diff --git a/refpolicy/doc/policy.dtd b/refpolicy/doc/policy.dtd
index 46fab3e..73ecc41 100644
--- a/refpolicy/doc/policy.dtd
+++ b/refpolicy/doc/policy.dtd
@@ -19,7 +19,7 @@
name CDATA #REQUIRED
dftval CDATA #REQUIRED>
<!ELEMENT summary (#PCDATA)>
-<!ELEMENT interface (summary?,desc?,secdesc?,param+,infoflow?)>
+<!ELEMENT interface (summary,desc?,secdesc?,param+,infoflow?)>
<!ATTLIST interface name CDATA #REQUIRED>
<!ELEMENT template (summary,desc?,secdesc?,param+)>
<!ATTLIST template name CDATA #REQUIRED>
diff --git a/refpolicy/policy/modules/admin/usermanage.if b/refpolicy/policy/modules/admin/usermanage.if
index 463a155..e832948 100644
--- a/refpolicy/policy/modules/admin/usermanage.if
+++ b/refpolicy/policy/modules/admin/usermanage.if
@@ -1,9 +1,9 @@
## <summary>Policy for managing user accounts.</summary>
########################################
-## <desc>
+## <summary>
## Execute chfn in the chfn domain.
-## </desc>
+## </summary>
## <param name="domain">
## The type of the process performing this action.
## </param>
@@ -27,10 +27,10 @@ interface(`usermanage_domtrans_chfn',`
')
########################################
-## <desc>
+## <summary>
## Execute chfn in the chfn domain, and
## allow the specified role the chfn domain.
-## </desc>
+## </summary>
## <param name="domain">
## The type of the process performing this action.
## </param>
@@ -53,9 +53,9 @@ interface(`usermanage_run_chfn',`
')
########################################
-## <desc>
+## <summary>
## Execute groupadd in the groupadd domain.
-## </desc>
+## </summary>
## <param name="domain">
## The type of the process performing this action.
## </param>
@@ -79,10 +79,10 @@ interface(`usermanage_domtrans_groupadd',`
')
########################################
-## <desc>
+## <summary>
## Execute groupadd in the groupadd domain, and
## allow the specified role the groupadd domain.
-## </desc>
+## </summary>
## <param name="domain">
## The type of the process performing this action.
## </param>
@@ -105,9 +105,9 @@ interface(`usermanage_run_groupadd',`
')
########################################
-## <desc>
+## <summary>
## Execute passwd in the passwd domain.
-## </desc>
+## </summary>
## <param name="domain">
## The type of the process performing this action.
## </param>
@@ -131,10 +131,10 @@ interface(`usermanage_domtrans_passwd',`
')
########################################
-## <desc>
+## <summary>
## Execute passwd in the passwd domain, and
## allow the specified role the passwd domain.
-## </desc>
+## </summary>
## <param name="domain">
## The type of the process performing this action.
## </param>
@@ -157,9 +157,9 @@ interface(`usermanage_run_passwd',`
')
########################################
-## <desc>
+## <summary>
## Execute useradd in the useradd domain.
-## </desc>
+## </summary>
## <param name="domain">
## The type of the process performing this action.
## </param>
@@ -183,10 +183,10 @@ interface(`usermanage_domtrans_useradd',`
')
########################################
-## <desc>
+## <summary>
## Execute useradd in the useradd domain, and
## allow the specified role the useradd domain.
-## </desc>
+## </summary>
## <param name="domain">
## The type of the process performing this action.
## </param>
diff --git a/refpolicy/policy/modules/kernel/terminal.if b/refpolicy/policy/modules/kernel/terminal.if
index 07b1892..36c1184 100644
--- a/refpolicy/policy/modules/kernel/terminal.if
+++ b/refpolicy/policy/modules/kernel/terminal.if
@@ -1,9 +1,9 @@
## <summary>Policy for terminals.</summary>
########################################
-## <desc>
+## <summary>
## Transform specified type into a pty type.
-## </desc>
+## </summary>
## <param name="pty_type">
## An object type that will applied to a pty.
## </param>
@@ -20,11 +20,11 @@ interface(`term_pty',`
')
########################################
-## <desc>
+## <summary>
## Transform specified type into an user
## pty type. This allows it to be relabeled via
## type change by login programs such as ssh.
-## </desc>
+## </summary>
## <param name="userdomain">
## The type of the user domain associated with
## this pty.
@@ -43,10 +43,10 @@ interface(`term_user_pty',`
')
########################################
-## <desc>
+## <summary>
## Transform specified type into a pty type
## used by login programs, such as sshd.
-## </desc>
+## </summary>
## <param name="pty_type">
## An object type that will applied to a pty.
## </param>
@@ -61,9 +61,9 @@ interface(`term_login_pty',`
')
########################################
-## <desc>
+## <summary>
## Transform specified type into a tty type.
-## </desc>
+## </summary>
## <param name="tty_type">
## An object type that will applied to a tty.
## </param>
@@ -89,9 +89,9 @@ interface(`term_tty',`
')
########################################
-## <desc>
+## <summary>
## Create a pty in the /dev/pts directory.
-## </desc>
+## </summary>
## <param name="domain">
## The type of the process creating the pty.
## </param>
@@ -117,10 +117,10 @@ interface(`term_create_pty',`
')
########################################
-## <desc>
+## <summary>
## Read and write the console, all
## ttys and all ptys.
-## </desc>
+## </summary>
## <param name="domain">
## The type of the process performing this action.
## </param>
@@ -139,9 +139,9 @@ interface(`term_use_all_terms',`
')
########################################
-## <desc>
+## <summary>
## Write to the console.
-## </desc>
+## </summary>
## <param name="domain">
## The type of the process performing this action.
## </param>
@@ -157,9 +157,9 @@ interface(`term_write_console',`
')
########################################
-## <desc>
+## <summary>
## Read from and write to the console.
-## </desc>
+## </summary>
## <param name="domain">
## The type of the process performing this action.
## </param>
@@ -175,10 +175,10 @@ interface(`term_use_console',`
')
########################################
-## <desc>
+## <summary>
## Do not audit attemtps to read from
## or write to the console.
-## </desc>
+## </summary>
## <param name="domain">
## The type of the process performing this action.
## </param>
@@ -193,10 +193,10 @@ interface(`term_dontaudit_use_console',`
')
########################################
-## <desc>
+## <summary>
## Set the attributes of the console
## device node.
-## </desc>
+## </summary>
## <param name="domain">
## The type of the process performing this action.
## </param>
@@ -212,10 +212,10 @@ interface(`term_setattr_console',`
')
########################################
-## <desc>
+## <summary>
## Read the /dev/pts directory to
## list all ptys.
-## </desc>
+## </summary>
## <param name="domain">
## The type of the process performing this action.
## </param>
@@ -231,10 +231,10 @@ interface(`term_list_ptys',`
')
########################################
-## <desc>
+## <summary>
## Do not audit attempts to read the
## /dev/pts directory to.
-## </desc>
+## </summary>
## <param name="domain">
## The type of the process to not audit.
## </param>
@@ -249,11 +249,11 @@ interface(`term_dontaudit_list_ptys',`
')
########################################
-## <desc>
+## <summary>
## Read and write the generic pty
## type. This is generally only used in
## the targeted policy.
-## </desc>
+## </summary>
## <param name="domain">
## The type of the process performing this action.
## </param>
@@ -269,11 +269,11 @@ interface(`term_use_generic_pty',`
')
########################################
-## <desc>
+## <summary>
## Dot not audit attempts to read and
## write the generic pty type. This is
## generally only used in the targeted policy.
-## </desc>
+## </summary>
## <param name="domain">
## The type of the process to not audit.
## </param>
@@ -288,10 +288,10 @@ interface(`term_dontaudit_use_generic_pty',`
')
########################################
-## <desc>
+## <summary>
## Read and write the controlling
## terminal (/dev/tty).
-## </desc>
+## </summary>
## <param name="domain">
## The type of the process performing this action.
## </param>
@@ -307,10 +307,10 @@ interface(`term_use_controlling_term',`
')
########################################
-## <desc>
+## <summary>
## Do not audit attempts to read and
## write the pty multiplexor (/dev/ptmx).
-## </desc>
+## </summary>
## <param name="domain">
## The type of the process to not audit.
## </param>
@@ -325,10 +325,10 @@ interface(`term_dontaudit_use_ptmx',`
')
########################################
-## <desc>
+## <summary>
## Get the attributes of all user
## pty device nodes.
-## </desc>
+## </summary>
## <param name="domain">
## The type of the process performing this action.
## </param>
@@ -346,11 +346,11 @@ interface(`term_getattr_all_user_ptys',`
')
########################################
-## <desc>
+## <summary>
## Do not audit attempts to get the
## attributes of any user pty
## device nodes.
-## </desc>
+## </summary>
## <param name="domain">
## The type of the process performing this action.
## </param>
@@ -405,9 +405,9 @@ interface(`term_relabelto_all_user_ptys',`
')
########################################
-## <desc>
+## <summary>
## Read and write all user ptys.
-## </desc>
+## </summary>
## <param name="domain">
## The type of the process performing this action.
## </param>
@@ -425,10 +425,10 @@ interface(`term_use_all_user_ptys',`
')
########################################
-## <desc>
+## <summary>
## Do not audit attempts to read any
## user ptys.
-## </desc>
+## </summary>
## <param name="domain">
## The type of the process to not audit.
## </param>
@@ -443,10 +443,10 @@ interface(`term_dontaudit_use_all_user_ptys',`
')
########################################
-## <desc>
+## <summary>
## Relabel from and to all user
## user pty device nodes.
-## </desc>
+## </summary>
## <param name="domain">
## The type of the process performing this action.
## </param>
@@ -464,10 +464,10 @@ interface(`term_relabel_all_user_ptys',`
')
########################################
-## <desc>
+## <summary>
## Get the attributes of all unallocated
## tty device nodes.
-## </desc>
+## </summary>
## <param name="domain">
## The type of the process performing this action.
## </param>
@@ -483,10 +483,10 @@ interface(`term_getattr_unallocated_ttys',`
')
########################################
-## <desc>
+## <summary>
## Do not audit attempts to get the attributes
## of all unallocated tty device nodes.
-## </desc>
+## </summary>
## <param name="domain">
## The type of the process performing this action.
## </param>
@@ -501,10 +501,10 @@ interface(`term_dontaudit_getattr_unallocated_ttys',`
')
########################################
-## <desc>
+## <summary>
## Set the attributes of all unallocated
## tty device nodes.
-## </desc>
+## </summary>
## <param name="domain">
## The type of the process performing this action.
## </param>
@@ -520,10 +520,10 @@ interface(`term_setattr_unallocated_ttys',`
')
########################################
-## <desc>
+## <summary>
## Relabel from and to the unallocated
## tty type.
-## </desc>
+## </summary>
## <param name="domain">
## The type of the process performing this action.
## </param>
@@ -539,10 +539,10 @@ interface(`term_relabel_unallocated_ttys',`
')
########################################
-## <desc>
+## <summary>
## Relabel from all user tty types to
## the unallocated tty type.
-## </desc>
+## </summary>
## <param name="domain">
## The type of the process performing this action.
## </param>
@@ -560,9 +560,9 @@ interface(`term_reset_tty_labels',`
')
########################################
-## <desc>
+## <summary>
## Write to unallocated ttys.
-## </desc>
+## </summary>
## <param name="domain">
## The type of the process performing this action.
## </param>
@@ -578,9 +578,9 @@ interface(`term_write_unallocated_ttys',`
')
########################################
-## <desc>
+## <summary>
## Read and write unallocated ttys.
-## </desc>
+## </summary>
## <param name="domain">
## The type of the process performing this action.
## </param>
@@ -596,10 +596,10 @@ interface(`term_use_unallocated_tty',`
')
########################################
-## <desc>
+## <summary>
## Do not audit attempts to read or
## write unallocated ttys.
-## </desc>
+## </summary>
## <param name="domain">
## The type of the process to not audit.
## </param>
@@ -614,10 +614,10 @@ interface(`term_dontaudit_use_unallocated_tty',`
')
########################################
-## <desc>
+## <summary>
## Get the attributes of all user tty
## device nodes.
-## </desc>
+## </summary>
## <param name="domain">
## The type of the process performing this action.
## </param>
@@ -633,11 +633,11 @@ interface(`term_getattr_all_user_ttys',`
')
########################################
-## <desc>
+## <summary>
## Do not audit attempts to get the
## attributes of any user tty
## device nodes.
-## </desc>
+## </summary>
## <param name="domain">
## The type of the process performing this action.
## </param>
@@ -653,10 +653,10 @@ interface(`term_dontaudit_getattr_all_user_ttys',`
')
########################################
-## <desc>
+## <summary>
## Set the attributes of all user tty
## device nodes.
-## </desc>
+## </summary>
## <param name="domain">
## The type of the process performing this action.
## </param>
@@ -672,10 +672,10 @@ interface(`term_setattr_all_user_ttys',`
')
########################################
-## <desc>
+## <summary>
## Relabel from and to all user
## user tty device nodes.
-## </desc>
+## </summary>
## <param name="domain">
## The type of the process performing this action.
## </param>
@@ -691,9 +691,9 @@ interface(`term_relabel_all_user_ttys',`
')
########################################
-## <desc>
+## <summary>
## Write to all user ttys.
-## </desc>
+## </summary>
## <param name="domain">
## The type of the process performing this action.
## </param>
@@ -709,9 +709,9 @@ interface(`term_write_all_user_ttys',`
')
########################################
-## <desc>
+## <summary>
## Read and write all user to all user ttys.
-## </desc>
+## </summary>
## <param name="domain">
## The type of the process performing this action.
## </param>
@@ -727,10 +727,10 @@ interface(`term_use_all_user_ttys',`
')
########################################
-## <desc>
+## <summary>
## Do not audit attempts to read or write
## any user ttys.
-## </desc>
+## </summary>
## <param name="domain">
## The type of the process performing this action.
## </param>
diff --git a/refpolicy/policy/modules/services/mta.if b/refpolicy/policy/modules/services/mta.if
index aec6b43..87f132c 100644
--- a/refpolicy/policy/modules/services/mta.if
+++ b/refpolicy/policy/modules/services/mta.if
@@ -228,9 +228,9 @@ interface(`mta_exec',`
')
########################################
-## <desc>
+## <summary>
## Read mail address aliases.
-## </desc>
+## </summary>
## <param name="domain">
## The type of the process performing this action.
## </param>
diff --git a/refpolicy/policy/modules/services/remotelogin.if b/refpolicy/policy/modules/services/remotelogin.if
index d25467a..55a519f 100644
--- a/refpolicy/policy/modules/services/remotelogin.if
+++ b/refpolicy/policy/modules/services/remotelogin.if
@@ -1,9 +1,9 @@
## <summary>Policy for rshd, rlogind, and telnetd.</summary>
########################################
-## <desc>
+## <summary>
## Domain transition to the remote login domain.
-## </desc>
+## </summary>
## <param name="domain">
## The type of the process performing this action.
## </param>
diff --git a/refpolicy/policy/modules/services/sendmail.if b/refpolicy/policy/modules/services/sendmail.if
index 8923bb3..908ac9c 100644
--- a/refpolicy/policy/modules/services/sendmail.if
+++ b/refpolicy/policy/modules/services/sendmail.if
@@ -1,9 +1,9 @@
## <summary>Policy for sendmail.</summary>
########################################
-## <desc>
+## <summary>
## Domain transition to sendmail.
-## </desc>
+## </summary>
## <param name="domain">
## The type of the process performing this action.
## </param>
diff --git a/refpolicy/policy/modules/system/authlogin.if b/refpolicy/policy/modules/system/authlogin.if
index cc296e6..7037a40 100644
--- a/refpolicy/policy/modules/system/authlogin.if
+++ b/refpolicy/policy/modules/system/authlogin.if
@@ -114,9 +114,9 @@ template(`authlogin_per_userdomain_template',`
')
########################################
-## <desc>
+## <summary>
## Use the login program as an entry point program.
-## </desc>
+## </summary>
## <param name="domain">
## The type of process using the login program as entry point.
## </param>
@@ -130,9 +130,9 @@ interface(`auth_login_entry_type',`
')
########################################
-## <desc>
+## <summary>
## Execute a login_program in the target domain.
-## </desc>
+## </summary>
## <param name="domain">
## The type of the process performing this action.
## </param>
@@ -158,9 +158,9 @@ interface(`auth_domtrans_login_program',`
')
########################################
-## <desc>
+## <summary>
## Run unix_chkpwd to check a password.
-## </desc>
+## </summary>
## <param name="domain">
## The type of the process performing this action.
## </param>
@@ -243,9 +243,9 @@ interface(`auth_dontaudit_getattr_shadow',`
')
########################################
-## <desc>
+## <summary>
## Read the shadow passwords file (/etc/shadow)
-## </desc>
+## </summary>
## <param name="domain">
## The type of the process performing this action.
## </param>
@@ -263,10 +263,10 @@ interface(`auth_read_shadow',`
')
########################################
-## <desc>
+## <summary>
## Do not audit attempts to read the shadow
## password file (/etc/shadow).
-## </desc>
+## </summary>
## <param name="domain">
## The type of the domain to not audit.
## </param>
@@ -281,9 +281,9 @@ interface(`auth_dontaudit_read_shadow',`
')
########################################
-## <desc>
+## <summary>
## Read and write the shadow password file (/etc/shadow).
-## </desc>
+## </summary>
## <param name="domain">
## The type of the process performing this action.
## </param>
@@ -362,9 +362,9 @@ interface(`auth_rw_lastlog',`
')
########################################
-## <desc>
+## <summary>
## Execute pam programs in the pam domain.
-## </desc>
+## </summary>
## <param name="domain">
## The type of the process performing this action.
## </param>
@@ -386,9 +386,9 @@ interface(`auth_domtrans_pam',`
')
########################################
-## <desc>
+## <summary>
## Execute pam programs in the PAM domain.
-## </desc>
+## </summary>
## <param name="domain">
## The type of the process performing this action.
## </param>
@@ -411,9 +411,9 @@ interface(`auth_run_pam',`
')
########################################
-## <desc>
+## <summary>
## Execute the pam program.
-## </desc>
+## </summary>
## <param name="domain">
## The type of the process performing this action.
## </param>
@@ -444,9 +444,9 @@ interface(`auth_read_pam_pid',`
')
########################################
-## <desc>
+## <summary>
## Delete pam PID files.
-## </desc>
+## </summary>
## <param name="domain">
## The type of the process performing this action.
## </param>
@@ -536,10 +536,10 @@ interface(`auth_manage_pam_console_data',`
')
########################################
-## <desc>
+## <summary>
## Relabel all files on the filesystem, except
## the shadow passwords and listed exceptions.
-## </desc>
+## </summary>
## <param name="domain">
## The type of the domain perfoming this action.
## </param>
@@ -558,10 +558,10 @@ interface(`auth_relabel_all_files_except_shadow',`
')
########################################
-## <desc>
+## <summary>
## Manage all files on the filesystem, except
## the shadow passwords and listed exceptions.
-## </desc>
+## </summary>
## <param name="domain">
## The type of the domain perfoming this action.
## </param>
@@ -580,9 +580,9 @@ interface(`auth_manage_all_files_except_shadow',`
')
########################################
-## <desc>
+## <summary>
## Execute utempter programs in the utempter domain.
-## </desc>
+## </summary>
## <param name="domain">
## The type of the process performing this action.
## </param>
@@ -604,9 +604,9 @@ interface(`auth_domtrans_utempter',`
')
########################################
-## <desc>
+## <summary>
## Execute utempter programs in the utempter domain.
-## </desc>
+## </summary>
## <param name="domain">
## The type of the process performing this action.
## </param>
diff --git a/refpolicy/policy/modules/system/clock.if b/refpolicy/policy/modules/system/clock.if
index 2f7e62c..46a3aee 100644
--- a/refpolicy/policy/modules/system/clock.if
+++ b/refpolicy/policy/modules/system/clock.if
@@ -1,9 +1,9 @@
## <summary>Policy for reading and setting the hardware clock.</summary>
########################################
-## <desc>
+## <summary>
## Execute hwclock in the clock domain.
-## </desc>
+## </summary>
## <param name="domain">
## The type of the process performing this action.
## </param>
@@ -24,10 +24,10 @@ interface(`clock_domtrans',`
')
########################################
-## <desc>
+## <summary>
## Execute hwclock in the clock domain, and
## allow the specified role the hwclock domain.
-## </desc>
+## </summary>
## <param name="domain">
## The type of the process performing this action.
## </param>
@@ -50,9 +50,9 @@ interface(`clock_run',`
')
########################################
-## <desc>
+## <summary>
## Execute hwclock in the caller domain.
-## </desc>
+## </summary>
## <param name="domain">
## The type of the process performing this action.
## </param>
@@ -66,9 +66,9 @@ interface(`clock_exec',`
')
########################################
-## <desc>
+## <summary>
## Allow executing domain to modify clock drift
-## </desc>
+## </summary>
## <param name="domain">
## The type of the process performing this action.
## </param>
diff --git a/refpolicy/policy/modules/system/corecommands.if b/refpolicy/policy/modules/system/corecommands.if
index 3f4587a..8b089a1 100644
--- a/refpolicy/policy/modules/system/corecommands.if
+++ b/refpolicy/policy/modules/system/corecommands.if
@@ -3,6 +3,7 @@
## in /bin, /sbin, /usr/bin, and /usr/sbin.
## </summary>
+########################################
## <summary>
## Make the shell an entrypoint for the specified domain.
## </summary>
@@ -374,6 +375,11 @@ interface(`corecmd_exec_ls',`
')
########################################
+## <summary>
+## Execute a shell in the target domain. This
+## is an explicit transition, requiring the
+## caller to use setexeccon().
+## </summary>
## <desc>
## <p>
## Execute a shell in the target domain. This
diff --git a/refpolicy/policy/modules/system/domain.if b/refpolicy/policy/modules/system/domain.if
index d8790b8..c8e2ac1 100644
--- a/refpolicy/policy/modules/system/domain.if
+++ b/refpolicy/policy/modules/system/domain.if
@@ -107,10 +107,10 @@ interface(`domain_dyntrans_type',`
')
########################################
-## <desc>
+## <summary>
## Makes caller an exception to the constraint preventing
## changing of user identity.
-## </desc>
+## </summary>
## <param name="domain">
## The process type to make an exception to the constraint.
## </param>
@@ -124,10 +124,10 @@ interface(`domain_subj_id_change_exempt',`
')
########################################
-## <desc>
+## <summary>
## Makes caller an exception to the constraint preventing
## changing of role.
-## </desc>
+## </summary>
## <param name="domain">
## The process type to make an exception to the constraint.
## </param>
@@ -141,10 +141,10 @@ interface(`domain_role_change_exempt',`
')
########################################
-## <desc>
+## <summary>
## Makes caller an exception to the constraint preventing
## changing the user identity in object contexts.
-## </desc>
+## </summary>
## <param name="domain">
## The process type to make an exception to the constraint.
## </param>
@@ -216,9 +216,9 @@ interface(`domain_setpriority_all_domains',`
')
########################################
-## <desc>
+## <summary>
## Send general signals to all domains.
-## </desc>
+## </summary>
## <param name="domain">
## The type of the process performing this action.
## </param>
@@ -233,9 +233,9 @@ interface(`domain_signal_all_domains',`
')
########################################
-## <desc>
+## <summary>
## Send a null signal to all domains.
-## </desc>
+## </summary>
## <param name="domain">
## The type of the process performing this action.
## </param>
@@ -250,9 +250,9 @@ interface(`domain_signull_all_domains',`
')
########################################
-## <desc>
+## <summary>
## Send a stop signal to all domains.
-## </desc>
+## </summary>
## <param name="domain">
## The type of the process performing this action.
## </param>
@@ -267,9 +267,9 @@ interface(`domain_sigstop_all_domains',`
')
########################################
-## <desc>
+## <summary>
## Send a child terminated signal to all domains.
-## </desc>
+## </summary>
## <param name="domain">
## The type of the process performing this action.
## </param>
@@ -284,9 +284,9 @@ interface(`domain_sigchld_all_domains',`
')
########################################
-## <desc>
+## <summary>
## Send a kill signal to all domains.
-## </desc>
+## </summary>
## <param name="domain">
## The type of the process performing this action.
## </param>
@@ -362,10 +362,10 @@ interface(`domain_dontaudit_read_all_domains_state',`
')
########################################
-## <desc>
+## <summary>
## Do not audit attempts to read the process state
## directories of all domains.
-## </desc>
+## </summary>
## <param name="domain">
## The type of the process performing this action.
## </param>
@@ -541,10 +541,10 @@ interface(`domain_dontaudit_rw_all_key_sockets',`
')
########################################
-## <desc>
+## <summary>
## Do not audit attempts to get the attributes
## of all domains unix datagram sockets.
-## </desc>
+## </summary>
## <param name="domain">
## The type of the process performing this action.
## </param>
@@ -559,10 +559,10 @@ interface(`domain_dontaudit_getattr_all_unix_dgram_sockets',`
')
########################################
-## <desc>
+## <summary>
## Do not audit attempts to get the attributes
## of all domains unnamed pipes.
-## </desc>
+## </summary>
## <param name="domain">
## The type of the process performing this action.
## </param>
diff --git a/refpolicy/policy/modules/system/fstools.if b/refpolicy/policy/modules/system/fstools.if
index bda311a..bb2f5fa 100644
--- a/refpolicy/policy/modules/system/fstools.if
+++ b/refpolicy/policy/modules/system/fstools.if
@@ -1,9 +1,9 @@
## <summary>Tools for filesystem management, such as mkfs and fsck.</summary>
########################################
-## <desc>
+## <summary>
## Execute fs tools in the fstools domain.
-## </desc>
+## </summary>
## <param name="domain">
## The type of the process performing this action.
## </param>
@@ -25,10 +25,10 @@ interface(`fstools_domtrans',`
')
########################################
-## <desc>
+## <summary>
## Execute fs tools in the fstools domain, and
## allow the specified role the fs tools domain.
-## </desc>
+## </summary>
## <param name="domain">
## The type of the process performing this action.
## </param>
@@ -51,12 +51,12 @@ interface(`fstools_run',`
')
########################################
-## <desc>
-## Execute fsadm in the caller domain.
-## </desc>
-## <param name="domain">
-## The type of the process performing this action.
-## </param>
+## <summary>
+## Execute fsadm in the caller domain.
+## </summary>
+## <param name="domain">
+## The type of the process performing this action.
+## </param>
#
interface(`fstools_exec',`
gen_require(`
diff --git a/refpolicy/policy/modules/system/getty.if b/refpolicy/policy/modules/system/getty.if
index dd1ec0e..93d8149 100644
--- a/refpolicy/policy/modules/system/getty.if
+++ b/refpolicy/policy/modules/system/getty.if
@@ -1,12 +1,12 @@
## <summary>Policy for getty.</summary>
########################################
-## <desc>
-## Execute gettys in the getty domain.
-## </desc>
-## <param name="domain">
-## The type of the process performing this action.
-## </param>
+## <summary>
+## Execute gettys in the getty domain.
+## </summary>
+## <param name="domain">
+## The type of the process performing this action.
+## </param>
#
interface(`getty_domtrans',`
gen_require(`
@@ -26,12 +26,12 @@ interface(`getty_domtrans',`
')
########################################
-## <desc>
-## Allow process to read getty log file.
-## </desc>
-## <param name="domain">
-## The type of the process performing this action.
-## </param>
+## <summary>
+## Allow process to read getty log file.
+## </summary>
+## <param name="domain">
+## The type of the process performing this action.
+## </param>
#
interface(`getty_read_log',`
gen_require(`
@@ -44,12 +44,12 @@ interface(`getty_read_log',`
')
########################################
-## <desc>
-## Allow process to read getty config file.
-## </desc>
-## <param name="domain">
-## The type of the process performing this action.
-## </param>
+## <summary>
+## Allow process to read getty config file.
+## </summary>
+## <param name="domain">
+## The type of the process performing this action.
+## </param>
#
interface(`getty_read_config',`
gen_require(`
@@ -62,12 +62,12 @@ interface(`getty_read_config',`
')
########################################
-## <desc>
-## Allow process to edit getty config file.
-## </desc>
-## <param name="domain">
-## The type of the process performing this action.
-## </param>
+## <summary>
+## Allow process to edit getty config file.
+## </summary>
+## <param name="domain">
+## The type of the process performing this action.
+## </param>
#
interface(`getty_modify_config',`
gen_require(`
@@ -78,4 +78,3 @@ interface(`getty_modify_config',`
files_search_etc($1)
allow $1 getty_etc_t:file rw_file_perms;
')
-
diff --git a/refpolicy/policy/modules/system/init.if b/refpolicy/policy/modules/system/init.if
index 4383272..d9c14e9 100644
--- a/refpolicy/policy/modules/system/init.if
+++ b/refpolicy/policy/modules/system/init.if
@@ -298,9 +298,9 @@ interface(`init_domtrans_script',`
')
########################################
-## <desc>
+## <summary>
## Start and stop daemon programs directly.
-## </desc>
+## </summary>
## <param name="domain">
## The type of the process performing this action.
## </param>
diff --git a/refpolicy/policy/modules/system/iptables.if b/refpolicy/policy/modules/system/iptables.if
index 23d55fa..eeed12f 100644
--- a/refpolicy/policy/modules/system/iptables.if
+++ b/refpolicy/policy/modules/system/iptables.if
@@ -1,9 +1,9 @@
## <summary>Policy for iptables.</summary>
########################################
-## <desc>
+## <summary>
## Execute iptables in the iptables domain.
-## </desc>
+## </summary>
## <param name="domain">
## The type of the process performing this action.
## </param>
@@ -26,10 +26,10 @@ interface(`iptables_domtrans',`
')
########################################
-## <desc>
+## <summary>
## Execute iptables in the iptables domain, and
## allow the specified role the iptables domain.
-## </desc>
+## </summary>
## <param name="domain">
## The type of the process performing this action.
## </param>
@@ -52,9 +52,9 @@ interface(`iptables_run',`
')
########################################
-## <desc>
+## <summary>
## Execute iptables in the caller domain.
-## </desc>
+## </summary>
## <param name="domain">
## The type of the process performing this action.
## </param>
diff --git a/refpolicy/policy/modules/system/logging.if b/refpolicy/policy/modules/system/logging.if
index 925d35e..a592aae 100644
--- a/refpolicy/policy/modules/system/logging.if
+++ b/refpolicy/policy/modules/system/logging.if
@@ -84,11 +84,11 @@ interface(`logging_send_syslog_msg',`
')
########################################
-## <desc>
+## <summary>
## Allows the domain to open a file in the
## log directory, but does not allow the listing
## of the contents of the log directory.
-## </desc>
+## </summary>
## <param name="domain">
## The type of the process performing this action.
## </param>
diff --git a/refpolicy/policy/modules/system/lvm.if b/refpolicy/policy/modules/system/lvm.if
index 1f1ee77..c960b6c 100644
--- a/refpolicy/policy/modules/system/lvm.if
+++ b/refpolicy/policy/modules/system/lvm.if
@@ -1,9 +1,9 @@
## <summary>Policy for logical volume management programs.</summary>
########################################
-## <desc>
+## <summary>
## Execute lvm programs in the lvm domain.
-## </desc>
+## </summary>
## <param name="domain">
## The type of the process performing this action.
## </param>
@@ -26,9 +26,9 @@ interface(`lvm_domtrans',`
')
########################################
-## <desc>
+## <summary>
## Execute lvm programs in the lvm domain.
-## </desc>
+## </summary>
## <param name="domain">
## The type of the process performing this action.
## </param>
@@ -51,9 +51,9 @@ interface(`lvm_run',`
')
########################################
-## <desc>
+## <summary>
## Read LVM configuration files.
-## </desc>
+## </summary>
## <param name="domain">
## The type of the process performing this action.
## </param>
diff --git a/refpolicy/policy/modules/system/modutils.if b/refpolicy/policy/modules/system/modutils.if
index 199619d..fbe4514 100644
--- a/refpolicy/policy/modules/system/modutils.if
+++ b/refpolicy/policy/modules/system/modutils.if
@@ -1,9 +1,9 @@
## <summary>Policy for kernel module utilities</summary>
########################################
-## <desc>
+## <summary>
## Read the dependencies of kernel modules.
-## </desc>
+## </summary>
## <param name="domain">
## The type of the process performing this action.
## </param>
@@ -19,10 +19,10 @@ interface(`modutils_read_mods_deps',`
')
########################################
-## <desc>
+## <summary>
## Read the configuration options used when
## loading modules.
-## </desc>
+## </summary>
## <param name="domain">
## The type of the process performing this action.
## </param>
@@ -42,9 +42,9 @@ interface(`modutils_read_module_conf',`
')
########################################
-## <desc>
+## <summary>
## Execute insmod in the insmod domain.
-## </desc>
+## </summary>
## <param name="domain">
## The type of the process performing this action.
## </param>
@@ -67,12 +67,12 @@ interface(`modutils_domtrans_insmod',`
')
########################################
-## <desc>
+## <summary>
## Execute insmod in the insmod domain, and
## allow the specified role the insmod domain,
## and use the caller's terminal. Has a sigchld
## backchannel.
-## </desc>
+## </summary>
## <param name="domain">
## The type of the process performing this action.
## </param>
@@ -108,9 +108,9 @@ interface(`modutils_exec_insmod',`
')
########################################
-## <desc>
+## <summary>
## Execute depmod in the depmod domain.
-## </desc>
+## </summary>
## <param name="domain">
## The type of the process performing this action.
## </param>
@@ -133,9 +133,9 @@ interface(`modutils_domtrans_depmod',`
')
########################################
-## <desc>
+## <summary>
## Execute depmod in the depmod domain.
-## </desc>
+## </summary>
## <param name="domain">
## The type of the process performing this action.
## </param>
@@ -171,9 +171,9 @@ interface(`modutils_exec_depmod',`
')
########################################
-## <desc>
+## <summary>
## Execute depmod in the depmod domain.
-## </desc>
+## </summary>
## <param name="domain">
## The type of the process performing this action.
## </param>
@@ -196,9 +196,9 @@ interface(`modutils_domtrans_update_mods',`
')
########################################
-## <desc>
+## <summary>
## Execute update_modules in the update_modules domain.
-## </desc>
+## </summary>
## <param name="domain">
## The type of the process performing this action.
## </param>
diff --git a/refpolicy/policy/modules/system/mount.if b/refpolicy/policy/modules/system/mount.if
index 03f6d50..569f616 100644
--- a/refpolicy/policy/modules/system/mount.if
+++ b/refpolicy/policy/modules/system/mount.if
@@ -1,9 +1,9 @@
## <summary>Policy for mount.</summary>
########################################
-## <desc>
+## <summary>
## Execute mount in the mount domain.
-## </desc>
+## </summary>
## <param name="domain">
## The type of the process performing this action.
## </param>
@@ -25,11 +25,11 @@ interface(`mount_domtrans',`
')
########################################
-## <desc>
+## <summary>
## Execute mount in the mount domain, and
## allow the specified role the mount domain,
## and use the caller's terminal.
-## </desc>
+## </summary>
## <param name="domain">
## The type of the process performing this action.
## </param>
@@ -52,12 +52,12 @@ interface(`mount_run',`
')
########################################
-## <desc>
-## Use file descriptors for mount.
-## </desc>
-## <param name="domain">
-## The type of the process performing this action.
-## </param>
+## <summary>
+## Use file descriptors for mount.
+## </summary>
+## <param name="domain">
+## The type of the process performing this action.
+## </param>
#
interface(`mount_use_fd',`
gen_require(`
@@ -69,13 +69,13 @@ interface(`mount_use_fd',`
')
########################################
-## <desc>
-## Allow the mount domain to send nfs requests for mounting
-## network drives
-## </desc>
-## <param name="domain">
-## The type of the process performing this action.
-## </param>
+## <summary>
+## Allow the mount domain to send nfs requests for mounting
+## network drives
+## </summary>
+## <param name="domain">
+## The type of the process performing this action.
+## </param>
#
interface(`mount_send_nfs_client_request',`
gen_require(`
diff --git a/refpolicy/policy/modules/system/selinuxutil.if b/refpolicy/policy/modules/system/selinuxutil.if
index 3591f09..6119e4b 100644
--- a/refpolicy/policy/modules/system/selinuxutil.if
+++ b/refpolicy/policy/modules/system/selinuxutil.if
@@ -1,9 +1,9 @@
## <summary>Policy for SELinux policy and userland applications.</summary>
#######################################
-## <desc>
+## <summary>
## Execute checkpolicy in the checkpolicy domain.
-## </desc>
+## </summary>
## <param name="domain">
## The type of the process performing this action.
## </param>
@@ -27,12 +27,12 @@ interface(`seutil_domtrans_checkpol',`
')
########################################
-## <desc>
+## <summary>
## Execute checkpolicy in the checkpolicy domain, and
## allow the specified role the checkpolicy domain,
## and use the caller's terminal.
## Has a SIGCHLD signal backchannel.
-## </desc>
+## </summary>
## <param name="domain">
## The type of the process performing this action.
## </param>
@@ -69,9 +69,9 @@ interface(`seutil_exec_checkpol',`
')
#######################################
-## <desc>
+## <summary>
## Execute load_policy in the load_policy domain.
-## </desc>
+## </summary>
## <param name="domain">
## The type of the process performing this action.
## </param>
@@ -94,12 +94,12 @@ interface(`seutil_domtrans_loadpol',`
')
########################################
-## <desc>
+## <summary>
## Execute load_policy in the load_policy domain, and
## allow the specified role the load_policy domain,
## and use the caller's terminal.
## Has a SIGCHLD signal backchannel.
-## </desc>
+## </summary>
## <param name="domain">
## The type of the process performing this action.
## </param>
@@ -149,9 +149,9 @@ interface(`seutil_read_loadpol',`
')
#######################################
-## <desc>
+## <summary>
## Execute newrole in the load_policy domain.
-## </desc>
+## </summary>
## <param name="domain">
## The type of the process performing this action.
## </param>
@@ -175,11 +175,11 @@ interface(`seutil_domtrans_newrole',`
')
########################################
-## <desc>
+## <summary>
## Execute newrole in the newrole domain, and
## allow the specified role the newrole domain,
## and use the caller's terminal.
-## </desc>
+## </summary>
## <param name="domain">
## The type of the process performing this action.
## </param>
@@ -216,10 +216,10 @@ interface(`seutil_exec_newrole',`
')
########################################
-## <desc>
+## <summary>
## Do not audit the caller attempts to send
## a signal to newrole.
-## </desc>
+## </summary>
## <param name="domain">
## The type of the process performing this action.
## </param>
@@ -260,9 +260,9 @@ interface(`seutil_use_newrole_fd',`
')
#######################################
-## <desc>
+## <summary>
## Execute restorecon in the restorecon domain.
-## </desc>
+## </summary>
## <param name="domain">
## The type of the process performing this action.
## </param>
@@ -285,11 +285,11 @@ interface(`seutil_domtrans_restorecon',`
')
########################################
-## <desc>
+## <summary>
## Execute restorecon in the restorecon domain, and
## allow the specified role the restorecon domain,
## and use the caller's terminal.
-## </desc>
+## </summary>
## <param name="domain">
## The type of the process performing this action.
## </param>
@@ -325,9 +325,9 @@ interface(`seutil_exec_restorecon',`
')
########################################
-## <desc>
+## <summary>
## Execute run_init in the run_init domain.
-## </desc>
+## </summary>
## <param name="domain">
## The type of the process performing this action.
## </param>
@@ -351,11 +351,11 @@ interface(`seutil_domtrans_runinit',`
')
########################################
-## <desc>
+## <summary>
## Execute run_init in the run_init domain, and
## allow the specified role the run_init domain,
## and use the caller's terminal.
-## </desc>
+## </summary>
## <param name="domain">
## The type of the process performing this action.
## </param>
@@ -391,9 +391,9 @@ interface(`seutil_use_runinit_fd',`
')
########################################
-## <desc>
+## <summary>
## Execute setfiles in the setfiles domain.
-## </desc>
+## </summary>
## <param name="domain">
## The type of the process performing this action.
## </param>
@@ -417,11 +417,11 @@ interface(`seutil_domtrans_setfiles',`
')
########################################
-## <desc>
+## <summary>
## Execute setfiles in the setfiles domain, and
## allow the specified role the setfiles domain,
## and use the caller's terminal.
-## </desc>
+## </summary>
## <param name="domain">
## The type of the process performing this action.
## </param>
@@ -581,9 +581,9 @@ interface(`seutil_create_binary_pol',`
')
########################################
-## <desc>
+## <summary>
## Allow the caller to relabel a file to the binary policy type.
-## </desc>
+## </summary>
## <param name="domain">
## The type of the process performing this action.
## </param>
diff --git a/refpolicy/policy/modules/system/sysnetwork.if b/refpolicy/policy/modules/system/sysnetwork.if
index 4008974..fc7109b 100644
--- a/refpolicy/policy/modules/system/sysnetwork.if
+++ b/refpolicy/policy/modules/system/sysnetwork.if
@@ -1,12 +1,12 @@
## <summary>Policy for network configuration: ifconfig and dhcp client.</summary>
#######################################
-## <desc>
-## Execute dhcp client in dhcpc domain.
-## </desc>
-## <param name="domain">
-## The type of the process performing this action.
-## </param>
+## <summary>
+## Execute dhcp client in dhcpc domain.
+## </summary>
+## <param name="domain">
+## The type of the process performing this action.
+## </param>
#
interface(`sysnet_domtrans_dhcpc',`
gen_require(`
@@ -200,9 +200,9 @@ interface(`sysnet_read_dhcpc_pid',`
')
#######################################
-## <desc>
+## <summary>
## Execute ifconfig in the ifconfig domain.
-## </desc>
+## </summary>
## <param name="domain">
## The type of the process performing this action.
## </param>
@@ -225,11 +225,11 @@ interface(`sysnet_domtrans_ifconfig',`
')
########################################
-## <desc>
+## <summary>
## Execute ifconfig in the ifconfig domain, and
## allow the specified role the ifconfig domain,
## and use the caller's terminal.
-## </desc>
+## </summary>
## <param name="domain">
## The type of the process performing this action.
## </param>
diff --git a/refpolicy/policy/modules/system/unconfined.if b/refpolicy/policy/modules/system/unconfined.if
index 9da3a48..97d701d 100644
--- a/refpolicy/policy/modules/system/unconfined.if
+++ b/refpolicy/policy/modules/system/unconfined.if
@@ -98,9 +98,9 @@ interface(`unconfined_domtrans',`
')
########################################
-## <desc>
+## <summary>
## Execute specified programs in the unconfined domain.
-## </desc>
+## </summary>
## <param name="domain">
## The type of the process performing this action.
## </param>