-## and use the caller's terminal.
-## </desc>
-## <param name="domain">
-## The type of the process performing this action.
-## </param>
-## <param name="role">
-## The role to be allowed the run_init domain.
-## </param>
-## <param name="terminal">
-## The type of the terminal allow the run_init domain to use.
-## </param>
-## </interface>
+## <desc>
+## Execute run_init in the run_init domain, and
+## allow the specified role the run_init domain,
+## and use the caller's terminal.
+## </desc>
+## <param name="domain">
+## The type of the process performing this action.
+## </param>
+## <param name="role">
+## The role to be allowed the run_init domain.
+## </param>
+## <param name="terminal">
+## The type of the terminal allow the run_init domain to use.
+## </param>
#
interface(`seutil_run_runinit',`
gen_require(`
@@ -414,14 +391,12 @@ interface(`seutil_use_runinit_fd',`
')
########################################
-## <interface name="seutil_domtrans_setfiles">
-## <desc>
-## Execute setfiles in the setfiles domain.
-## </desc>
-## <param name="domain">
-## The type of the process performing this action.
-## </param>
-## </interface>
+## <desc>
+## Execute setfiles in the setfiles domain.
+## </desc>
+## <param name="domain">
+## The type of the process performing this action.
+## </param>
#
interface(`seutil_domtrans_setfiles',`
gen_require(`
@@ -442,22 +417,20 @@ interface(`seutil_domtrans_setfiles',`
')
########################################
-## <interface name="seutil_run_setfiles">
-## <desc>
-## Execute setfiles in the setfiles domain, and
-## allow the specified role the setfiles domain,
-## and use the caller's terminal.
-## </desc>
-## <param name="domain">
-## The type of the process performing this action.
-## </param>
-## <param name="role">
-## The role to be allowed the setfiles domain.
-## </param>
-## <param name="terminal">
-## The type of the terminal allow the setfiles domain to use.
-## </param>
-## </interface>
+## <desc>
+## Execute setfiles in the setfiles domain, and
+## allow the specified role the setfiles domain,
+## and use the caller's terminal.
+## </desc>
+## <param name="domain">
+## The type of the process performing this action.
+## </param>
+## <param name="role">
+## The role to be allowed the setfiles domain.
+## </param>
+## <param name="terminal">
+## The type of the terminal allow the setfiles domain to use.
+## </param>
#
interface(`seutil_run_setfiles',`
gen_require(`
@@ -571,14 +544,12 @@ interface(`seutil_create_binary_pol',`
')
########################################
-## <interface name="seutil_relabelto_binary_pol">
-## <desc>
-## Allow the caller to relabel a file to the binary policy type.
-## </desc>
-## <param name="domain">
-## The type of the process performing this action.
-## </param>
-## </interface>
+## <desc>
+## Allow the caller to relabel a file to the binary policy type.
+## </desc>
+## <param name="domain">
+## The type of the process performing this action.
+## </param>
#
interface(`seutil_relabelto_binary_pol',`
gen_require(`
@@ -644,4 +615,3 @@ interface(`seutil_manage_src_pol',`
allow $1 policy_src_t:file create_file_perms;
')
-## </module>
diff --git a/refpolicy/policy/modules/system/sysnetwork.if b/refpolicy/policy/modules/system/sysnetwork.if
index 1aa265d..05ae1f2 100644
--- a/refpolicy/policy/modules/system/sysnetwork.if
+++ b/refpolicy/policy/modules/system/sysnetwork.if
@@ -1,15 +1,12 @@
-## <module name="sysnetwork">
## <summary>Policy for network configuration: ifconfig and dhcp client.</summary>
#######################################
-## <interface name="sysnet_domtrans_dhcpc">
## <desc>
## Execute dhcp client in dhcpc domain.
## </desc>
## <param name="domain">
## The type of the process performing this action.
## </param>
-## </interface>
#
interface(`sysnet_domtrans_dhcpc',`
gen_require(`
@@ -29,14 +26,12 @@ interface(`sysnet_domtrans_dhcpc',`
')
#######################################
-## <interface name="sysnet_domtrans_ifconfig">
-## <desc>
-## Execute ifconfig in the ifconfig domain.
-## </desc>
-## <param name="domain">
-## The type of the process performing this action.
-## </param>
-## </interface>
+## <desc>
+## Execute ifconfig in the ifconfig domain.
+## </desc>
+## <param name="domain">
+## The type of the process performing this action.
+## </param>
#
interface(`sysnet_domtrans_ifconfig',`
gen_require(`
@@ -56,22 +51,20 @@ interface(`sysnet_domtrans_ifconfig',`
')
########################################
-## <interface name="sysnet_run_ifconfig">
-## <desc>
-## Execute ifconfig in the ifconfig domain, and
-## allow the specified role the ifconfig domain,
-## and use the caller's terminal.
-## </desc>
-## <param name="domain">
-## The type of the process performing this action.
-## </param>
-## <param name="role">
-## The role to be allowed the ifconfig domain.
-## </param>
-## <param name="terminal">
-## The type of the terminal allow the ifconfig domain to use.
-## </param>
-## </interface>
+## <desc>
+## Execute ifconfig in the ifconfig domain, and
+## allow the specified role the ifconfig domain,
+## and use the caller's terminal.
+## </desc>
+## <param name="domain">
+## The type of the process performing this action.
+## </param>
+## <param name="role">
+## The role to be allowed the ifconfig domain.
+## </param>
+## <param name="terminal">
+## The type of the terminal allow the ifconfig domain to use.
+## </param>
#
interface(`sysnet_run_ifconfig',`
gen_require(`
@@ -86,14 +79,12 @@ interface(`sysnet_run_ifconfig',`
')
#######################################
-## <interface name="sysnet_read_config">
## <desc>
## Allow network init to read network config files.
## </desc>
## <param name="domain">
## The type of the process performing this action.
## </param>
-## </interface>
#
interface(`sysnet_read_config',`
gen_require(`
@@ -105,4 +96,3 @@ interface(`sysnet_read_config',`
allow $1 net_conf_t:file r_file_perms;
')
-## </module>
diff --git a/refpolicy/policy/modules/system/udev.if b/refpolicy/policy/modules/system/udev.if
index 33d2815..9a54cbe 100644
--- a/refpolicy/policy/modules/system/udev.if
+++ b/refpolicy/policy/modules/system/udev.if
@@ -1,15 +1,12 @@
-## <module name="udev">
## <summary>Policy for udev.</summary>
########################################
-## <interface name="udev_domtrans">
## <desc>
## Execute udev in the udev domain.
## </desc>
## <param name="domain">
## The type of the process performing this action.
## </param>
-## </interface>
#
interface(`udev_domtrans',`
gen_require(`
@@ -28,14 +25,12 @@ interface(`udev_domtrans',`
')
########################################
-## <interface name="udev_read_db">
## <desc>
## Allow process to read list of devices.
## </desc>
## <param name="domain">
## The type of the process performing this action.
## </param>
-## </interface>
#
interface(`udev_read_db',`
gen_require(`
@@ -48,14 +43,12 @@ interface(`udev_read_db',`
')
########################################
-## <interface name="udev_rw_db">
## <desc>
## Allow process to modify list of devices.
## </desc>
## <param name="domain">
## The type of the process performing this action.
## </param>
-## </interface>
#
interface(`udev_rw_db',`
gen_require(`
@@ -67,4 +60,3 @@ interface(`udev_rw_db',`
allow $1 udev_tdb_t:file rw_file_perms;
')
-## </module>
diff --git a/refpolicy/policy/modules/system/userdomain.if b/refpolicy/policy/modules/system/userdomain.if
index b05018b..86abffc 100644
--- a/refpolicy/policy/modules/system/userdomain.if
+++ b/refpolicy/policy/modules/system/userdomain.if
@@ -1,4 +1,3 @@
-## <module name="userdomain">
## <summary>Policy for user domains</summary>
########################################
@@ -809,16 +808,14 @@ template(`admin_domain_template',`
')
########################################
-## <interface name="userdom_spec_domtrans_all_users">
-## <desc>
-## Execute a shell in all user domains. This
-## is an explicit transition, requiring the
-## caller to use setexeccon().
-## </desc>
-## <param name="domain">
-## The type of the process performing this action.
-## </param>
-## </interface>
+## <desc>
+## Execute a shell in all user domains. This
+## is an explicit transition, requiring the
+## caller to use setexeccon().
+## </desc>
+## <param name="domain">
+## The type of the process performing this action.
+## </param>
#
interface(`userdom_spec_domtrans_all_users',`
gen_require(`
@@ -829,16 +826,14 @@ interface(`userdom_spec_domtrans_all_users',`
')
########################################
-## <interface name="userdom_spec_domtrans_unpriv_users">
-## <desc>
-## Execute a shell in all unprivileged user domains. This
-## is an explicit transition, requiring the
-## caller to use setexeccon().
-## </desc>
-## <param name="domain">
-## The type of the process performing this action.
-## </param>
-## </interface>
+## <desc>
+## Execute a shell in all unprivileged user domains. This
+## is an explicit transition, requiring the
+## caller to use setexeccon().
+## </desc>
+## <param name="domain">
+## The type of the process performing this action.
+## </param>
#
interface(`userdom_spec_domtrans_unpriv_users',`
gen_require(`
@@ -849,14 +844,12 @@ interface(`userdom_spec_domtrans_unpriv_users',`
')
########################################
-## <interface name="userdom_shell_domtrans_sysadm">
-## <desc>
-## Execute a shell in the sysadm domain.
-## </desc>
-## <param name="domain">
-## The type of the process performing this action.
-## </param>
-## </interface>
+## <desc>
+## Execute a shell in the sysadm domain.
+## </desc>
+## <param name="domain">
+## The type of the process performing this action.
+## </param>
#
interface(`userdom_shell_domtrans_sysadm',`
gen_require(`
@@ -867,14 +860,12 @@ interface(`userdom_shell_domtrans_sysadm',`
')
########################################
-## <interface name="userdom_use_sysadm_tty">
-## <desc>
-## Read and write sysadm ttys.
-## </desc>
-## <param name="domain">
-## The type of the process performing this action.
-## </param>
-## </interface>
+## <desc>
+## Read and write sysadm ttys.
+## </desc>
+## <param name="domain">
+## The type of the process performing this action.
+## </param>
#
interface(`userdom_use_sysadm_tty',`
gen_require(`
@@ -888,14 +879,12 @@ interface(`userdom_use_sysadm_tty',`
')
########################################
-## <interface name="userdom_use_sysadm_terms">
-## <desc>
-## Read and write sysadm ttys and ptys.
-## </desc>
-## <param name="domain">
-## The type of the process performing this action.
-## </param>
-## </interface>
+## <desc>
+## Read and write sysadm ttys and ptys.
+## </desc>
+## <param name="domain">
+## The type of the process performing this action.
+## </param>
#
interface(`userdom_use_sysadm_terms',`
gen_require(`
@@ -909,14 +898,12 @@ interface(`userdom_use_sysadm_terms',`
')
########################################
-## <interface name="userdom_dontaudit_use_sysadm_terms">
-## <desc>
-## Do not audit attempts to use admin ttys and ptys.
-## </desc>
-## <param name="domain">
-## The type of the process performing this action.
-## </param>
-## </interface>
+## <desc>
+## Do not audit attempts to use admin ttys and ptys.
+## </desc>
+## <param name="domain">
+## The type of the process performing this action.
+## </param>
#
interface(`userdom_dontaudit_use_sysadm_terms',`
gen_require(`
@@ -928,14 +915,12 @@ interface(`userdom_dontaudit_use_sysadm_terms',`
')
########################################
-## <interface name="userdom_search_all_users_home">
-## <desc>
-## Search all users home directories.
-## </desc>
-## <param name="domain">
-## The type of the process performing this action.
-## </param>
-## </interface>
+## <desc>
+## Search all users home directories.
+## </desc>
+## <param name="domain">
+## The type of the process performing this action.
+## </param>
#
interface(`userdom_search_all_users_home',`
gen_require(`
@@ -948,14 +933,12 @@ interface(`userdom_search_all_users_home',`
')
########################################
-## <interface name="userdom_read_all_user_data">
-## <desc>
-## Read all files in all users home directories.
-## </desc>
-## <param name="domain">
-## The type of the process performing this action.
-## </param>
-## </interface>
+## <desc>
+## Read all files in all users home directories.
+## </desc>
+## <param name="domain">
+## The type of the process performing this action.
+## </param>
#
interface(`userdom_read_all_user_data',`
gen_require(`
@@ -970,14 +953,12 @@ interface(`userdom_read_all_user_data',`
')
########################################
-## <interface name="userdom_use_all_user_fd">
-## <desc>
-## Inherit the file descriptors from all user domains
-## </desc>
-## <param name="domain">
-## The type of the process performing this action.
-## </param>
-## </interface>
+## <desc>
+## Inherit the file descriptors from all user domains
+## </desc>
+## <param name="domain">
+## The type of the process performing this action.
+## </param>
#
interface(`userdom_use_all_user_fd',`
gen_require(`
@@ -989,14 +970,12 @@ interface(`userdom_use_all_user_fd',`
')
########################################
-## <interface name="userdom_signal_all_users">
-## <desc>
-## Send general signals to all user domains.
-## </desc>
-## <param name="domain">
-## The type of the process performing this action.
-## </param>
-## </interface>
+## <desc>
+## Send general signals to all user domains.
+## </desc>
+## <param name="domain">
+## The type of the process performing this action.
+## </param>
#
interface(`userdom_signal_all_users',`
gen_require(`
@@ -1008,14 +987,12 @@ interface(`userdom_signal_all_users',`
')
########################################
-## <interface name="userdom_signal_unpriv_users">
-## <desc>
-## Send general signals to unprivileged user domains.
-## </desc>
-## <param name="domain">
-## The type of the process performing this action.
-## </param>
-## </interface>
+## <desc>
+## Send general signals to unprivileged user domains.
+## </desc>
+## <param name="domain">
+## The type of the process performing this action.
+## </param>
#
interface(`userdom_signal_unpriv_users',`
gen_require(`
@@ -1027,14 +1004,12 @@ interface(`userdom_signal_unpriv_users',`
')
########################################
-## <interface name="userdom_use_unpriv_users_fd">
-## <desc>
-## Inherit the file descriptors from all user domains.
-## </desc>
-## <param name="domain">
-## The type of the process performing this action.
-## </param>
-## </interface>
+## <desc>
+## Inherit the file descriptors from all user domains.
+## </desc>
+## <param name="domain">
+## The type of the process performing this action.
+## </param>
#
interface(`userdom_use_unpriv_users_fd',`
gen_require(`
@@ -1046,15 +1021,13 @@ interface(`userdom_use_unpriv_users_fd',`
')
########################################
-## <interface name="userdom_dontaudit_use_unpriv_user_fd">
-## <desc>
-## Do not audit attempts to inherit the
-## file descriptors from all user domains.
-## </desc>
-## <param name="domain">
-## The type of the process performing this action.
-## </param>
-## </interface>
+## <desc>
+## Do not audit attempts to inherit the
+## file descriptors from all user domains.
+## </desc>
+## <param name="domain">
+## The type of the process performing this action.
+## </param>
#
interface(`userdom_dontaudit_use_unpriv_user_fd',`
gen_require(`
@@ -1065,4 +1038,3 @@ interface(`userdom_dontaudit_use_unpriv_user_fd',`
dontaudit $1 unpriv_userdomain:fd use;
')
-## </module>