[selinux-policy: 408/3172] shorten some xml tags
Daniel J Walsh
dwalsh at fedoraproject.org
Thu Oct 7 19:40:03 UTC 2010
commit 261e0e66eef29bfbd0981c1d46d4567a96ef7648
Author: Chris PeBenito <cpebenito at tresys.com>
Date: Thu Jun 23 16:00:05 2005 +0000
shorten some xml tags
refpolicy/doc/policy.dtd | 14 +-
refpolicy/policy/modules/admin/dmesg.if | 16 +-
refpolicy/policy/modules/admin/rpm.if | 48 +-
refpolicy/policy/modules/admin/usermanage.if | 96 ++--
refpolicy/policy/modules/apps/gpg.if | 8 +-
refpolicy/policy/modules/kernel/bootloader.if | 152 +++---
refpolicy/policy/modules/kernel/corenetwork.if.in | 8 +-
refpolicy/policy/modules/kernel/corenetwork.if.m4 | 176 +++---
refpolicy/policy/modules/kernel/devices.if | 384 ++++++------
refpolicy/policy/modules/kernel/filesystem.if | 680 ++++++++++----------
refpolicy/policy/modules/kernel/kernel.if | 404 ++++++------
refpolicy/policy/modules/kernel/selinux.if | 92 ++--
refpolicy/policy/modules/kernel/storage.if | 208 ++++----
refpolicy/policy/modules/kernel/terminal.if | 280 +++++-----
refpolicy/policy/modules/services/mta.if | 8 +-
refpolicy/policy/modules/services/remotelogin.if | 8 +-
refpolicy/policy/modules/services/sendmail.if | 8 +-
refpolicy/policy/modules/system/authlogin.if | 148 +++---
refpolicy/policy/modules/system/clock.if | 40 +-
refpolicy/policy/modules/system/corecommands.if | 24 +-
refpolicy/policy/modules/system/domain.if | 120 ++--
refpolicy/policy/modules/system/files.if | 100 ++--
refpolicy/policy/modules/system/getty.if | 32 +-
refpolicy/policy/modules/system/hostname.if | 32 +-
refpolicy/policy/modules/system/hotplug.if | 8 +-
refpolicy/policy/modules/system/init.if | 24 +-
refpolicy/policy/modules/system/iptables.if | 32 +-
refpolicy/policy/modules/system/libraries.if | 96 ++--
refpolicy/policy/modules/system/locallogin.if | 16 +-
refpolicy/policy/modules/system/logging.if | 8 +-
refpolicy/policy/modules/system/lvm.if | 32 +-
refpolicy/policy/modules/system/miscfiles.if | 40 +-
refpolicy/policy/modules/system/modutils.if | 88 ++--
refpolicy/policy/modules/system/mount.if | 40 +-
refpolicy/policy/modules/system/selinuxutil.if | 160 +++---
refpolicy/policy/modules/system/sysnetwork.if | 40 +-
refpolicy/policy/modules/system/udev.if | 24 +-
refpolicy/policy/modules/system/userdomain.if | 104 ++--
38 files changed, 1899 insertions(+), 1899 deletions(-)
---
diff --git a/refpolicy/doc/policy.dtd b/refpolicy/doc/policy.dtd
index a5ccae7..801e57f 100644
--- a/refpolicy/doc/policy.dtd
+++ b/refpolicy/doc/policy.dtd
@@ -4,7 +4,7 @@
<!ELEMENT layer (module+)>
<!ATTLIST layer
name CDATA #REQUIRED>
-<!ELEMENT module (summary,description?,(interface|template)*)>
+<!ELEMENT module (summary,desc?,(interface|template)*)>
<!ATTLIST module
name CDATA #REQUIRED>
<!ELEMENT tunable (#PCDATA)>
@@ -12,14 +12,14 @@
name CDATA #REQUIRED
dftval CDATA #REQUIRED>
<!ELEMENT summary (#PCDATA)>
-<!ELEMENT interface (summary?,description?,securitydesc?,parameter+,infoflow?)>
+<!ELEMENT interface (summary?,desc?,secdesc?,param+,infoflow?)>
<!ATTLIST interface name CDATA #REQUIRED>
-<!ELEMENT template (summary,description?,securitydesc?,parameter+)>
+<!ELEMENT template (summary,desc?,secdesc?,param+)>
<!ATTLIST template name CDATA #REQUIRED>
-<!ELEMENT description (#PCDATA|%inline.class;)*>
-<!ELEMENT securitydesc (#PCDATA|%inline.class;)*>
-<!ELEMENT parameter (#PCDATA)>
-<!ATTLIST parameter
+<!ELEMENT desc (#PCDATA|%inline.class;)*>
+<!ELEMENT secdesc (#PCDATA|%inline.class;)*>
+<!ELEMENT param (#PCDATA)>
+<!ATTLIST param
name CDATA #REQUIRED
optional (true|false) "false">
<!ELEMENT infoflow EMPTY>
diff --git a/refpolicy/policy/modules/admin/dmesg.if b/refpolicy/policy/modules/admin/dmesg.if
index 189fc5e..711d376 100644
--- a/refpolicy/policy/modules/admin/dmesg.if
+++ b/refpolicy/policy/modules/admin/dmesg.if
@@ -3,12 +3,12 @@
########################################
## <interface name="dmesg_domtrans">
-## <description>
+## <desc>
## Execute dmesg in the dmesg domain.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the process performing this action.
-## </parameter>
+## </param>
## </interface>
#
interface(`dmesg_domtrans',`
@@ -30,12 +30,12 @@ interface(`dmesg_domtrans',`
########################################
## <interface name="dmesg_exec">
-## <description>
+## <desc>
## Execute dmesg in the caller domain.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the process performing this action.
-## </parameter>
+## </param>
## </interface>
#
interface(`dmesg_exec',`
diff --git a/refpolicy/policy/modules/admin/rpm.if b/refpolicy/policy/modules/admin/rpm.if
index b7791a7..cf694fd 100644
--- a/refpolicy/policy/modules/admin/rpm.if
+++ b/refpolicy/policy/modules/admin/rpm.if
@@ -3,12 +3,12 @@
########################################
## <interface name="rpm_domtrans">
-## <description>
+## <desc>
## Execute rpm programs in the rpm domain.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the process performing this action.
-## </parameter>
+## </param>
## </interface>
#
interface(`rpm_domtrans',`
@@ -31,18 +31,18 @@ interface(`rpm_domtrans',`
########################################
## <interface name="rpm_run">
-## <description>
+## <desc>
## Execute RPM programs in the RPM domain.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the process performing this action.
-## </parameter>
-## <parameter name="role">
+## </param>
+## <param name="role">
## The role to allow the RPM domain.
-## </parameter>
-## <parameter name="terminal">
+## </param>
+## <param name="terminal">
## The type of the terminal allow the RPM domain to use.
-## </parameter>
+## </param>
## </interface>
#
interface(`rpm_run',`
@@ -59,12 +59,12 @@ interface(`rpm_run',`
########################################
## <interface name="rpm_use_fd">
-## <description>
+## <desc>
## Inherit and use file descriptors from RPM.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the process performing this action.
-## </parameter>
+## </param>
## </interface>
#
interface(`rpm_use_fd',`
@@ -78,12 +78,12 @@ interface(`rpm_use_fd',`
########################################
## <interface name="rpm_read_pipe">
-## <description>
+## <desc>
## Read from a RPM pipe.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the process performing this action.
-## </parameter>
+## </param>
## </interface>
#
interface(`rpm_read_pipe',`
@@ -97,12 +97,12 @@ interface(`rpm_read_pipe',`
########################################
## <interface name="rpm_read_db">
-## <description>
+## <desc>
## Read RPM package database.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the process performing this action.
-## </parameter>
+## </param>
## </interface>
#
interface(`rpm_read_db',`
diff --git a/refpolicy/policy/modules/admin/usermanage.if b/refpolicy/policy/modules/admin/usermanage.if
index 34131a4..7156052 100644
--- a/refpolicy/policy/modules/admin/usermanage.if
+++ b/refpolicy/policy/modules/admin/usermanage.if
@@ -3,12 +3,12 @@
########################################
## <interface name="usermanage_domtrans_chfn">
-## <description>
+## <desc>
## Execute chfn in the chfn domain.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the process performing this action.
-## </parameter>
+## </param>
## </interface>
#
interface(`usermanage_domtrans_chfn',`
@@ -31,19 +31,19 @@ interface(`usermanage_domtrans_chfn',`
########################################
## <interface name="usermanage_run_chfn">
-## <description>
+## <desc>
## Execute chfn in the chfn domain, and
## allow the specified role the chfn domain.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the process performing this action.
-## </parameter>
-## <parameter name="role">
+## </param>
+## <param name="role">
## The role to be allowed the chfn domain.
-## </parameter>
-## <parameter name="terminal">
+## </param>
+## <param name="terminal">
## The type of the terminal allow the chfn domain to use.
-## </parameter>
+## </param>
## </interface>
#
interface(`usermanage_run_chfn',`
@@ -59,12 +59,12 @@ interface(`usermanage_run_chfn',`
########################################
## <interface name="usermanage_domtrans_groupadd">
-## <description>
+## <desc>
## Execute groupadd in the groupadd domain.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the process performing this action.
-## </parameter>
+## </param>
## </interface>
#
interface(`usermanage_domtrans_groupadd',`
@@ -87,19 +87,19 @@ interface(`usermanage_domtrans_groupadd',`
########################################
## <interface name="usermanage_run_groupadd">
-## <description>
+## <desc>
## Execute groupadd in the groupadd domain, and
## allow the specified role the groupadd domain.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the process performing this action.
-## </parameter>
-## <parameter name="role">
+## </param>
+## <param name="role">
## The role to be allowed the groupadd domain.
-## </parameter>
-## <parameter name="terminal">
+## </param>
+## <param name="terminal">
## The type of the terminal allow the groupadd domain to use.
-## </parameter>
+## </param>
## </interface>
#
interface(`usermanage_run_groupadd',`
@@ -115,12 +115,12 @@ interface(`usermanage_run_groupadd',`
########################################
## <interface name="usermanage_domtrans_passwd">
-## <description>
+## <desc>
## Execute passwd in the passwd domain.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the process performing this action.
-## </parameter>
+## </param>
## </interface>
#
interface(`usermanage_domtrans_passwd',`
@@ -143,19 +143,19 @@ interface(`usermanage_domtrans_passwd',`
########################################
## <interface name="usermanage_run_passwd">
-## <description>
+## <desc>
## Execute passwd in the passwd domain, and
## allow the specified role the passwd domain.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the process performing this action.
-## </parameter>
-## <parameter name="role">
+## </param>
+## <param name="role">
## The role to be allowed the passwd domain.
-## </parameter>
-## <parameter name="terminal">
+## </param>
+## <param name="terminal">
## The type of the terminal allow the passwd domain to use.
-## </parameter>
+## </param>
## </interface>
#
interface(`usermanage_run_passwd',`
@@ -171,12 +171,12 @@ interface(`usermanage_run_passwd',`
########################################
## <interface name="usermanage_domtrans_useradd">
-## <description>
+## <desc>
## Execute useradd in the useradd domain.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the process performing this action.
-## </parameter>
+## </param>
## </interface>
#
interface(`usermanage_domtrans_useradd',`
@@ -199,19 +199,19 @@ interface(`usermanage_domtrans_useradd',`
########################################
## <interface name="usermanage_run_useradd">
-## <description>
+## <desc>
## Execute useradd in the useradd domain, and
## allow the specified role the useradd domain.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the process performing this action.
-## </parameter>
-## <parameter name="role">
+## </param>
+## <param name="role">
## The role to be allowed the useradd domain.
-## </parameter>
-## <parameter name="terminal">
+## </param>
+## <param name="terminal">
## The type of the terminal allow the useradd domain to use.
-## </parameter>
+## </param>
## </interface>
#
interface(`usermanage_run_useradd',`
diff --git a/refpolicy/policy/modules/apps/gpg.if b/refpolicy/policy/modules/apps/gpg.if
index 7ccb56f..04304ca 100644
--- a/refpolicy/policy/modules/apps/gpg.if
+++ b/refpolicy/policy/modules/apps/gpg.if
@@ -6,7 +6,7 @@
## <summary>
## The per-userdomain template for the gpg module.
## </summary>
-## <description>
+## <desc>
## <p>
## This template creates the types and rules for GPG,
## GPG-agent, and GPG helper programs. This protects
@@ -18,11 +18,11 @@
## generally does not need to be statically invoked
## directly by policy writers.
## </p>
-## </description>
-## <parameter name="userdomain_prefix">
+## </desc>
+## <param name="userdomain_prefix">
## The prefix of the user domain (e.g., user
## is the prefix for user_t).
-## </parameter>
+## </param>
#
template(`gpg_per_userdomain_template',`
gen_require(`$0'_depend)
diff --git a/refpolicy/policy/modules/kernel/bootloader.if b/refpolicy/policy/modules/kernel/bootloader.if
index 6e1597f..a531cf9 100644
--- a/refpolicy/policy/modules/kernel/bootloader.if
+++ b/refpolicy/policy/modules/kernel/bootloader.if
@@ -3,12 +3,12 @@
########################################
## <interface name="bootloader_domtrans">
-## <description>
+## <desc>
## Execute bootloader in the bootloader domain.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the process performing this action.
-## </parameter>
+## </param>
## </interface>
#
interface(`bootloader_domtrans',`
@@ -29,19 +29,19 @@ interface(`bootloader_domtrans',`
########################################
## <interface name="bootloader_run">
-## <description>
+## <desc>
## Execute bootloader interactively and do
## a domain transition to the bootloader domain.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the process performing this action.
-## </parameter>
-## <parameter name="role">
+## </param>
+## <param name="role">
## The role to be allowed the bootloader domain.
-## </parameter>
-## <parameter name="terminal">
+## </param>
+## <param name="terminal">
## The type of the terminal allow the bootloader domain to use.
-## </parameter>
+## </param>
## </interface>
#
interface(`bootloader_run',`
@@ -58,12 +58,12 @@ interface(`bootloader_run',`
########################################
## <interface name="bootloader_search_boot_dir">
-## <description>
+## <desc>
## Search the /boot directory.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the process performing this action.
-## </parameter>
+## </param>
## </interface>
#
interface(`bootloader_search_boot_dir',`
@@ -77,12 +77,12 @@ interface(`bootloader_search_boot_dir',`
########################################
## <interface name="bootloader_dontaudit_search_boot">
-## <description>
+## <desc>
## Do not audit attempts to search the /boot directory.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the process performing this action.
-## </parameter>
+## </param>
## </interface>
#
interface(`bootloader_dontaudit_search_boot',`
@@ -96,13 +96,13 @@ interface(`bootloader_dontaudit_search_boot',`
########################################
## <interface name="bootloader_rw_boot_symlinks">
-## <description>
+## <desc>
## Read and write symbolic links
## in the /boot directory.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the process performing this action.
-## </parameter>
+## </param>
## </interface>
#
interface(`bootloader_rw_boot_symlinks',`
@@ -118,12 +118,12 @@ interface(`bootloader_rw_boot_symlinks',`
########################################
## <interface name="bootloader_create_kernel">
-## <description>
+## <desc>
## Install a kernel into the /boot directory.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the process performing this action.
-## </parameter>
+## </param>
## </interface>
#
interface(`bootloader_create_kernel',`
@@ -141,12 +141,12 @@ interface(`bootloader_create_kernel',`
########################################
## <interface name="bootloader_create_kernel_symbol_table">
-## <description>
+## <desc>
## Install a system.map into the /boot directory.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the process performing this action.
-## </parameter>
+## </param>
## </interface>
#
interface(`bootloader_create_kernel_symbol_table',`
@@ -162,12 +162,12 @@ interface(`bootloader_create_kernel_symbol_table',`
########################################
## <interface name="bootloader_read_kernel_symbol_table">
-## <description>
+## <desc>
## Read system.map in the /boot directory.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the process performing this action.
-## </parameter>
+## </param>
## </interface>
#
interface(`bootloader_read_kernel_symbol_table',`
@@ -183,12 +183,12 @@ interface(`bootloader_read_kernel_symbol_table',`
########################################
## <interface name="bootloader_delete_kernel">
-## <description>
+## <desc>
## Delete a kernel from /boot.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the process performing this action.
-## </parameter>
+## </param>
## </interface>
#
interface(`bootloader_delete_kernel',`
@@ -204,12 +204,12 @@ interface(`bootloader_delete_kernel',`
########################################
## <interface name="bootloader_delete_kernel_symbol_table">
-## <description>
+## <desc>
## Delete a system.map in the /boot directory.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the process performing this action.
-## </parameter>
+## </param>
## </interface>
#
interface(`bootloader_delete_kernel_symbol_table',`
@@ -225,12 +225,12 @@ interface(`bootloader_delete_kernel_symbol_table',`
########################################
## <interface name="bootloader_read_config">
-## <description>
+## <desc>
## Read the bootloader configuration file.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the process performing this action.
-## </parameter>
+## </param>
## </interface>
#
interface(`bootloader_read_config',`
@@ -244,13 +244,13 @@ interface(`bootloader_read_config',`
########################################
## <interface name="bootloader_rw_config">
-## <description>
+## <desc>
## Read and write the bootloader
## configuration file.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the process performing this action.
-## </parameter>
+## </param>
## </interface>
#
interface(`bootloader_rw_config',`
@@ -264,13 +264,13 @@ interface(`bootloader_rw_config',`
########################################
## <interface name="bootloader_rw_tmp_file">
-## <description>
+## <desc>
## Read and write the bootloader
## temporary data in /tmp.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the process performing this action.
-## </parameter>
+## </param>
## </interface>
#
interface(`bootloader_rw_tmp_file',`
@@ -285,13 +285,13 @@ interface(`bootloader_rw_tmp_file',`
########################################
## <interface name="bootloader_create_runtime_file">
-## <description>
+## <desc>
## Read and write the bootloader
## temporary data in /tmp.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the process performing this action.
-## </parameter>
+## </param>
## </interface>
#
interface(`bootloader_create_runtime_file',`
@@ -308,12 +308,12 @@ interface(`bootloader_create_runtime_file',`
########################################
## <interface name="bootloader_list_kernel_modules">
-## <description>
+## <desc>
## List the contents of the kernel module directories.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the process performing this action.
-## </parameter>
+## </param>
## </interface>
#
interface(`bootloader_list_kernel_modules',`
@@ -327,12 +327,12 @@ interface(`bootloader_list_kernel_modules',`
########################################
## <interface name="bootloader_read_kernel_modules">
-## <description>
+## <desc>
## Read kernel module files.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the process performing this action.
-## </parameter>
+## </param>
## </interface>
#
interface(`bootloader_read_kernel_modules',`
@@ -350,12 +350,12 @@ interface(`bootloader_read_kernel_modules',`
########################################
## <interface name="bootloader_write_kernel_modules">
-## <description>
+## <desc>
## Write kernel module files.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the process performing this action.
-## </parameter>
+## </param>
## </interface>
#
interface(`bootloader_write_kernel_modules',`
@@ -374,13 +374,13 @@ interface(`bootloader_write_kernel_modules',`
########################################
## <interface name="bootloader_manage_kernel_modules">
-## <description>
+## <desc>
## Create, read, write, and delete
## kernel module files.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the process performing this action.
-## </parameter>
+## </param>
## </interface>
#
interface(`bootloader_manage_kernel_modules',`
diff --git a/refpolicy/policy/modules/kernel/corenetwork.if.in b/refpolicy/policy/modules/kernel/corenetwork.if.in
index 9f3ab47..3095b84 100644
--- a/refpolicy/policy/modules/kernel/corenetwork.if.in
+++ b/refpolicy/policy/modules/kernel/corenetwork.if.in
@@ -3,12 +3,12 @@
########################################
## <interface name="corenet_tcp_sendrecv_generic_if">
-## <description>
+## <desc>
## Send and receive TCP network traffic on the general interfaces.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the process performing this action.
-## </parameter>
+## </param>
## <infoflow type="both" weight="10"/>
## </interface>
#
diff --git a/refpolicy/policy/modules/kernel/corenetwork.if.m4 b/refpolicy/policy/modules/kernel/corenetwork.if.m4
index fea2b84..9d6d84d 100644
--- a/refpolicy/policy/modules/kernel/corenetwork.if.m4
+++ b/refpolicy/policy/modules/kernel/corenetwork.if.m4
@@ -7,12 +7,12 @@
define(`create_netif_interfaces',``
########################################
## <interface name="corenet_tcp_sendrecv_$1">
-## <description>
+## <desc>
## Send and receive TCP network traffic on the $1 interface.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the process performing this action.
-## </parameter>
+## </param>
## <infoflow type="both" weight="10"/>
## </interface>
#
@@ -27,12 +27,12 @@ interface(`corenet_tcp_sendrecv_$1',`
########################################
## <interface name="corenet_udp_send_$1">
-## <description>
+## <desc>
## Send UDP network traffic on the $1 interface.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the process performing this action.
-## </parameter>
+## </param>
## <infoflow type="write" weight="10"/>
## </interface>
#
@@ -47,12 +47,12 @@ interface(`corenet_udp_send_$1',`
########################################
## <interface name="corenet_udp_receive_$1">
-## <description>
+## <desc>
## Receive UDP network traffic on the $1 interface.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the process performing this action.
-## </parameter>
+## </param>
## <infoflow type="read" weight="10"/>
## </interface>
#
@@ -67,12 +67,12 @@ interface(`corenet_udp_receive_$1',`
########################################
## <interface name="corenetwork_sendrecv_udp_on_$1_interface">
-## <description>
+## <desc>
## Send and receive UDP network traffic on the $1 interface.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the process performing this action.
-## </parameter>
+## </param>
## <infoflow type="both" weight="10"/>
## </interface>
#
@@ -83,12 +83,12 @@ interface(`corenet_udp_sendrecv_$1',`
########################################
## <interface name="corenet_raw_send_$1">
-## <description>
+## <desc>
## Send raw IP packets on the $1 interface.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the process performing this action.
-## </parameter>
+## </param>
## <infoflow type="write" weight="10"/>
## </interface>
#
@@ -105,12 +105,12 @@ interface(`corenet_raw_send_$1',`
########################################
## <interface name="corenet_raw_receive_$1">
-## <description>
+## <desc>
## Receive raw IP packets on the $1 interface.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the process performing this action.
-## </parameter>
+## </param>
## <infoflow type="read" weight="10"/>
## </interface>
#
@@ -125,12 +125,12 @@ interface(`corenet_raw_receive_$1',`
########################################
## <interface name="corenet_raw_sendrecv_$1">
-## <description>
+## <desc>
## Send and receive raw IP packets on the $1 interface.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the process performing this action.
-## </parameter>
+## </param>
## <infoflow type="both" weight="10"/>
## </interface>
#
@@ -149,12 +149,12 @@ interface(`corenet_raw_sendrecv_$1',`
define(`create_node_interfaces',``
########################################
## <interface name="corenet_tcp_sendrecv_$1_node">
-## <description>
+## <desc>
## Send and receive TCP traffic on the $1 node.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the process performing this action.
-## </parameter>
+## </param>
## <infoflow type="both" weight="10"/>
## </interface>
#
@@ -169,12 +169,12 @@ interface(`corenet_tcp_sendrecv_$1_node',`
########################################
## <interface name="corenet_udp_send_$1_node">
-## <description>
+## <desc>
## Send UDP traffic on the $1 node.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the process performing this action.
-## </parameter>
+## </param>
## <infoflow type="write" weight="10"/>
## </interface>
#
@@ -189,12 +189,12 @@ interface(`corenet_udp_send_$1_node',`
########################################
## <interface name="corenet_udp_receive_$1_node">
-## <description>
+## <desc>
## Receive UDP traffic on the $1 node.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the process performing this action.
-## </parameter>
+## </param>
## <infoflow type="read" weight="10"/>
## </interface>
#
@@ -209,12 +209,12 @@ interface(`corenet_udp_receive_$1_node',`
########################################
## <interface name="corenet_udp_sendrecv_$1_node">
-## <description>
+## <desc>
## Send and receive UDP traffic on the $1 node.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the process performing this action.
-## </parameter>
+## </param>
## <infoflow type="both" weight="10"/>
## </interface>
#
@@ -225,12 +225,12 @@ interface(`corenet_udp_sendrecv_$1_node',`
########################################
## <interface name="corenet_raw_send_$1_node">
-## <description>
+## <desc>
## Send raw IP packets on the $1 node.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the process performing this action.
-## </parameter>
+## </param>
## <infoflow type="write" weight="10"/>
## </interface>
#
@@ -245,12 +245,12 @@ interface(`corenet_raw_send_$1_node',`
########################################
## <interface name="corenet_raw_receive_$1_node">
-## <description>
+## <desc>
## Receive raw IP packets on the $1 node.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the process performing this action.
-## </parameter>
+## </param>
## <infoflow type="write" weight="10"/>
## </interface>
#
@@ -265,12 +265,12 @@ interface(`corenet_raw_receive_$1_node',`
########################################
## <interface name="corenet_raw_sendrecv_$1_node">
-## <description>
+## <desc>
## Send and receive raw IP packets on the $1 node.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the process performing this action.
-## </parameter>
+## </param>
## <infoflow type="both" weight="10"/>
## </interface>
#
@@ -281,12 +281,12 @@ interface(`corenet_raw_sendrecv_$1_node',`
########################################
## <interface name="corenet_tcp_bind_$1_node">
-## <description>
+## <desc>
## Bind TCP sockets to node $1.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the process performing this action.
-## </parameter>
+## </param>
## <infoflow type="none"/>
## </interface>
#
@@ -301,12 +301,12 @@ interface(`corenet_tcp_bind_$1_node',`
########################################
## <interface name="corenet_udp_bind_$1_node">
-## <description>
+## <desc>
## Bind UDP sockets to the $1 node.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the process performing this action.
-## </parameter>
+## </param>
## <infoflow type="none"/>
## </interface>
#
@@ -329,12 +329,12 @@ interface(`corenet_udp_bind_$1_node',`
define(`create_port_interfaces',``
########################################
## <interface name="corenet_tcp_sendrecv_$1_port">
-## <description>
+## <desc>
## Send and receive TCP traffic on the $1 port.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the process performing this action.
-## </parameter>
+## </param>
## <infoflow type="both" weight="10"/>
## </interface>
#
@@ -349,12 +349,12 @@ interface(`corenet_tcp_sendrecv_$1_port',`
########################################
## <interface name="corenet_udp_send_$1_port">
-## <description>
+## <desc>
## Send UDP traffic on the $1 port.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the process performing this action.
-## </parameter>
+## </param>
## <infoflow type="write" weight="10"/>
## </interface>
#
@@ -369,12 +369,12 @@ interface(`corenet_udp_send_$1_port',`
########################################
## <interface name="corenet_udp_receive_$1_port">
-## <description>
+## <desc>
## Receive UDP traffic on the $1 port.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the process performing this action.
-## </parameter>
+## </param>
## <infoflow type="read" weight="10"/>
## </interface>
#
@@ -389,12 +389,12 @@ interface(`corenet_udp_receive_$1_port',`
########################################
## <interface name="corenetwork_sendrecv_udp_on_$1_port">
-## <description>
+## <desc>
## Send and receive UDP traffic on the $1 port.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the process performing this action.
-## </parameter>
+## </param>
## <infoflow type="both" weight="10"/>
## </interface>
#
@@ -405,12 +405,12 @@ interface(`corenet_udp_sendrecv_$1_port',`
########################################
## <interface name="corenet_tcp_bind_$1_port">
-## <description>
+## <desc>
## Bind TCP sockets to the $1 port.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the process performing this action.
-## </parameter>
+## </param>
## <infoflow type="none"/>
## </interface>
#
@@ -426,12 +426,12 @@ interface(`corenet_tcp_bind_$1_port',`
########################################
## <interface name="corenet_udp_bind_$1_port">
-## <description>
+## <desc>
## Bind UDP sockets to the $1 port.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the process performing this action.
-## </parameter>
+## </param>
## <infoflow type="none"/>
## </interface>
#
diff --git a/refpolicy/policy/modules/kernel/devices.if b/refpolicy/policy/modules/kernel/devices.if
index 8d7e753..f2bdd40 100644
--- a/refpolicy/policy/modules/kernel/devices.if
+++ b/refpolicy/policy/modules/kernel/devices.if
@@ -2,7 +2,7 @@
## <summary>
## Device nodes and interfaces for many basic system devices.
## </summary>
-## <description>
+## <desc>
## <p>
## This module creates the device node concept and provides
## the policy for many of the device files. Notable exceptions are
@@ -23,7 +23,7 @@
## this module.</li>
## </ul>
## </p>
-## </description>
+## </desc>
########################################
## <interface name="dev_node">
@@ -31,9 +31,9 @@
## Make the passed in type a type appropriate for
## use on device nodes (usually files in /dev).
## </summary>
-## <parameter name="object_type">
+## <param name="object_type">
## The object type that will be used on device nodes.
-## </parameter>
+## </param>
## </interface>
#
interface(`dev_node',`
@@ -55,9 +55,9 @@ interface(`dev_node',`
## <summary>
## Allow full relabeling (to and from) of all device nodes.
## </summary>
-## <parameter name="domain">
+## <param name="domain">
## Domain allowed to relabel.
-## </parameter>
+## </param>
## </interface>
#
interface(`dev_relabel_all_dev_nodes',`
@@ -87,9 +87,9 @@ interface(`dev_relabel_all_dev_nodes',`
## <summary>
## List all of the device nodes in a device directory.
## </summary>
-## <parameter name="domain">
+## <param name="domain">
## Domain allowed to list device nodes.
-## </parameter>
+## </param>
## </interface>
#
interface(`dev_list_all_dev_nodes',`
@@ -108,9 +108,9 @@ interface(`dev_list_all_dev_nodes',`
## <summary>
## Dontaudit attempts to list all device nodes.
## </summary>
-## <parameter name="domain">
+## <param name="domain">
## Domain to dontaudit listing of device nodes.
-## </parameter>
+## </param>
## </interface>
#
interface(`dev_dontaudit_list_all_dev_nodes',`
@@ -127,9 +127,9 @@ interface(`dev_dontaudit_list_all_dev_nodes',`
## <summary>
## Create a directory in the device directory.
## </summary>
-## <parameter name="domain">
+## <param name="domain">
## Domain allowed to create the directory.
-## </parameter>
+## </param>
## </interface>
#
interface(`dev_create_dir',`
@@ -146,9 +146,9 @@ interface(`dev_create_dir',`
## <summary>
## Allow full relabeling (to and from) of directories in /dev.
## </summary>
-## <parameter name="domain">
+## <param name="domain">
## Domain allowed to relabel.
-## </parameter>
+## </param>
## </interface>
#
interface(`dev_relabel_dev_dirs',`
@@ -165,9 +165,9 @@ interface(`dev_relabel_dev_dirs',`
## <summary>
## Dontaudit getattr on generic pipes.
## </summary>
-## <parameter name="domain">
+## <param name="domain">
## Domain to dontaudit.
-## </parameter>
+## </param>
## </interface>
#
interface(`dev_dontaudit_getattr_generic_pipe',`
@@ -184,9 +184,9 @@ interface(`dev_dontaudit_getattr_generic_pipe',`
## <summary>
## Allow getattr on generic block devices.
## </summary>
-## <parameter name="domain">
+## <param name="domain">
## Domain allowed access.
-## </parameter>
+## </param>
## </interface>
#
interface(`dev_getattr_generic_blk_file',`
@@ -205,9 +205,9 @@ interface(`dev_getattr_generic_blk_file',`
## <summary>
## Dontaudit getattr on generic block devices.
## </summary>
-## <parameter name="domain">
+## <param name="domain">
## Domain to dontaudit access.
-## </parameter>
+## </param>
## </interface>
#
interface(`dev_dontaudit_getattr_generic_blk_file',`
@@ -224,9 +224,9 @@ interface(`dev_dontaudit_getattr_generic_blk_file',`
## <summary>
## Dontaudit setattr on generic block devices.
## </summary>
-## <parameter name="domain">
+## <param name="domain">
## Domain to dontaudit access.
-## </parameter>
+## </param>
## </interface>
#
interface(`dev_dontaudit_setattr_generic_blk_file',`
@@ -244,9 +244,9 @@ interface(`dev_dontaudit_setattr_generic_blk_file',`
## Allow read, write, create, and delete for generic
## block files.
## </summary>
-## <parameter name="domain">
+## <param name="domain">
## Domain allowed access.
-## </parameter>
+## </param>
## </interface>
#
interface(`dev_manage_generic_blk_file',`
@@ -264,9 +264,9 @@ interface(`dev_manage_generic_blk_file',`
## <summary>
## Allow read, write, and create for generic character device files.
## </summary>
-## <parameter name="domain">
+## <param name="domain">
## Domain allowed access.
-## </parameter>
+## </param>
## </interface>
#
interface(`dev_create_generic_chr_file',`
@@ -288,9 +288,9 @@ interface(`dev_create_generic_chr_file',`
## <summary>
## Allow getattr for generic character device files.
## </summary>
-## <parameter name="domain">
+## <param name="domain">
## Domain allowed access.
-## </parameter>
+## </param>
## </interface>
#
interface(`dev_getattr_generic_chr_file',`
@@ -309,9 +309,9 @@ interface(`dev_getattr_generic_chr_file',`
## <summary>
## Dontaudit getattr for generic character device files.
## </summary>
-## <parameter name="domain">
+## <param name="domain">
## Domain to dontaudit access.
-## </parameter>
+## </param>
## </interface>
#
interface(`dev_dontaudit_getattr_generic_chr_file',`
@@ -328,9 +328,9 @@ interface(`dev_dontaudit_getattr_generic_chr_file',`
## <summary>
## Dontaudit setattr for generic character device files.
## </summary>
-## <parameter name="domain">
+## <param name="domain">
## Domain to dontaudit access.
-## </parameter>
+## </param>
## </interface>
#
interface(`dev_dontaudit_setattr_generic_chr_file',`
@@ -347,9 +347,9 @@ interface(`dev_dontaudit_setattr_generic_chr_file',`
## <summary>
## Delete symbolic links in device directories.
## </summary>
-## <parameter name="domain">
+## <param name="domain">
## Domain allowed access.
-## </parameter>
+## </param>
## </interface>
#
interface(`dev_del_generic_symlinks',`
@@ -368,9 +368,9 @@ interface(`dev_del_generic_symlinks',`
## <summary>
## Create, delete, read, and write symbolic links in device directories.
## </summary>
-## <parameter name="domain">
+## <param name="domain">
## Domain allowed access.
-## </parameter>
+## </param>
## </interface>
#
interface(`dev_manage_generic_symlinks',`
@@ -389,9 +389,9 @@ interface(`dev_manage_generic_symlinks',`
## <summary>
## Create, delete, read, and write device nodes in device directories.
## </summary>
-## <parameter name="domain">
+## <param name="domain">
## Domain allowed access.
-## </parameter>
+## </param>
## </interface>
#
interface(`dev_manage_dev_nodes',`
@@ -427,9 +427,9 @@ interface(`dev_manage_dev_nodes',`
## <summary>
## Dontaudit getattr for generic device files.
## </summary>
-## <parameter name="domain">
+## <param name="domain">
## Domain to dontaudit access.
-## </parameter>
+## </param>
## </interface>
#
interface(`dev_dontaudit_rw_generic_dev_nodes',`
@@ -447,9 +447,9 @@ interface(`dev_dontaudit_rw_generic_dev_nodes',`
## <summary>
## Create, delete, read, and write block device files.
## </summary>
-## <parameter name="domain">
+## <param name="domain">
## Domain allowed access.
-## </parameter>
+## </param>
## </interface>
#
interface(`dev_manage_generic_blk_file',`
@@ -468,9 +468,9 @@ interface(`dev_manage_generic_blk_file',`
## <summary>
## Create, delete, read, and write character device files.
## </summary>
-## <parameter name="domain">
+## <param name="domain">
## Domain allowed access.
-## </parameter>
+## </param>
## </interface>
#
interface(`dev_manage_generic_chr_file',`
@@ -490,16 +490,16 @@ interface(`dev_manage_generic_chr_file',`
## Create, read, and write device nodes. The node
## will be transitioned to the type provided.
## </summary>
-## <parameter name="domain">
+## <param name="domain">
## Domain allowed access.
-## </parameter>
-## <parameter name="file">
+## </param>
+## <param name="file">
## Type to which the created node will be transitioned.
-## </parameter>
-## <parameter name="objectclass(es)">
+## </param>
+## <param name="objectclass(es)">
## Object class(es) (single or set including {}) for which this
## the transition will occur.
-## </parameter>
+## </param>
## </interface>
#
interface(`dev_create_dev_node',`
@@ -521,9 +521,9 @@ interface(`dev_create_dev_node',`
## <summary>
## Getattr on all block file device nodes.
## </summary>
-## <parameter name="domain">
+## <param name="domain">
## Domain allowed access.
-## </parameter>
+## </param>
## </interface>
#
interface(`dev_getattr_all_blk_files',`
@@ -542,9 +542,9 @@ interface(`dev_getattr_all_blk_files',`
## <summary>
## Dontaudit getattr on all block file device nodes.
## </summary>
-## <parameter name="domain">
+## <param name="domain">
## Domain to dontaudit access.
-## </parameter>
+## </param>
## </interface>
#
interface(`dev_dontaudit_getattr_all_blk_files',`
@@ -561,9 +561,9 @@ interface(`dev_dontaudit_getattr_all_blk_files',`
## <summary>
## Getattr on all character file device nodes.
## </summary>
-## <parameter name="domain">
+## <param name="domain">
## Domain allowed access.
-## </parameter>
+## </param>
## </interface>
#
interface(`dev_getattr_all_chr_files',`
@@ -582,9 +582,9 @@ interface(`dev_getattr_all_chr_files',`
## <summary>
## Dontaudit getattr on all character file device nodes.
## </summary>
-## <parameter name="domain">
+## <param name="domain">
## Domain to dontaudit access.
-## </parameter>
+## </param>
## </interface>
#
interface(`dev_dontaudit_getattr_all_chr_files',`
@@ -601,9 +601,9 @@ interface(`dev_dontaudit_getattr_all_chr_files',`
## <summary>
## Setattr on all block file device nodes.
## </summary>
-## <parameter name="domain">
+## <param name="domain">
## Domain allowed access.
-## </parameter>
+## </param>
## </interface>
#
interface(`dev_setattr_all_blk_files',`
@@ -622,9 +622,9 @@ interface(`dev_setattr_all_blk_files',`
## <summary>
## Setattr on all character file device nodes.
## </summary>
-## <parameter name="domain">
+## <param name="domain">
## Domain allowed access.
-## </parameter>
+## </param>
## </interface>
#
interface(`dev_setattr_all_chr_files',`
@@ -643,9 +643,9 @@ interface(`dev_setattr_all_chr_files',`
## <summary>
## Read, write, create, and delete all block device files.
## </summary>
-## <parameter name="domain">
+## <param name="domain">
## Domain allowed access.
-## </parameter>
+## </param>
## </interface>
#
interface(`dev_manage_all_blk_files',`
@@ -670,9 +670,9 @@ interface(`dev_manage_all_blk_files',`
## <summary>
## Read, write, create, and delete all character device files.
## </summary>
-## <parameter name="domain">
+## <param name="domain">
## Domain allowed access.
-## </parameter>
+## </param>
## </interface>
#
interface(`dev_manage_all_chr_files',`
@@ -693,9 +693,9 @@ interface(`dev_manage_all_chr_files',`
## <summary>
## Read raw memory devices (e.g. /dev/mem).
## </summary>
-## <parameter name="domain">
+## <param name="domain">
## Domain allowed access.
-## </parameter>
+## </param>
## </interface>
#
interface(`dev_read_raw_memory',`
@@ -719,9 +719,9 @@ interface(`dev_read_raw_memory',`
## <summary>
## Write raw memory devices (e.g. /dev/mem).
## </summary>
-## <parameter name="domain">
+## <param name="domain">
## Domain allowed access.
-## </parameter>
+## </param>
## </interface>
#
interface(`dev_write_raw_memory',`
@@ -745,9 +745,9 @@ interface(`dev_write_raw_memory',`
## <summary>
## Read and execute raw memory devices (e.g. /dev/mem).
## </summary>
-## <parameter name="domain">
+## <param name="domain">
## Domain allowed access.
-## </parameter>
+## </param>
## </interface>
#
interface(`dev_rx_raw_memory',`
@@ -765,9 +765,9 @@ interface(`dev_rx_raw_memory',`
## <summary>
## Write and execute raw memory devices (e.g. /dev/mem).
## </summary>
-## <parameter name="domain">
+## <param name="domain">
## Domain allowed access.
-## </parameter>
+## </param>
## </interface>
#
interface(`dev_wx_raw_memory',`
@@ -785,9 +785,9 @@ interface(`dev_wx_raw_memory',`
## <summary>
## Read from random devices (e.g., /dev/random)
## </summary>
-## <parameter name="domain">
+## <param name="domain">
## Domain allowed access.
-## </parameter>
+## </param>
## </interface>
#
interface(`dev_read_rand',`
@@ -806,9 +806,9 @@ interface(`dev_read_rand',`
## <summary>
## Read from pseudo random devices (e.g., /dev/urandom)
## </summary>
-## <parameter name="domain">
+## <param name="domain">
## Domain allowed access.
-## </parameter>
+## </param>
## </interface>
#
interface(`dev_read_urand',`
@@ -829,9 +829,9 @@ interface(`dev_read_urand',`
## entropy used to generate the random data read from the
## random device.
## </summary>
-## <parameter name="domain">
+## <param name="domain">
## Domain allowed access.
-## </parameter>
+## </param>
## </interface>
#
interface(`dev_write_rand',`
@@ -851,9 +851,9 @@ interface(`dev_write_rand',`
## Write to the pseudo random device (e.g., /dev/urandom). This
## sets the random number generator seed.
## </summary>
-## <parameter name="domain">
+## <param name="domain">
## Domain allowed access.
-## </parameter>
+## </param>
## </interface>
#
interface(`dev_write_urand',`
@@ -872,9 +872,9 @@ interface(`dev_write_urand',`
## <summary>
## Read and write to the null device (/dev/null).
## </summary>
-## <parameter name="domain">
+## <param name="domain">
## Domain allowed access.
-## </parameter>
+## </param>
## </interface>
#
interface(`dev_rw_null_dev',`
@@ -893,9 +893,9 @@ interface(`dev_rw_null_dev',`
## <summary>
## Read and write to the zero device (/dev/zero).
## </summary>
-## <parameter name="domain">
+## <param name="domain">
## Domain allowed access.
-## </parameter>
+## </param>
## </interface>
#
interface(`dev_rw_zero_dev',`
@@ -914,9 +914,9 @@ interface(`dev_rw_zero_dev',`
## <summary>
## Read, write, and execute the zero device (/dev/zero).
## </summary>
-## <parameter name="domain">
+## <param name="domain">
## Domain allowed access.
-## </parameter>
+## </param>
## </interface>
#
interface(`dev_rwx_zero_dev',`
@@ -934,9 +934,9 @@ interface(`dev_rwx_zero_dev',`
## <summary>
## Read the realtime clock (/dev/rtc).
## </summary>
-## <parameter name="domain">
+## <param name="domain">
## Domain allowed access.
-## </parameter>
+## </param>
## </interface>
#
interface(`dev_read_realtime_clock',`
@@ -955,9 +955,9 @@ interface(`dev_read_realtime_clock',`
## <summary>
## Read the realtime clock (/dev/rtc).
## </summary>
-## <parameter name="domain">
+## <param name="domain">
## Domain allowed access.
-## </parameter>
+## </param>
## </interface>
#
interface(`dev_write_realtime_clock',`
@@ -976,9 +976,9 @@ interface(`dev_write_realtime_clock',`
## <summary>
## Read the realtime clock (/dev/rtc).
## </summary>
-## <parameter name="domain">
+## <param name="domain">
## Domain allowed access.
-## </parameter>
+## </param>
## </interface>
#
interface(`dev_rw_realtime_clock',`
@@ -991,9 +991,9 @@ interface(`dev_rw_realtime_clock',`
## <summary>
## Get the attributes of the sound devices.
## </summary>
-## <parameter name="domain">
+## <param name="domain">
## Domain allowed access.
-## </parameter>
+## </param>
## </interface>
#
interface(`dev_getattr_snd_dev',`
@@ -1012,9 +1012,9 @@ interface(`dev_getattr_snd_dev',`
## <summary>
## Set the attributes of the sound devices.
## </summary>
-## <parameter name="domain">
+## <param name="domain">
## Domain allowed access.
-## </parameter>
+## </param>
## </interface>
#
interface(`dev_setattr_snd_dev',`
@@ -1033,9 +1033,9 @@ interface(`dev_setattr_snd_dev',`
## <summary>
## Read the sound devices.
## </summary>
-## <parameter name="domain">
+## <param name="domain">
## Domain allowed access.
-## </parameter>
+## </param>
## </interface>
#
interface(`dev_read_snd_dev',`
@@ -1054,9 +1054,9 @@ interface(`dev_read_snd_dev',`
## <summary>
## Write the sound devices.
## </summary>
-## <parameter name="domain">
+## <param name="domain">
## Domain allowed access.
-## </parameter>
+## </param>
## </interface>
#
interface(`dev_write_snd_dev',`
@@ -1075,9 +1075,9 @@ interface(`dev_write_snd_dev',`
## <summary>
## Read the sound mixer devices.
## </summary>
-## <parameter name="domain">
+## <param name="domain">
## Domain allowed access.
-## </parameter>
+## </param>
## </interface>
#
interface(`dev_read_snd_mixer_dev',`
@@ -1096,9 +1096,9 @@ interface(`dev_read_snd_mixer_dev',`
## <summary>
## Write the sound mixer devices.
## </summary>
-## <parameter name="domain">
+## <param name="domain">
## Domain allowed access.
-## </parameter>
+## </param>
## </interface>
#
interface(`dev_write_snd_mixer_dev',`
@@ -1117,9 +1117,9 @@ interface(`dev_write_snd_mixer_dev',`
## <summary>
## Read and write the agp devices.
## </summary>
-## <parameter name="domain">
+## <param name="domain">
## Domain allowed access.
-## </parameter>
+## </param>
## </interface>
#
interface(`dev_rw_agp_dev',`
@@ -1138,9 +1138,9 @@ interface(`dev_rw_agp_dev',`
## <summary>
## Getattr the agp devices.
## </summary>
-## <parameter name="domain">
+## <param name="domain">
## Domain allowed access.
-## </parameter>
+## </param>
## </interface>
#
interface(`dev_getattr_agp_dev',`
@@ -1159,9 +1159,9 @@ interface(`dev_getattr_agp_dev',`
## <summary>
## Read and write the dri devices.
## </summary>
-## <parameter name="domain">
+## <param name="domain">
## Domain allowed access.
-## </parameter>
+## </param>
## </interface>
#
interface(`dev_rw_dri_dev',`
@@ -1180,9 +1180,9 @@ interface(`dev_rw_dri_dev',`
## <summary>
## Dontaudit read and write on the dri devices.
## </summary>
-## <parameter name="domain">
+## <param name="domain">
## Domain to dontaudit access.
-## </parameter>
+## </param>
## </interface>
#
interface(`dev_dontaudit_rw_dri_dev',`
@@ -1199,9 +1199,9 @@ interface(`dev_dontaudit_rw_dri_dev',`
## <summary>
## Read the mtrr device.
## </summary>
-## <parameter name="domain">
+## <param name="domain">
## Domain allowed access.
-## </parameter>
+## </param>
## </interface>
#
interface(`dev_read_mtrr',`
@@ -1220,9 +1220,9 @@ interface(`dev_read_mtrr',`
## <summary>
## Write the mtrr device.
## </summary>
-## <parameter name="domain">
+## <param name="domain">
## Domain allowed access.
-## </parameter>
+## </param>
## </interface>
#
interface(`dev_write_mtrr',`
@@ -1241,9 +1241,9 @@ interface(`dev_write_mtrr',`
## <summary>
## Get the attributes of the framebuffer device.
## </summary>
-## <parameter name="domain">
+## <param name="domain">
## Domain allowed access.
-## </parameter>
+## </param>
## </interface>
#
interface(`dev_getattr_framebuffer',`
@@ -1262,9 +1262,9 @@ interface(`dev_getattr_framebuffer',`
## <summary>
## Set the attributes of the framebuffer device.
## </summary>
-## <parameter name="domain">
+## <param name="domain">
## Domain allowed access.
-## </parameter>
+## </param>
## </interface>
#
interface(`dev_setattr_framebuffer',`
@@ -1283,9 +1283,9 @@ interface(`dev_setattr_framebuffer',`
## <summary>
## Read the framebuffer device.
## </summary>
-## <parameter name="domain">
+## <param name="domain">
## Domain allowed access.
-## </parameter>
+## </param>
## </interface>
#
interface(`dev_read_framebuffer',`
@@ -1304,9 +1304,9 @@ interface(`dev_read_framebuffer',`
## <summary>
## Write the framebuffer device.
## </summary>
-## <parameter name="domain">
+## <param name="domain">
## Domain allowed access.
-## </parameter>
+## </param>
## </interface>
#
interface(`dev_write_framebuffer',`
@@ -1325,9 +1325,9 @@ interface(`dev_write_framebuffer',`
## <summary>
## Read the lvm comtrol device.
## </summary>
-## <parameter name="domain">
+## <param name="domain">
## Domain allowed access.
-## </parameter>
+## </param>
## </interface>
#
interface(`dev_read_lvm_control',`
@@ -1346,9 +1346,9 @@ interface(`dev_read_lvm_control',`
## <summary>
## Read and write the lvm control device.
## </summary>
-## <parameter name="domain">
+## <param name="domain">
## Domain allowed access.
-## </parameter>
+## </param>
## </interface>
#
interface(`dev_rw_lvm_control',`
@@ -1367,9 +1367,9 @@ interface(`dev_rw_lvm_control',`
## <summary>
## Delete the lvm control device.
## </summary>
-## <parameter name="domain">
+## <param name="domain">
## Domain allowed access.
-## </parameter>
+## </param>
## </interface>
#
interface(`dev_delete_lvm_control',`
@@ -1388,9 +1388,9 @@ interface(`dev_delete_lvm_control',`
## <summary>
## Get the attributes of miscellaneous devices.
## </summary>
-## <parameter name="domain">
+## <param name="domain">
## Domain allowed access.
-## </parameter>
+## </param>
## </interface>
#
interface(`dev_getattr_misc',`
@@ -1410,9 +1410,9 @@ interface(`dev_getattr_misc',`
## Do not audit attempts to get the attributes
## of miscellaneous devices.
## </summary>
-## <parameter name="domain">
+## <param name="domain">
## Domain allowed access.
-## </parameter>
+## </param>
## </interface>
#
interface(`dev_dontaudit_getattr_misc',`
@@ -1429,9 +1429,9 @@ interface(`dev_dontaudit_getattr_misc',`
## <summary>
## Set the attributes of miscellaneous devices.
## </summary>
-## <parameter name="domain">
+## <param name="domain">
## Domain allowed access.
-## </parameter>
+## </param>
## </interface>
#
interface(`dev_setattr_misc',`
@@ -1451,9 +1451,9 @@ interface(`dev_setattr_misc',`
## Do not audit attempts to set the attributes
## of miscellaneous devices.
## </summary>
-## <parameter name="domain">
+## <param name="domain">
## Domain allowed access.
-## </parameter>
+## </param>
## </interface>
#
interface(`dev_dontaudit_setattr_misc',`
@@ -1470,9 +1470,9 @@ interface(`dev_dontaudit_setattr_misc',`
## <summary>
## Read miscellaneous devices.
## </summary>
-## <parameter name="domain">
+## <param name="domain">
## Domain allowed access.
-## </parameter>
+## </param>
## </interface>
#
interface(`dev_read_misc',`
@@ -1491,9 +1491,9 @@ interface(`dev_read_misc',`
## <summary>
## Write miscellaneous devices.
## </summary>
-## <parameter name="domain">
+## <param name="domain">
## Domain allowed access.
-## </parameter>
+## </param>
## </interface>
#
interface(`dev_write_misc',`
@@ -1512,9 +1512,9 @@ interface(`dev_write_misc',`
## <summary>
## Get the attributes of the mouse devices.
## </summary>
-## <parameter name="domain">
+## <param name="domain">
## Domain allowed access.
-## </parameter>
+## </param>
## </interface>
#
interface(`dev_getattr_mouse',`
@@ -1533,9 +1533,9 @@ interface(`dev_getattr_mouse',`
## <summary>
## Set the attributes of the mouse devices.
## </summary>
-## <parameter name="domain">
+## <param name="domain">
## Domain allowed access.
-## </parameter>
+## </param>
## </interface>
#
interface(`dev_setattr_mouse',`
@@ -1554,9 +1554,9 @@ interface(`dev_setattr_mouse',`
## <summary>
## Read the mouse devices.
## </summary>
-## <parameter name="domain">
+## <param name="domain">
## Domain allowed access.
-## </parameter>
+## </param>
## </interface>
#
interface(`dev_read_mouse',`
@@ -1575,9 +1575,9 @@ interface(`dev_read_mouse',`
## <summary>
## Read the multiplexed input device (/dev/input).
## </summary>
-## <parameter name="domain">
+## <param name="domain">
## Domain allowed access.
-## </parameter>
+## </param>
## </interface>
#
interface(`dev_read_input',`
@@ -1596,9 +1596,9 @@ interface(`dev_read_input',`
## <summary>
## Read the multiplexed input device (/dev/input).
## </summary>
-## <parameter name="domain">
+## <param name="domain">
## Domain allowed access.
-## </parameter>
+## </param>
## </interface>
#
interface(`dev_read_cpuid',`
@@ -1618,9 +1618,9 @@ interface(`dev_read_cpuid',`
## Read and write the the cpu microcode device. This
## is required to load cpu microcode.
## </summary>
-## <parameter name="domain">
+## <param name="domain">
## Domain allowed access.
-## </parameter>
+## </param>
## </interface>
#
interface(`dev_rw_cpu_microcode',`
@@ -1639,9 +1639,9 @@ interface(`dev_rw_cpu_microcode',`
## <summary>
## Get the attributes of the scanner device.
## </summary>
-## <parameter name="domain">
+## <param name="domain">
## Domain allowed access.
-## </parameter>
+## </param>
## </interface>
#
interface(`dev_getattr_scanner',`
@@ -1661,9 +1661,9 @@ interface(`dev_getattr_scanner',`
## Do not audit attempts to get the attributes of
## the scanner device.
## </summary>
-## <parameter name="domain">
+## <param name="domain">
## Domain to not audit.
-## </parameter>
+## </param>
## </interface>
#
interface(`dev_dontaudit_getattr_scanner',`
@@ -1680,9 +1680,9 @@ interface(`dev_dontaudit_getattr_scanner',`
## <summary>
## Set the attributes of the scanner device.
## </summary>
-## <parameter name="domain">
+## <param name="domain">
## Domain allowed access.
-## </parameter>
+## </param>
## </interface>
#
interface(`dev_setattr_scanner',`
@@ -1702,9 +1702,9 @@ interface(`dev_setattr_scanner',`
## Do not audit attempts to set the attributes of
## the scanner device.
## </summary>
-## <parameter name="domain">
+## <param name="domain">
## Domain to not audit.
-## </parameter>
+## </param>
## </interface>
#
interface(`dev_dontaudit_setattr_scanner',`
@@ -1721,9 +1721,9 @@ interface(`dev_dontaudit_setattr_scanner',`
## <summary>
## Read and write the scanner device.
## </summary>
-## <parameter name="domain">
+## <param name="domain">
## Domain allowed access.
-## </parameter>
+## </param>
## </interface>
#
interface(`dev_rw_scanner',`
@@ -1742,9 +1742,9 @@ interface(`dev_rw_scanner',`
## <summary>
## Get the attributes of the the power management device.
## </summary>
-## <parameter name="domain">
+## <param name="domain">
## Domain allowed access.
-## </parameter>
+## </param>
## </interface>
#
interface(`dev_getattr_power_management',`
@@ -1763,9 +1763,9 @@ interface(`dev_getattr_power_management',`
## <summary>
## Set the attributes of the the power management device.
## </summary>
-## <parameter name="domain">
+## <param name="domain">
## Domain allowed access.
-## </parameter>
+## </param>
## </interface>
#
interface(`dev_setattr_power_management',`
@@ -1784,9 +1784,9 @@ interface(`dev_setattr_power_management',`
## <summary>
## Read and write the the power management device.
## </summary>
-## <parameter name="domain">
+## <param name="domain">
## Domain allowed access.
-## </parameter>
+## </param>
## </interface>
#
interface(`dev_rw_power_management',`
@@ -1805,9 +1805,9 @@ interface(`dev_rw_power_management',`
## <summary>
## Get the attributes of sysfs directories.
## </summary>
-## <parameter name="domain">
+## <param name="domain">
## The type of the process performing this action.
-## </parameter>
+## </param>
## </interface>
#
interface(`dev_getattr_sysfs_dir',`
@@ -1824,9 +1824,9 @@ interface(`dev_getattr_sysfs_dir',`
## <summary>
## Search the directory containing hardware information.
## </summary>
-## <parameter name="domain">
+## <param name="domain">
## The type of the process performing this action.
-## </parameter>
+## </param>
## </interface>
#
interface(`dev_search_sysfs',`
@@ -1843,9 +1843,9 @@ interface(`dev_search_sysfs',`
## <summary>
## Allow caller to read hardware state information.
## </summary>
-## <parameter name="domain">
+## <param name="domain">
## The process type reading hardware state information.
-## </parameter>
+## </param>
## </interface>
#
interface(`dev_read_sysfs',`
@@ -1865,9 +1865,9 @@ interface(`dev_read_sysfs',`
## <summary>
## Allow caller to modify hardware state information.
## </summary>
-## <parameter name="domain">
+## <param name="domain">
## The process type modifying hardware state information.
-## </parameter>
+## </param>
## </interface>
#
interface(`dev_rw_sysfs',`
@@ -1888,9 +1888,9 @@ interface(`dev_rw_sysfs',`
## <summary>
## Search the directory containing USB hardware information.
## </summary>
-## <parameter name="domain">
+## <param name="domain">
## The type of the process performing this action.
-## </parameter>
+## </param>
## </interface>
#
interface(`dev_search_usbfs',`
@@ -1907,9 +1907,9 @@ interface(`dev_search_usbfs',`
## <summary>
## Allow caller to get a list of usb hardware.
## </summary>
-## <parameter name="domain">
+## <param name="domain">
## The process type getting the list.
-## </parameter>
+## </param>
## </interface>
#
interface(`dev_list_usbfs',`
@@ -1931,9 +1931,9 @@ interface(`dev_list_usbfs',`
## Read USB hardware information using
## the usbfs filesystem interface.
## </summary>
-## <parameter name="domain">
+## <param name="domain">
## The type of the process performing this action.
-## </parameter>
+## </param>
## </interface>
#
interface(`dev_read_usbfs',`
@@ -1953,9 +1953,9 @@ interface(`dev_read_usbfs',`
## <summary>
## Allow caller to modify usb hardware configuration files.
## </summary>
-## <parameter name="domain">
+## <param name="domain">
## The process type modifying the options.
-## </parameter>
+## </param>
## </interface>
#
interface(`dev_rw_usbfs',`
@@ -1976,9 +1976,9 @@ interface(`dev_rw_usbfs',`
## <summary>
## Get the attributes of video4linux devices.
## </summary>
-## <parameter name="domain">
+## <param name="domain">
## The process type modifying the options.
-## </parameter>
+## </param>
## </interface>
#
interface(`dev_getattr_video_dev',`
@@ -1997,9 +1997,9 @@ interface(`dev_getattr_video_dev',`
## <summary>
## Set the attributes of video4linux devices.
## </summary>
-## <parameter name="domain">
+## <param name="domain">
## The process type modifying the options.
-## </parameter>
+## </param>
## </interface>
#
interface(`dev_setattr_video_dev',`
diff --git a/refpolicy/policy/modules/kernel/filesystem.if b/refpolicy/policy/modules/kernel/filesystem.if
index 6ab8773..0261476 100644
--- a/refpolicy/policy/modules/kernel/filesystem.if
+++ b/refpolicy/policy/modules/kernel/filesystem.if
@@ -3,12 +3,12 @@
########################################
## <interface name="fs_make_fs">
-## <description>
+## <desc>
## Transform specified type into a filesystem type.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the process performing this action.
-## </parameter>
+## </param>
## </interface>
#
interface(`fs_make_fs',`
@@ -21,14 +21,14 @@ interface(`fs_make_fs',`
########################################
## <interface name="fs_make_noxattr_fs">
-## <description>
+## <desc>
## Transform specified type into a filesystem
## type which does not have extended attribute
## support.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the process performing this action.
-## </parameter>
+## </param>
## </interface>
#
interface(`fs_make_noxattr_fs',`
@@ -43,15 +43,15 @@ interface(`fs_make_noxattr_fs',`
########################################
## <interface name="fs_associate">
-## <description>
+## <desc>
## Associate the specified file type to persistent
## filesystems with extended attributes. This
## allows a file of this type to be created on
## a filesystem such as ext3, JFS, and XFS.
-## </description>
-## <parameter name="file_type">
+## </desc>
+## <param name="file_type">
## The type of the to be associated.
-## </parameter>
+## </param>
## </interface>
#
interface(`fs_associate',`
@@ -65,16 +65,16 @@ interface(`fs_associate',`
########################################
## <interface name="fs_associate_noxattr">
-## <description>
+## <desc>
## Associate the specified file type to
## filesystems which lack extended attributes
## support. This allows a file of this type
## to be created on a filesystem such as
## FAT32, and NFS.
-## </description>
-## <parameter name="file_type">
+## </desc>
+## <param name="file_type">
## The type of the to be associated.
-## </parameter>
+## </param>
## </interface>
#
interface(`fs_associate_noxattr',`
@@ -88,14 +88,14 @@ interface(`fs_associate_noxattr',`
########################################
## <interface name="fs_mount_xattr_fs">
-## <description>
+## <desc>
## Mount a persistent filesystem which
## has extended attributes, such as
## ext3, JFS, or XFS.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the domain mounting the filesystem.
-## </parameter>
+## </param>
## </interface>
#
interface(`fs_mount_xattr_fs',`
@@ -109,15 +109,15 @@ interface(`fs_mount_xattr_fs',`
########################################
## <interface name="fs_remount_xattr_fs">
-## <description>
+## <desc>
## Remount a persistent filesystem which
## has extended attributes, such as
## ext3, JFS, or XFS. This allows
## some mount options to be changed.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the domain remounting the filesystem.
-## </parameter>
+## </param>
## </interface>
#
interface(`fs_remount_xattr_fs',`
@@ -131,14 +131,14 @@ interface(`fs_remount_xattr_fs',`
########################################
## <interface name="fs_unmount_xattr_fs">
-## <description>
+## <desc>
## Unmount a persistent filesystem which
## has extended attributes, such as
## ext3, JFS, or XFS.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the domain unmounting the filesystem.
-## </parameter>
+## </param>
## </interface>
#
interface(`fs_unmount_xattr_fs',`
@@ -152,15 +152,15 @@ interface(`fs_unmount_xattr_fs',`
########################################
## <interface name="fs_getattr_xattr_fs">
-## <description>
+## <desc>
## Get the attributes of a persistent
## filesystem which has extended
## attributes, such as ext3, JFS, or XFS.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the domain doing the
## getattr on the filesystem.
-## </parameter>
+## </param>
## </interface>
#
interface(`fs_getattr_xattr_fs',`
@@ -174,15 +174,15 @@ interface(`fs_getattr_xattr_fs',`
########################################
## <interface name="fs_dontaudit_getattr_xattr_fs">
-## <description>
+## <desc>
## Do not audit attempts to
## get the attributes of a persistent
## filesystem which has extended
## attributes, such as ext3, JFS, or XFS.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the domain to not audit.
-## </parameter>
+## </param>
## </interface>
#
interface(`fs_dontaudit_getattr_xattr_fs',`
@@ -196,14 +196,14 @@ interface(`fs_dontaudit_getattr_xattr_fs',`
########################################
## <interface name="fs_relabelfrom_xattr_fs">
-## <description>
+## <desc>
## Allow changing of the label of a
## filesystem with extended attributes
## using the context= mount option.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the domain mounting the filesystem.
-## </parameter>
+## </param>
## </interface>
#
interface(`fs_relabelfrom_xattr_fs',`
@@ -217,12 +217,12 @@ interface(`fs_relabelfrom_xattr_fs',`
########################################
## <interface name="fs_mount_autofs">
-## <description>
+## <desc>
## Mount an automount pseudo filesystem.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the domain mounting the filesystem.
-## </parameter>
+## </param>
## </interface>
#
interface(`fs_mount_autofs',`
@@ -237,13 +237,13 @@ interface(`fs_mount_autofs',`
########################################
## <interface name="fs_remount_autofs">
-## <description>
+## <desc>
## Remount an automount pseudo filesystem
## This allows some mount options to be changed.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the domain remounting the filesystem.
-## </parameter>
+## </param>
## </interface>
#
interface(`fs_remount_autofs',`
@@ -257,12 +257,12 @@ interface(`fs_remount_autofs',`
########################################
## <interface name="fs_unmount_autofs">
-## <description>
+## <desc>
## Unmount an automount pseudo filesystem.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the domain unmounting the filesystem.
-## </parameter>
+## </param>
## </interface>
#
interface(`fs_unmount_autofs',`
@@ -276,14 +276,14 @@ interface(`fs_unmount_autofs',`
########################################
## <interface name="fs_getattr_autofs">
-## <description>
+## <desc>
## Get the attributes of an automount
## pseudo filesystem.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the domain doing the
## getattr on the filesystem.
-## </parameter>
+## </param>
## </interface>
#
interface(`fs_getattr_autofs',`
@@ -297,7 +297,7 @@ interface(`fs_getattr_autofs',`
########################################
## <interface name="fs_register_binary_executable_type">
-## <description>
+## <desc>
## Register an interpreter for new binary
## file types, using the kernel binfmt_misc
## support. A common use for this is to
@@ -305,11 +305,11 @@ interface(`fs_getattr_autofs',`
## Java byte code. Registered binaries
## can be directly executed on a command line
## without specifying the interpreter.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the domain registering
## the interpreter.
-## </parameter>
+## </param>
## </interface>
#
interface(`fs_register_binary_executable_type',`
@@ -325,12 +325,12 @@ interface(`fs_register_binary_executable_type',`
########################################
## <interface name="fs_mount_cifs">
-## <description>
+## <desc>
## Mount a CIFS or SMB network filesystem.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the domain mounting the filesystem.
-## </parameter>
+## </param>
## </interface>
#
interface(`fs_mount_cifs',`
@@ -344,13 +344,13 @@ interface(`fs_mount_cifs',`
########################################
## <interface name="fs_remount_cifs">
-## <description>
+## <desc>
## Remount a CIFS or SMB network filesystem.
## This allows some mount options to be changed.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the domain mounting the filesystem.
-## </parameter>
+## </param>
## </interface>
#
interface(`fs_remount_cifs',`
@@ -364,12 +364,12 @@ interface(`fs_remount_cifs',`
########################################
## <interface name="fs_unmount_cifs">
-## <description>
+## <desc>
## Unmount a CIFS or SMB network filesystem.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the domain mounting the filesystem.
-## </parameter>
+## </param>
## </interface>
#
interface(`fs_unmount_cifs',`
@@ -383,14 +383,14 @@ interface(`fs_unmount_cifs',`
########################################
## <interface name="fs_getattr_cifs">
-## <description>
+## <desc>
## Get the attributes of a CIFS or
## SMB network filesystem.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the domain doing the
## getattr on the filesystem.
-## </parameter>
+## </param>
## </interface>
#
interface(`fs_getattr_cifs',`
@@ -404,12 +404,12 @@ interface(`fs_getattr_cifs',`
########################################
## <interface name="fs_read_cifs_files">
-## <description>
+## <desc>
## Read files on a CIFS or SMB filesystem.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the domain reading the files.
-## </parameter>
+## </param>
## </interface>
#
interface(`fs_read_cifs_files',`
@@ -425,13 +425,13 @@ interface(`fs_read_cifs_files',`
########################################
## <interface name="fs_dontaudit_rw_cifs_files">
-## <description>
+## <desc>
## Do not audit attempts to read or
## write files on a CIFS or SMB filesystem.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the domain to not audit.
-## </parameter>
+## </param>
## </interface>
#
interface(`fs_dontaudit_rw_cifs_files',`
@@ -445,12 +445,12 @@ interface(`fs_dontaudit_rw_cifs_files',`
########################################
## <interface name="fs_read_cifs_symlinks">
-## <description>
+## <desc>
## Read symbolic links on a CIFS or SMB filesystem.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the domain reading the symbolic links.
-## </parameter>
+## </param>
## </interface>
#
interface(`fs_read_cifs_symlinks',`
@@ -466,14 +466,14 @@ interface(`fs_read_cifs_symlinks',`
########################################
## <interface name="fs_execute_cifs_files">
-## <description>
+## <desc>
## Execute files on a CIFS or SMB
## network filesystem, in the caller
## domain.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the domain executing the files.
-## </parameter>
+## </param>
## </interface>
#
interface(`fs_execute_cifs_files',`
@@ -488,13 +488,13 @@ interface(`fs_execute_cifs_files',`
########################################
## <interface name="fs_dontaudit_rw_cifs_files">
-## <description>
+## <desc>
## Do not audit attempts to read or
## write files on a CIFS or SMB filesystems.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the domain to not audit.
-## </parameter>
+## </param>
## </interface>
#
interface(`fs_read_cifs_files',`
@@ -508,13 +508,13 @@ interface(`fs_read_cifs_files',`
########################################
## <interface name="fs_manage_cifs_dirs">
-## <description>
+## <desc>
## Create, read, write, and delete directories
## on a CIFS or SMB network filesystem.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the domain managing the directories.
-## </parameter>
+## </param>
## </interface>
#
interface(`fs_manage_cifs_dirs',`
@@ -528,13 +528,13 @@ interface(`fs_manage_cifs_dirs',`
########################################
## <interface name="fs_manage_cifs_files">
-## <description>
+## <desc>
## Create, read, write, and delete files
## on a CIFS or SMB network filesystem.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the domain managing the files.
-## </parameter>
+## </param>
## </interface>
#
interface(`fs_manage_cifs_files',`
@@ -550,13 +550,13 @@ interface(`fs_manage_cifs_files',`
########################################
## <interface name="fs_manage_cifs_symlinks">
-## <description>
+## <desc>
## Create, read, write, and delete symbolic links
## on a CIFS or SMB network filesystem.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the domain managing the symbolic links.
-## </parameter>
+## </param>
## </interface>
#
interface(`fs_manage_cifs_symlinks',`
@@ -572,13 +572,13 @@ interface(`fs_manage_cifs_symlinks',`
########################################
## <interface name="fs_manage_cifs_named_pipes">
-## <description>
+## <desc>
## Create, read, write, and delete named pipes
## on a CIFS or SMB network filesystem.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the domain managing the pipes.
-## </parameter>
+## </param>
## </interface>
#
interface(`fs_manage_cifs_named_pipes',`
@@ -594,13 +594,13 @@ interface(`fs_manage_cifs_named_pipes',`
########################################
## <interface name="fs_manage_cifs_named_sockets">
-## <description>
+## <desc>
## Create, read, write, and delete named sockets
## on a CIFS or SMB network filesystem.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the domain managing the sockets.
-## </parameter>
+## </param>
## </interface>
#
interface(`fs_manage_cifs_named_sockets',`
@@ -616,13 +616,13 @@ interface(`fs_manage_cifs_named_sockets',`
########################################
## <interface name="fs_mount_dos_fs">
-## <description>
+## <desc>
## Mount a DOS filesystem, such as
## FAT32 or NTFS.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the domain mounting the filesystem.
-## </parameter>
+## </param>
## </interface>
#
interface(`fs_mount_dos_fs',`
@@ -636,14 +636,14 @@ interface(`fs_mount_dos_fs',`
########################################
## <interface name="fs_remount_dos_fs">
-## <description>
+## <desc>
## Remount a DOS filesystem, such as
## FAT32 or NTFS. This allows
## some mount options to be changed.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the domain remounting the filesystem.
-## </parameter>
+## </param>
## </interface>
#
interface(`fs_remount_dos_fs',`
@@ -657,13 +657,13 @@ interface(`fs_remount_dos_fs',`
########################################
## <interface name="fs_unmount_dos_fs">
-## <description>
+## <desc>
## Unmount a DOS filesystem, such as
## FAT32 or NTFS.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the domain unmounting the filesystem.
-## </parameter>
+## </param>
## </interface>
#
interface(`fs_unmount_dos_fs',`
@@ -677,14 +677,14 @@ interface(`fs_unmount_dos_fs',`
########################################
## <interface name="fs_getattr_dos_fs">
-## <description>
+## <desc>
## Get the attributes of a DOS
## filesystem, such as FAT32 or NTFS.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the domain doing the
## getattr on the filesystem.
-## </parameter>
+## </param>
## </interface>
#
interface(`fs_getattr_dos_fs',`
@@ -698,13 +698,13 @@ interface(`fs_getattr_dos_fs',`
########################################
## <interface name="fs_relabelfrom_dos_fs">
-## <description>
+## <desc>
## Allow changing of the label of a
## DOS filesystem using the context= mount option.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the domain mounting the filesystem.
-## </parameter>
+## </param>
## </interface>
#
interface(`fs_relabelfrom_dos_fs',`
@@ -718,13 +718,13 @@ interface(`fs_relabelfrom_dos_fs',`
########################################
## <interface name="fs_mount_iso9660_fs">
-## <description>
+## <desc>
## Mount an iso9660 filesystem, which
## is usually used on CDs.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the domain mounting the filesystem.
-## </parameter>
+## </param>
## </interface>
#
interface(`fs_mount_iso9660_fs',`
@@ -738,14 +738,14 @@ interface(`fs_mount_iso9660_fs',`
########################################
## <interface name="fs_remount_iso9660_fs">
-## <description>
+## <desc>
## Remount an iso9660 filesystem, which
## is usually used on CDs. This allows
## some mount options to be changed.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the domain remounting the filesystem.
-## </parameter>
+## </param>
## </interface>
#
interface(`fs_remount_iso9660_fs',`
@@ -759,13 +759,13 @@ interface(`fs_remount_iso9660_fs',`
########################################
## <interface name="fs_unmount_iso9660_fs">
-## <description>
+## <desc>
## Unmount an iso9660 filesystem, which
## is usually used on CDs.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the domain unmounting the filesystem.
-## </parameter>
+## </param>
## </interface>
#
interface(`fs_unmount_iso9660_fs',`
@@ -779,14 +779,14 @@ interface(`fs_unmount_iso9660_fs',`
########################################
## <interface name="fs_mount_iso9660_fs">
-## <description>
+## <desc>
## Get the attributes of an iso9660
## filesystem, which is usually used on CDs.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the domain doing the
## getattr on the filesystem.
-## </parameter>
+## </param>
## </interface>
#
interface(`fs_getattr_iso9660_fs',`
@@ -800,12 +800,12 @@ interface(`fs_getattr_iso9660_fs',`
########################################
## <interface name="fs_mount_nfs">
-## <description>
+## <desc>
## Mount a NFS filesystem.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the domain mounting the filesystem.
-## </parameter>
+## </param>
## </interface>
#
interface(`fs_mount_nfs',`
@@ -819,13 +819,13 @@ interface(`fs_mount_nfs',`
########################################
## <interface name="fs_remount_nfs">
-## <description>
+## <desc>
## Remount a NFS filesystem. This allows
## some mount options to be changed.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the domain remounting the filesystem.
-## </parameter>
+## </param>
## </interface>
#
interface(`fs_remount_nfs',`
@@ -839,12 +839,12 @@ interface(`fs_remount_nfs',`
########################################
## <interface name="fs_mount_nfs">
-## <description>
+## <desc>
## Unmount a NFS filesystem.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the domain unmounting the filesystem.
-## </parameter>
+## </param>
## </interface>
#
interface(`fs_unmount_nfs',`
@@ -858,13 +858,13 @@ interface(`fs_unmount_nfs',`
########################################
## <interface name="fs_getattr_nfs">
-## <description>
+## <desc>
## Get the attributes of a NFS filesystem.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the domain doing the
## getattr on the filesystem.
-## </parameter>
+## </param>
## </interface>
#
interface(`fs_getattr_nfs',`
@@ -878,12 +878,12 @@ interface(`fs_getattr_nfs',`
########################################
## <interface name="fs_read_nfs_files">
-## <description>
+## <desc>
## Read files on a NFS filesystem.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the domain reading the files.
-## </parameter>
+## </param>
## </interface>
#
interface(`fs_read_nfs_files',`
@@ -899,12 +899,12 @@ interface(`fs_read_nfs_files',`
########################################
## <interface name="fs_execute_nfs_files">
-## <description>
+## <desc>
## Execute files on a NFS filesystem.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the domain executing the files.
-## </parameter>
+## </param>
## </interface>
#
interface(`fs_execute_nfs_files',`
@@ -919,13 +919,13 @@ interface(`fs_execute_nfs_files',`
########################################
## <interface name="fs_dontaudit_rw_nfs_files">
-## <description>
+## <desc>
## Do not audit attempts to read or
## write files on a NFS filesystem.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the domain to not audit.
-## </parameter>
+## </param>
## </interface>
#
interface(`fs_dontaudit_rw_nfs_files',`
@@ -939,12 +939,12 @@ interface(`fs_dontaudit_rw_nfs_files',`
########################################
## <interface name="fs_read_nfs_symlinks">
-## <description>
+## <desc>
## Read symbolic links on a NFS filesystem.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the domain reading the symbolic links.
-## </parameter>
+## </param>
## </interface>
#
interface(`fs_read_nfs_symlinks',`
@@ -960,13 +960,13 @@ interface(`fs_read_nfs_symlinks',`
########################################
## <interface name="fs_manage_nfs_dirs">
-## <description>
+## <desc>
## Create, read, write, and delete directories
## on a NFS filesystem.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the domain managing the directories.
-## </parameter>
+## </param>
## </interface>
#
interface(`fs_manage_nfs_dirs',`
@@ -980,13 +980,13 @@ interface(`fs_manage_nfs_dirs',`
########################################
## <interface name="fs_manage_nfs_files">
-## <description>
+## <desc>
## Create, read, write, and delete files
## on a NFS filesystem.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the domain managing the files.
-## </parameter>
+## </param>
## </interface>
#
interface(`fs_manage_nfs_files',`
@@ -1002,13 +1002,13 @@ interface(`fs_manage_nfs_files',`
#########################################
## <interface name="fs_manage_nfs_symlinks">
-## <description>
+## <desc>
## Create, read, write, and delete symbolic links
## on a CIFS or SMB network filesystem.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the domain managing the symbolic links.
-## </parameter>
+## </param>
## </interface>
#
interface(`fs_manage_nfs_symlinks',`
@@ -1024,13 +1024,13 @@ interface(`fs_manage_nfs_symlinks',`
#########################################
## <interface name="fs_manage_nfs_named_pipes">
-## <description>
+## <desc>
## Create, read, write, and delete named pipes
## on a NFS filesystem.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the domain managing the pipes.
-## </parameter>
+## </param>
## </interface>
#
interface(`fs_manage_nfs_named_pipes',`
@@ -1046,13 +1046,13 @@ interface(`fs_manage_nfs_named_pipes',`
#########################################
## <interface name="fs_manage_nfs_named_sockets">
-## <description>
+## <desc>
## Create, read, write, and delete named sockets
## on a NFS filesystem.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the domain managing the sockets.
-## </parameter>
+## </param>
## </interface>
#
interface(`fs_manage_nfs_named_sockets',`
@@ -1068,12 +1068,12 @@ interface(`fs_manage_nfs_named_sockets',`
########################################
## <interface name="fs_mount_nfsd_fs">
-## <description>
+## <desc>
## Mount a NFS server pseudo filesystem.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the domain mounting the filesystem.
-## </parameter>
+## </param>
## </interface>
#
interface(`fs_mount_nfsd_fs',`
@@ -1087,13 +1087,13 @@ interface(`fs_mount_nfsd_fs',`
########################################
## <interface name="fs_remount_nfsd_fs">
-## <description>
+## <desc>
## Mount a NFS server pseudo filesystem.
## This allows some mount options to be changed.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the domain remounting the filesystem.
-## </parameter>
+## </param>
## </interface>
#
interface(`fs_remount_nfsd_fs',`
@@ -1107,12 +1107,12 @@ interface(`fs_remount_nfsd_fs',`
########################################
## <interface name="fs_unmount_nfsd_fs">
-## <description>
+## <desc>
## Unmount a NFS server pseudo filesystem.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the domain unmounting the filesystem.
-## </parameter>
+## </param>
## </interface>
#
interface(`fs_unmount_nfsd_fs',`
@@ -1126,14 +1126,14 @@ interface(`fs_unmount_nfsd_fs',`
########################################
## <interface name="fs_getattr_nfsd_fs">
-## <description>
+## <desc>
## Get the attributes of a NFS server
## pseudo filesystem.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the domain doing the
## getattr on the filesystem.
-## </parameter>
+## </param>
## </interface>
#
interface(`fs_getattr_nfsd_fs',`
@@ -1147,12 +1147,12 @@ interface(`fs_getattr_nfsd_fs',`
########################################
## <interface name="fs_mount_ramfs">
-## <description>
+## <desc>
## Mount a RAM filesystem.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the domain mounting the filesystem.
-## </parameter>
+## </param>
## </interface>
#
interface(`fs_mount_ramfs',`
@@ -1166,13 +1166,13 @@ interface(`fs_mount_ramfs',`
########################################
## <interface name="fs_remount_ramfs">
-## <description>
+## <desc>
## Remount a RAM filesystem. This allows
## some mount options to be changed.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the domain remounting the filesystem.
-## </parameter>
+## </param>
## </interface>
#
interface(`fs_remount_ramfs',`
@@ -1186,12 +1186,12 @@ interface(`fs_remount_ramfs',`
########################################
## <interface name="fs_unmount_ramfs">
-## <description>
+## <desc>
## Unmount a RAM filesystem.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the domain unmounting the filesystem.
-## </parameter>
+## </param>
## </interface>
#
interface(`fs_unmount_ramfs',`
@@ -1205,13 +1205,13 @@ interface(`fs_unmount_ramfs',`
########################################
## <interface name="fs_getattr_ramfs">
-## <description>
+## <desc>
## Get the attributes of a RAM filesystem.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the domain doing the
## getattr on the filesystem.
-## </parameter>
+## </param>
## </interface>
#
interface(`fs_getattr_ramfs',`
@@ -1225,12 +1225,12 @@ interface(`fs_getattr_ramfs',`
########################################
## <interface name="fs_mount_romfs">
-## <description>
+## <desc>
## Mount a ROM filesystem.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the domain mounting the filesystem.
-## </parameter>
+## </param>
## </interface>
#
interface(`fs_mount_romfs',`
@@ -1244,13 +1244,13 @@ interface(`fs_mount_romfs',`
########################################
## <interface name="fs_remount_romfs">
-## <description>
+## <desc>
## Remount a ROM filesystem. This allows
## some mount options to be changed.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the domain remounting the filesystem.
-## </parameter>
+## </param>
## </interface>
#
interface(`fs_remount_romfs',`
@@ -1264,12 +1264,12 @@ interface(`fs_remount_romfs',`
########################################
## <interface name="fs_unmount_romfs">
-## <description>
+## <desc>
## Unmount a ROM filesystem.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the domain unmounting the filesystem.
-## </parameter>
+## </param>
## </interface>
#
interface(`fs_unmount_romfs',`
@@ -1283,14 +1283,14 @@ interface(`fs_unmount_romfs',`
########################################
## <interface name="fs_getattr_romfs">
-## <description>
+## <desc>
## Get the attributes of a ROM
## filesystem.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the domain doing the
## getattr on the filesystem.
-## </parameter>
+## </param>
## </interface>
#
interface(`fs_getattr_romfs',`
@@ -1304,12 +1304,12 @@ interface(`fs_getattr_romfs',`
########################################
## <interface name="fs_mount_rpc_pipefs">
-## <description>
+## <desc>
## Mount a RPC pipe filesystem.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the domain mounting the filesystem.
-## </parameter>
+## </param>
## </interface>
#
interface(`fs_mount_rpc_pipefs',`
@@ -1323,13 +1323,13 @@ interface(`fs_mount_rpc_pipefs',`
########################################
## <interface name="fs_remount_rpc_pipefs">
-## <description>
+## <desc>
## Remount a RPC pipe filesystem. This
## allows some mount option to be changed.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the domain remounting the filesystem.
-## </parameter>
+## </param>
## </interface>
#
interface(`fs_remount_rpc_pipefs',`
@@ -1343,12 +1343,12 @@ interface(`fs_remount_rpc_pipefs',`
########################################
## <interface name="fs_unmount_rpc_pipefs">
-## <description>
+## <desc>
## Unmount a RPC pipe filesystem.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the domain unmounting the filesystem.
-## </parameter>
+## </param>
## </interface>
#
interface(`fs_unmount_rpc_pipefs',`
@@ -1362,14 +1362,14 @@ interface(`fs_unmount_rpc_pipefs',`
########################################
## <interface name="fs_getattr_rpc_pipefs">
-## <description>
+## <desc>
## Get the attributes of a RPC pipe
## filesystem.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the domain doing the
## getattr on the filesystem.
-## </parameter>
+## </param>
## </interface>
#
interface(`fs_getattr_rpc_pipefs',`
@@ -1383,12 +1383,12 @@ interface(`fs_getattr_rpc_pipefs',`
########################################
## <interface name="fs_mount_tmpfs">
-## <description>
+## <desc>
## Mount a tmpfs filesystem.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the domain mounting the filesystem.
-## </parameter>
+## </param>
## </interface>
#
interface(`fs_mount_tmpfs',`
@@ -1402,12 +1402,12 @@ interface(`fs_mount_tmpfs',`
########################################
## <interface name="fs_remount_tmpfs">
-## <description>
+## <desc>
## Remount a tmpfs filesystem.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the domain remounting the filesystem.
-## </parameter>
+## </param>
## </interface>
#
interface(`fs_remount_tmpfs',`
@@ -1421,12 +1421,12 @@ interface(`fs_remount_tmpfs',`
########################################
## <interface name="fs_unmount_tmpfs">
-## <description>
+## <desc>
## Unmount a tmpfs filesystem.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the domain unmounting the filesystem.
-## </parameter>
+## </param>
## </interface>
#
interface(`fs_unmount_tmpfs',`
@@ -1440,14 +1440,14 @@ interface(`fs_unmount_tmpfs',`
########################################
## <interface name="fs_getattr_tmpfs">
-## <description>
+## <desc>
## Get the attributes of a tmpfs
## filesystem.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the domain doing the
## getattr on the filesystem.
-## </parameter>
+## </param>
## </interface>
#
interface(`fs_getattr_tmpfs',`
@@ -1461,12 +1461,12 @@ interface(`fs_getattr_tmpfs',`
########################################
## <interface name="fs_associate_tmpfs">
-## <description>
+## <desc>
## Allow the type to associate to tmpfs filesystems.
-## </description>
-## <parameter name="type">
+## </desc>
+## <param name="type">
## The type of the object to be associated.
-## </parameter>
+## </param>
## </interface>
#
interface(`fs_associate_tmpfs',`
@@ -1501,12 +1501,12 @@ interface(`fs_create_tmpfs_data',`
########################################
## <interface name="fs_use_tmpfs_character_devices">
-## <description>
+## <desc>
## Read and write character nodes on tmpfs filesystems.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the process performing this action.
-## </parameter>
+## </param>
## </interface>
#
interface(`fs_use_tmpfs_character_devices',`
@@ -1522,12 +1522,12 @@ interface(`fs_use_tmpfs_character_devices',`
########################################
## <interface name="fs_relabel_tmpfs_character_devices">
-## <description>
+## <desc>
## Relabel character nodes on tmpfs filesystems.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the process performing this action.
-## </parameter>
+## </param>
## </interface>
#
interface(`fs_relabel_tmpfs_character_devices',`
@@ -1543,12 +1543,12 @@ interface(`fs_relabel_tmpfs_character_devices',`
########################################
## <interface name="fs_use_tmpfs_block_devices">
-## <description>
+## <desc>
## Read and write block nodes on tmpfs filesystems.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the process performing this action.
-## </parameter>
+## </param>
## </interface>
#
interface(`fs_use_tmpfs_block_devices',`
@@ -1564,12 +1564,12 @@ interface(`fs_use_tmpfs_block_devices',`
########################################
## <interface name="fs_relabel_tmpfs_block_devices">
-## <description>
+## <desc>
## Relabel block nodes on tmpfs filesystems.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the process performing this action.
-## </parameter>
+## </param>
## </interface>
#
interface(`fs_relabel_tmpfs_block_devices',`
@@ -1585,13 +1585,13 @@ interface(`fs_relabel_tmpfs_block_devices',`
########################################
## <interface name="fs_manage_tmpfs_character_devices">
-## <description>
+## <desc>
## Read and write, create and delete character
## nodes on tmpfs filesystems.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the process performing this action.
-## </parameter>
+## </param>
## </interface>
#
interface(`fs_manage_tmpfs_character_devices',`
@@ -1607,13 +1607,13 @@ interface(`fs_manage_tmpfs_character_devices',`
########################################
## <interface name="fs_manage_tmpfs_block_devices">
-## <description>
+## <desc>
## Read and write, create and delete block nodes
## on tmpfs filesystems.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the process performing this action.
-## </parameter>
+## </param>
## </interface>
#
interface(`fs_manage_tmpfs_block_devices',`
@@ -1629,12 +1629,12 @@ interface(`fs_manage_tmpfs_block_devices',`
########################################
## <interface name="fs_mount_all_fs">
-## <description>
+## <desc>
## Mount all filesystems.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the domain mounting the filesystem.
-## </parameter>
+## </param>
## </interface>
#
interface(`fs_mount_all_fs',`
@@ -1648,13 +1648,13 @@ interface(`fs_mount_all_fs',`
########################################
## <interface name="fs_remount_all_fs">
-## <description>
+## <desc>
## Remount all filesystems. This
## allows some mount options to be changed.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the domain mounting the filesystem.
-## </parameter>
+## </param>
## </interface>
#
interface(`fs_remount_all_fs',`
@@ -1668,12 +1668,12 @@ interface(`fs_remount_all_fs',`
########################################
## <interface name="fs_unmount_all_fs">
-## <description>
+## <desc>
## Unmount all filesystems.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the domain unmounting the filesystem.
-## </parameter>
+## </param>
## </interface>
#
interface(`fs_unmount_all_fs',`
@@ -1687,14 +1687,14 @@ interface(`fs_unmount_all_fs',`
########################################
## <interface name="fs_getattr_all_fs">
-## <description>
+## <desc>
## Get the attributes of all persistent
## filesystems.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the domain doing the
## getattr on the filesystem.
-## </parameter>
+## </param>
## </interface>
#
interface(`fs_getattr_all_fs',`
@@ -1708,13 +1708,13 @@ interface(`fs_getattr_all_fs',`
########################################
## <interface name="fs_dontaudit_getattr_all_fs">
-## <description>
+## <desc>
## Do not audit attempts to get the attributes
## all filesystems.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the domain to not audit.
-## </parameter>
+## </param>
## </interface>
#
interface(`fs_dontaudit_getattr_all_fs',`
@@ -1728,12 +1728,12 @@ interface(`fs_dontaudit_getattr_all_fs',`
########################################
## <interface name="fs_get_all_fs_quotas">
-## <description>
+## <desc>
## Get the quotas of all filesystems.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the domain getting quotas.
-## </parameter>
+## </param>
## </interface>
#
interface(`fs_get_all_fs_quotas',`
@@ -1747,12 +1747,12 @@ interface(`fs_get_all_fs_quotas',`
########################################
## <interface name="fs_set_all_quotas">
-## <description>
+## <desc>
## Set the quotas of all filesystems.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the domain setting quotas.
-## </parameter>
+## </param>
## </interface>
#
interface(`fs_set_all_quotas',`
diff --git a/refpolicy/policy/modules/kernel/kernel.if b/refpolicy/policy/modules/kernel/kernel.if
index 8c13fdf..601a219 100644
--- a/refpolicy/policy/modules/kernel/kernel.if
+++ b/refpolicy/policy/modules/kernel/kernel.if
@@ -6,16 +6,16 @@
########################################
## <interface name="kernel_userland_entry">
-## <description>
+## <desc>
## Allows to start userland processes
## by transitioning to the specified domain.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The process type entered by kernel.
-## </parameter>
-## <parameter name="entrypoint">
+## </param>
+## <param name="entrypoint">
## The executable type for the entrypoint.
-## </parameter>
+## </param>
## </interface>
#
interface(`kernel_userland_entry',`
@@ -36,13 +36,13 @@ interface(`kernel_userland_entry',`
########################################
## <interface name="kernel_rootfs_mountpoint">
-## <description>
+## <desc>
## Allows the kernel to mount filesystems on
## the specified directory type.
-## </description>
-## <parameter name="directory_type">
+## </desc>
+## <param name="directory_type">
## The type of the directory to use as a mountpoint.
-## </parameter>
+## </param>
## </interface>
#
interface(`kernel_rootfs_mountpoint',`
@@ -56,12 +56,12 @@ interface(`kernel_rootfs_mountpoint',`
########################################
## <interface name="kernel_sigchld">
-## <description>
+## <desc>
## Send a SIGCHLD signal to kernel threads.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the process sending the signal.
-## </parameter>
+## </param>
## </interface>
#
interface(`kernel_sigchld',`
@@ -75,13 +75,13 @@ interface(`kernel_sigchld',`
########################################
## <interface name="kernel_share_state">
-## <description>
+## <desc>
## Allows the kernel to share state information with
## the caller.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the process with which to share state information.
-## </parameter>
+## </param>
## </interface>
#
interface(`kernel_share_state',`
@@ -95,12 +95,12 @@ interface(`kernel_share_state',`
########################################
## <interface name="kernel_use_fd">
-## <description>
+## <desc>
## Permits caller to use kernel file descriptors.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the process using the descriptors.
-## </parameter>
+## </param>
## </interface>
#
interface(`kernel_use_fd',`
@@ -114,13 +114,13 @@ interface(`kernel_use_fd',`
########################################
## <interface name="kernel_dontaudit_use_fd">
-## <description>
+## <desc>
## Do not audit attempts to use
## kernel file descriptors.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of process not to audit.
-## </parameter>
+## </param>
## </interface>
#
interface(`kernel_dontaudit_use_fd',`
@@ -134,12 +134,12 @@ interface(`kernel_dontaudit_use_fd',`
########################################
## <interface name="kernel_load_module">
-## <description>
+## <desc>
## Allows caller to load kernel modules
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The process type to allow to load kernel modules.
-## </parameter>
+## </param>
## </interface>
#
interface(`kernel_load_module',`
@@ -154,12 +154,12 @@ interface(`kernel_load_module',`
########################################
## <interface name="kernel_read_ring_buffer">
-## <description>
+## <desc>
## Allows caller to read the ring buffer.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The process type allowed to read the ring buffer.
-## </parameter>
+## </param>
## </interface>
#
interface(`kernel_read_ring_buffer',`
@@ -173,12 +173,12 @@ interface(`kernel_read_ring_buffer',`
########################################
## <interface name="kernel_dontaudit_read_ring_buffer">
-## <description>
+## <desc>
## Do not audit attempts to read the ring buffer.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The domain to not audit.
-## </parameter>
+## </param>
## </interface>
#
interface(`kernel_dontaudit_read_ring_buffer',`
@@ -192,12 +192,12 @@ interface(`kernel_dontaudit_read_ring_buffer',`
########################################
## <interface name="kernel_change_ring_buffer_level">
-## <description>
+## <desc>
##
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
##
-## </parameter>
+## </param>
## </interface>
#
interface(`kernel_change_ring_buffer_level',`
@@ -211,12 +211,12 @@ interface(`kernel_change_ring_buffer_level',`
########################################
## <interface name="kernel_clear_ring_buffer">
-## <description>
+## <desc>
## Allows the caller to clear the ring buffer.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The process type clearing the buffer.
-## </parameter>
+## </param>
## </interface>
#
interface(`kernel_clear_ring_buffer',`
@@ -230,12 +230,12 @@ interface(`kernel_clear_ring_buffer',`
########################################
## <interface name="kernel_get_sysvipc_info">
-## <description>
+## <desc>
## Get information on all System V IPC objects.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
##
-## </parameter>
+## </param>
## </interface>
#
interface(`kernel_get_sysvipc_info',`
@@ -249,12 +249,12 @@ interface(`kernel_get_sysvipc_info',`
########################################
## <interface name="kernel_read_system_state">
-## <description>
+## <desc>
## Allows caller to read system state information.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The process type reading the system state information.
-## </parameter>
+## </param>
## </interface>
#
interface(`kernel_read_system_state',`
@@ -272,13 +272,13 @@ interface(`kernel_read_system_state',`
########################################
## <interface name="kernel_dontaudit_read_system_state">
-## <description>
+## <desc>
## Do not audit attempts by caller to
## read system state information.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The process type not to audit.
-## </parameter>
+## </param>
## </interface>
#
interface(`kernel_dontaudit_read_system_state',`
@@ -292,12 +292,12 @@ interface(`kernel_dontaudit_read_system_state',`
#######################################
## <interface name="kernel_read_software_raid_state">
-## <description>
+## <desc>
## Allow caller to read the state information for software raid.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The process type reading software raid state.
-## </parameter>
+## </param>
## </interface>
#
interface(`kernel_read_software_raid_state',`
@@ -313,12 +313,12 @@ interface(`kernel_read_software_raid_state',`
########################################
## <interface name="kernel_getattr_core">
-## <description>
+## <desc>
## Allows caller to get attribues of core kernel interface.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The process type getting the attibutes.
-## </parameter>
+## </param>
## </interface>
#
interface(`kernel_getattr_core',`
@@ -334,13 +334,13 @@ interface(`kernel_getattr_core',`
########################################
## <interface name="kernel_dontaudit_getattr_core">
-## <description>
+## <desc>
## Do not audit attempts to get the attributes of
## core kernel interfaces.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The process type to not audit.
-## </parameter>
+## </param>
## </interface>
#
interface(`kernel_dontaudit_getattr_core',`
@@ -354,13 +354,13 @@ interface(`kernel_dontaudit_getattr_core',`
########################################
## <interface name="kernel_read_messages">
-## <description>
+## <desc>
## Allow caller to read kernel messages
## using the /proc/kmsg interface.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The process type reading the messages.
-## </parameter>
+## </param>
## </interface>
#
interface(`kernel_read_messages',`
@@ -378,13 +378,13 @@ interface(`kernel_read_messages',`
########################################
## <interface name="kernel_getattr_message_if">
-## <description>
+## <desc>
## Allow caller to get the attributes of kernel message
## interface (/proc/kmsg).
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The process type getting the attributes.
-## </parameter>
+## </param>
## </interface>
#
interface(`kernel_getattr_message_if',`
@@ -400,13 +400,13 @@ interface(`kernel_getattr_message_if',`
########################################
## <interface name="kernel_dontaudit_getattr_message_if">
-## <description>
+## <desc>
## Do not audit attempts by caller to get the attributes of kernel
## message interfaces.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The process type not to audit.
-## </parameter>
+## </param>
## </interface>
#
interface(`kernel_dontaudit_getattr_message_if',`
@@ -420,12 +420,12 @@ interface(`kernel_dontaudit_getattr_message_if',`
########################################
## <interface name="kernel_read_network_state">
-## <description>
+## <desc>
## Allow caller to read the network state information.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The process type reading the state.
-## </parameter>
+## </param>
## </interface>
##
#
@@ -443,12 +443,12 @@ interface(`kernel_read_network_state',`
########################################
## <interface name="kernel_dontaudit_search_sysctl_dir">
-## <description>
+## <desc>
## Do not audit attempts by caller to search the sysctl directory.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The process type not to audit.
-## </parameter>
+## </param>
## </interface>
##
#
@@ -463,12 +463,12 @@ interface(`kernel_dontaudit_search_sysctl_dir',`
########################################
## <interface name="kernel_read_device_sysctl">
-## <description>
+## <desc>
## Allow caller to read the device sysctls.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The process type to allow to read the device sysctls.
-## </parameter>
+## </param>
## </interface>
#
interface(`kernel_read_device_sysctl',`
@@ -486,12 +486,12 @@ interface(`kernel_read_device_sysctl',`
########################################
## <interface name="kernel_rw_device_sysctl">
-## <description>
+## <desc>
## Read and write device sysctls.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the process performing this action.
-## </parameter>
+## </param>
## </interface>
#
interface(`kernel_rw_device_sysctl',`
@@ -508,12 +508,12 @@ interface(`kernel_rw_device_sysctl',`
########################################
## <interface name="kernel_read_vm_sysctl">
-## <description>
+## <desc>
## Allow caller to read virtual memory sysctls.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the process performing this action.
-## </parameter>
+## </param>
## </interface>
##
#
@@ -531,12 +531,12 @@ interface(`kernel_read_vm_sysctl',`
########################################
## <interface name="kernel_rw_vm_sysctl">
-## <description>
+## <desc>
## Read and write virtual memory sysctls.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the process performing this action.
-## </parameter>
+## </param>
## </interface>
#
interface(`kernel_rw_vm_sysctl',`
@@ -553,12 +553,12 @@ interface(`kernel_rw_vm_sysctl',`
########################################
## <interface name="kernel_dontaudit_search_network_sysctl_dir">
-## <description>
+## <desc>
## Do not audit attempts by caller to search sysctl network directories.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The process type not to audit.
-## </parameter>
+## </param>
## </interface>
#
interface(`kernel_dontaudit_search_network_sysctl_dir',`
@@ -572,12 +572,12 @@ interface(`kernel_dontaudit_search_network_sysctl_dir',`
########################################
## <interface name="kernel_read_net_sysctl">
-## <description>
+## <desc>
## Allow caller to read network sysctls.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the process performing this action.
-## </parameter>
+## </param>
## </interface>
##
#
@@ -596,12 +596,12 @@ interface(`kernel_read_net_sysctl',`
########################################
## <interface name="kernel_rw_net_sysctl">
-## <description>
+## <desc>
## Allow caller to modiry contents of sysctl network files.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the process performing this action.
-## </parameter>
+## </param>
## </interface>
#
interface(`kernel_rw_net_sysctl',`
@@ -619,13 +619,13 @@ interface(`kernel_rw_net_sysctl',`
########################################
## <interface name="kernel_read_unix_sysctl">
-## <description>
+## <desc>
## Allow caller to read unix domain
## socket sysctls.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the process performing this action.
-## </parameter>
+## </param>
## </interface>
#
interface(`kernel_read_unix_sysctl',`
@@ -643,13 +643,13 @@ interface(`kernel_read_unix_sysctl',`
########################################
## <interface name="kernel_rw_unix_sysctl">
-## <description>
+## <desc>
## Read and write unix domain
## socket sysctls.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the process performing this action.
-## </parameter>
+## </param>
## </interface>
#
interface(`kernel_rw_unix_sysctl',`
@@ -667,12 +667,12 @@ interface(`kernel_rw_unix_sysctl',`
########################################
## <interface name="kernel_read_hotplug_sysctl">
-## <description>
+## <desc>
## Read the hotplug sysctl.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the process performing this action.
-## </parameter>
+## </param>
## </interface>
#
interface(`kernel_read_hotplug_sysctl',`
@@ -690,12 +690,12 @@ interface(`kernel_read_hotplug_sysctl',`
########################################
## <interface name="kernel_rw_hotplug_sysctl">
-## <description>
+## <desc>
## Read and write the hotplug sysctl.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the process performing this action.
-## </parameter>
+## </param>
## </interface>
#
interface(`kernel_rw_hotplug_sysctl',`
@@ -713,12 +713,12 @@ interface(`kernel_rw_hotplug_sysctl',`
########################################
## <interface name="kernel_read_modprobe_sysctl">
-## <description>
+## <desc>
## Read the modprobe sysctl.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the process performing this action.
-## </parameter>
+## </param>
## </interface>
#
interface(`kernel_read_modprobe_sysctl',`
@@ -736,12 +736,12 @@ interface(`kernel_read_modprobe_sysctl',`
########################################
## <interface name="kernel_rw_modprobe_sysctl">
-## <description>
+## <desc>
## Read and write the modprobe sysctl.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the process performing this action.
-## </parameter>
+## </param>
## </interface>
#
interface(`kernel_rw_modprobe_sysctl',`
@@ -759,12 +759,12 @@ interface(`kernel_rw_modprobe_sysctl',`
########################################
## <interface name="kernel_read_kernel_sysctl">
-## <description>
+## <desc>
## Read generic kernel sysctls.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the process performing this action.
-## </parameter>
+## </param>
## </interface>
#
interface(`kernel_read_kernel_sysctl',`
@@ -782,12 +782,12 @@ interface(`kernel_read_kernel_sysctl',`
########################################
## <interface name="kernel_rw_kernel_sysctl">
-## <description>
+## <desc>
## Read and write generic kernel sysctls.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the process performing this action.
-## </parameter>
+## </param>
## </interface>
#
interface(`kernel_rw_kernel_sysctl',`
@@ -805,12 +805,12 @@ interface(`kernel_rw_kernel_sysctl',`
########################################
## <interface name="kernel_read_fs_sysctl">
-## <description>
+## <desc>
## Read filesystem sysctls.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the process performing this action.
-## </parameter>
+## </param>
## </interface>
#
interface(`kernel_read_fs_sysctl',`
@@ -828,12 +828,12 @@ interface(`kernel_read_fs_sysctl',`
########################################
## <interface name="kernel_rw_fs_sysctl">
-## <description>
+## <desc>
## Read and write fileystem sysctls.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the process performing this action.
-## </parameter>
+## </param>
## </interface>
#
interface(`kernel_rw_fs_sysctl',`
@@ -851,12 +851,12 @@ interface(`kernel_rw_fs_sysctl',`
########################################
## <interface name="kernel_read_irq_sysctl">
-## <description>
+## <desc>
## Read IRQ sysctls.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the process performing this action.
-## </parameter>
+## </param>
## </interface>
#
interface(`kernel_read_irq_sysctl',`
@@ -873,12 +873,12 @@ interface(`kernel_read_irq_sysctl',`
########################################
## <interface name="kernel_rw_irq_sysctl">
-## <description>
+## <desc>
## Read and write IRQ sysctls.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the process performing this action.
-## </parameter>
+## </param>
## </interface>
##
#
@@ -930,12 +930,12 @@ interface(`kernel_rw_rpc_sysctl',`
########################################
## <interface name="kernel_read_all_sysctl">
-## <description>
+## <desc>
## Allow caller to read all sysctls.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the process performing this action.
-## </parameter>
+## </param>
## </interface>
#
interface(`kernel_read_all_sysctl',`
@@ -953,12 +953,12 @@ interface(`kernel_read_all_sysctl',`
########################################
## <interface name="kernel_rw_all_sysctl">
-## <description>
+## <desc>
## Read and write all sysctls.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the process performing this action.
-## </parameter>
+## </param>
## </interface>
#
interface(`kernel_rw_all_sysctl',`
@@ -976,12 +976,12 @@ interface(`kernel_rw_all_sysctl',`
########################################
## <interface name="kernel_kill_unlabeled">
-## <description>
+## <desc>
## Send a kill signal to unlabeled processes.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the process performing this action.
-## </parameter>
+## </param>
## </interface>
#
interface(`kernel_kill_unlabeled',`
@@ -995,12 +995,12 @@ interface(`kernel_kill_unlabeled',`
########################################
## <interface name="kernel_signal_unlabeled">
-## <description>
+## <desc>
## Send general signals to unlabeled processes.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the process performing this action.
-## </parameter>
+## </param>
## </interface>
#
interface(`kernel_signal_unlabeled',`
@@ -1014,12 +1014,12 @@ interface(`kernel_signal_unlabeled',`
########################################
## <interface name="kernel_signull_unlabeled">
-## <description>
+## <desc>
## Send a null signal to unlabeled processes.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the process performing this action.
-## </parameter>
+## </param>
## </interface>
#
interface(`kernel_signull_unlabeled',`
@@ -1033,12 +1033,12 @@ interface(`kernel_signull_unlabeled',`
########################################
## <interface name="kernel_sigstop_unlabeled">
-## <description>
+## <desc>
## Send a stop signal to unlabeled processes.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the process performing this action.
-## </parameter>
+## </param>
## </interface>
#
interface(`kernel_sigstop_unlabeled',`
@@ -1052,12 +1052,12 @@ interface(`kernel_sigstop_unlabeled',`
########################################
## <interface name="kernel_sigchld_unlabeled">
-## <description>
+## <desc>
## Send a child terminated signal to unlabeled processes.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the process performing this action.
-## </parameter>
+## </param>
## </interface>
#
interface(`kernel_sigchld_unlabeled',`
@@ -1071,13 +1071,13 @@ interface(`kernel_sigchld_unlabeled',`
########################################
## <interface name="kernel_dontaudit_getattr_unlabeled_blk_dev">
-## <description>
+## <desc>
## Do not audit attempts by caller to get attributes for
## unlabeled block devices.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The process type not to audit.
-## </parameter>
+## </param>
## </interface>
#
interface(`kernel_dontaudit_getattr_unlabeled_blk_dev',`
@@ -1091,12 +1091,12 @@ interface(`kernel_dontaudit_getattr_unlabeled_blk_dev',`
########################################
## <interface name="kernel_relabel_unlabeled">
-## <description>
+## <desc>
## Allow caller to relabel unlabeled objects.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The process type relabeling the objects.
-## </parameter>
+## </param>
## </interface>
#
interface(`kernel_relabel_unlabeled',`
diff --git a/refpolicy/policy/modules/kernel/selinux.if b/refpolicy/policy/modules/kernel/selinux.if
index 52e5c8d..61592aa 100644
--- a/refpolicy/policy/modules/kernel/selinux.if
+++ b/refpolicy/policy/modules/kernel/selinux.if
@@ -5,12 +5,12 @@
########################################
## <interface name="selinux_get_fs_mount">
-## <description>
+## <desc>
## Gets the caller the mountpoint of the selinuxfs filesystem.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The process type requesting the selinuxfs mountpoint.
-## </parameter>
+## </param>
## </interface>
#
interface(`selinux_get_fs_mount',`
@@ -21,13 +21,13 @@ interface(`selinux_get_fs_mount',`
########################################
## <interface name="selinux_get_enforce_mode">
-## <description>
+## <desc>
## Allows the caller to get the mode of policy enforcement
## (enforcing or permissive mode).
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The process type to allow to get the enforcing mode.
-## </parameter>
+## </param>
## </interface>
#
interface(`selinux_get_enforce_mode',`
@@ -43,13 +43,13 @@ interface(`selinux_get_enforce_mode',`
########################################
## <interface name="selinux_set_enforce_mode">
-## <description>
+## <desc>
## Allow caller to set the mode of policy enforcement
## (enforcing or permissive mode).
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The process type to allow to set the enforcement mode.
-## </parameter>
+## </param>
## </interface>
#
interface(`selinux_set_enforce_mode',`
@@ -70,12 +70,12 @@ interface(`selinux_set_enforce_mode',`
########################################
## <interface name="selinux_load_policy">
-## <description>
+## <desc>
## Allow caller to load the policy into the kernel.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The process type that will load the policy.
-## </parameter>
+## </param>
## </interface>
#
interface(`selinux_load_policy',`
@@ -96,16 +96,16 @@ interface(`selinux_load_policy',`
########################################
## <interface name="selinux_set_boolean">
-## <description>
+## <desc>
## Allow caller to set the state of Booleans to
## enable or disable conditional portions of the policy.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The process type allowed to set the Boolean.
-## </parameter>
-## <parameter name="booltype" optional="true">
+## </param>
+## <param name="booltype" optional="true">
## The type of Booleans the caller is allowed to set.
-## </parameter>
+## </param>
## </interface>
#
interface(`selinux_set_boolean',`
@@ -131,12 +131,12 @@ interface(`selinux_set_boolean',`
########################################
## <interface name="selinux_set_parameters">
-## <description>
+## <desc>
## Allow caller to set selinux security parameters.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The process type to allow to set security parameters.
-## </parameter>
+## </param>
## </interface>
#
interface(`selinux_set_parameters',`
@@ -157,12 +157,12 @@ interface(`selinux_set_parameters',`
########################################
## <interface name="selinux_validate_context">
-## <description>
+## <desc>
## Allows caller to validate security contexts.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The process type permitted to validate contexts.
-## </parameter>
+## </param>
## </interface>
#
interface(`selinux_validate_context',`
@@ -180,12 +180,12 @@ interface(`selinux_validate_context',`
########################################
## <interface name="selinux_compute_access_vector">
-## <description>
+## <desc>
## Allows caller to compute an access vector.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The process type allowed to compute an access vector.
-## </parameter>
+## </param>
## </interface>
#
interface(`selinux_compute_access_vector',`
@@ -203,12 +203,12 @@ interface(`selinux_compute_access_vector',`
########################################
## <interface name="selinux_compute_create_context">
-## <description>
+## <desc>
##
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
##
-## </parameter>
+## </param>
## </interface>
#
interface(`selinux_compute_create_context',`
@@ -226,12 +226,12 @@ interface(`selinux_compute_create_context',`
########################################
## <interface name="selinux_compute_relabel_context">
-## <description>
+## <desc>
##
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The process type to
-## </parameter>
+## </param>
## </interface>
#
interface(`selinux_compute_relabel_context',`
@@ -249,12 +249,12 @@ interface(`selinux_compute_relabel_context',`
########################################
## <interface name="selinux_compute_user_contexts">
-## <description>
+## <desc>
## Allows caller to compute possible contexts for a user.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The process type allowed to compute user contexts.
-## </parameter>
+## </param>
## </interface>
#
interface(`selinux_compute_user_contexts',`
diff --git a/refpolicy/policy/modules/kernel/storage.if b/refpolicy/policy/modules/kernel/storage.if
index d6c1a70..f4f9325 100644
--- a/refpolicy/policy/modules/kernel/storage.if
+++ b/refpolicy/policy/modules/kernel/storage.if
@@ -3,13 +3,13 @@
########################################
## <interface name="storage_getattr_fixed_disk">
-## <description>
+## <desc>
## Allow the caller to get the attributes of fixed disk
## device nodes.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the process performing this action.
-## </parameter>
+## </param>
## </interface>
#
interface(`storage_getattr_fixed_disk',`
@@ -24,13 +24,13 @@ interface(`storage_getattr_fixed_disk',`
########################################
## <interface name="storage_dontaudit_getattr_fixed_disk">
-## <description>
+## <desc>
## Do not audit attempts made by the caller to get
## the attributes of fixed disk device nodes.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the process to not audit.
-## </parameter>
+## </param>
## </interface>
#
interface(`storage_dontaudit_getattr_fixed_disk',`
@@ -44,13 +44,13 @@ interface(`storage_dontaudit_getattr_fixed_disk',`
########################################
## <interface name="storage_setattr_fixed_disk">
-## <description>
+## <desc>
## Allow the caller to set the attributes of fixed disk
## device nodes.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the process performing this action.
-## </parameter>
+## </param>
## </interface>
#
interface(`storage_setattr_fixed_disk',`
@@ -65,13 +65,13 @@ interface(`storage_setattr_fixed_disk',`
########################################
## <interface name="storage_dontaudit_setattr_fixed_disk">
-## <description>
+## <desc>
## Do not audit attempts made by the caller to set
## the attributes of fixed disk device nodes.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the process to not audit.
-## </parameter>
+## </param>
## </interface>
#
interface(`storage_dontaudit_setattr_fixed_disk',`
@@ -85,15 +85,15 @@ interface(`storage_dontaudit_setattr_fixed_disk',`
########################################
## <interface name="storage_raw_read_fixed_disk">
-## <description>
+## <desc>
## Allow the caller to directly read from a fixed disk.
## This is extremly dangerous as it can bypass the
## SELinux protections for filesystem objects, and
## should only be used by trusted domains.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the process performing this action.
-## </parameter>
+## </param>
## </interface>
#
interface(`storage_raw_read_fixed_disk',`
@@ -110,15 +110,15 @@ interface(`storage_raw_read_fixed_disk',`
########################################
## <interface name="storage_raw_write_fixed_disk">
-## <description>
+## <desc>
## Allow the caller to directly write to a fixed disk.
## This is extremly dangerous as it can bypass the
## SELinux protections for filesystem objects, and
## should only be used by trusted domains.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the process performing this action.
-## </parameter>
+## </param>
## </interface>
#
interface(`storage_raw_write_fixed_disk',`
@@ -135,12 +135,12 @@ interface(`storage_raw_write_fixed_disk',`
########################################
## <interface name="storage_create_fixed_disk">
-## <description>
+## <desc>
## Create block devices in /dev with the fixed disk type.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the process performing this action.
-## </parameter>
+## </param>
## </interface>
#
interface(`storage_create_fixed_disk_dev_entry',`
@@ -157,12 +157,12 @@ interface(`storage_create_fixed_disk_dev_entry',`
########################################
## <interface name="storage_manage_fixed_disk">
-## <description>
+## <desc>
## Create, read, write, and delete fixed disk device nodes.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the process performing this action.
-## </parameter>
+## </param>
## </interface>
#
interface(`storage_manage_fixed_disk',`
@@ -179,15 +179,15 @@ interface(`storage_manage_fixed_disk',`
########################################
## <interface name="storage_raw_read_lvm_volume">
-## <description>
+## <desc>
## Allow the caller to directly read from a logical volume.
## This is extremly dangerous as it can bypass the
## SELinux protections for filesystem objects, and
## should only be used by trusted domains.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the process performing this action.
-## </parameter>
+## </param>
## </interface>
#
interface(`storage_raw_read_lvm_volume',`
@@ -204,15 +204,15 @@ interface(`storage_raw_read_lvm_volume',`
########################################
## <interface name="storage_raw_write_lvm_volume">
-## <description>
+## <desc>
## Allow the caller to directly read from a logical volume.
## This is extremly dangerous as it can bypass the
## SELinux protections for filesystem objects, and
## should only be used by trusted domains.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the process performing this action.
-## </parameter>
+## </param>
## </interface>
#
interface(`storage_raw_write_lvm_volume',`
@@ -229,13 +229,13 @@ interface(`storage_raw_write_lvm_volume',`
########################################
## <interface name="storage_getattr_scsi_generic">
-## <description>
+## <desc>
## Allow the caller to get the attributes of
## the generic SCSI interface device nodes.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the process performing this action.
-## </parameter>
+## </param>
## </interface>
#
interface(`storage_getattr_scsi_generic',`
@@ -250,13 +250,13 @@ interface(`storage_getattr_scsi_generic',`
########################################
## <interface name="storage_setattr_scsi_generic">
-## <description>
+## <desc>
## Allow the caller to set the attributes of
## the generic SCSI interface device nodes.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the process performing this action.
-## </parameter>
+## </param>
## </interface>
#
interface(`storage_setattr_scsi_generic',`
@@ -271,16 +271,16 @@ interface(`storage_setattr_scsi_generic',`
########################################
## <interface name="storage_read_scsi_generic">
-## <description>
+## <desc>
## Allow the caller to directly read, in a
## generic fashion, from any SCSI device.
## This is extremly dangerous as it can bypass the
## SELinux protections for filesystem objects, and
## should only be used by trusted domains.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the process performing this action.
-## </parameter>
+## </param>
## </interface>
#
interface(`storage_read_scsi_generic',`
@@ -297,16 +297,16 @@ interface(`storage_read_scsi_generic',`
########################################
## <interface name="storage_write_scsi_generic">
-## <description>
+## <desc>
## Allow the caller to directly write, in a
## generic fashion, from any SCSI device.
## This is extremly dangerous as it can bypass the
## SELinux protections for filesystem objects, and
## should only be used by trusted domains.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the process performing this action.
-## </parameter>
+## </param>
## </interface>
#
interface(`storage_write_scsi_generic',`
@@ -323,13 +323,13 @@ interface(`storage_write_scsi_generic',`
########################################
## <interface name="storage_getattr_scsi_generic">
-## <description>
+## <desc>
## Get attributes of the device nodes
## for the SCSI generic inerface.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the process performing this action.
-## </parameter>
+## </param>
## </interface>
#
interface(`storage_getattr_scsi_generic',`
@@ -344,13 +344,13 @@ interface(`storage_getattr_scsi_generic',`
########################################
## <interface name="storage_setattr_scsi_generic">
-## <description>
+## <desc>
## Set attributes of the device nodes
## for the SCSI generic inerface.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the process performing this action.
-## </parameter>
+## </param>
## </interface>
#
interface(`storage_set_scsi_generic_attributes',`
@@ -365,13 +365,13 @@ interface(`storage_set_scsi_generic_attributes',`
########################################
## <interface name="storage_getattr_removable_device">
-## <description>
+## <desc>
## Allow the caller to get the attributes of removable
## devices device nodes.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the process performing this action.
-## </parameter>
+## </param>
## </interface>
#
interface(`storage_getattr_removable_device',`
@@ -386,13 +386,13 @@ interface(`storage_getattr_removable_device',`
########################################
## <interface name="storage_dontaudit_getattr_removable_device">
-## <description>
+## <desc>
## Do not audit attempts made by the caller to get
## the attributes of removable devices device nodes.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the process to not audit.
-## </parameter>
+## </param>
## </interface>
#
interface(`storage_dontaudit_getattr_removable_device',`
@@ -406,13 +406,13 @@ interface(`storage_dontaudit_getattr_removable_device',`
########################################
## <interface name="storage_setattr_removable_device">
-## <description>
+## <desc>
## Allow the caller to set the attributes of removable
## devices device nodes.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the process performing this action.
-## </parameter>
+## </param>
## </interface>
#
interface(`storage_setattr_removable_device',`
@@ -427,13 +427,13 @@ interface(`storage_setattr_removable_device',`
########################################
## <interface name="storage_dontaudit_setattr_removable_device">
-## <description>
+## <desc>
## Do not audit attempts made by the caller to set
## the attributes of removable devices device nodes.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the process to not audit.
-## </parameter>
+## </param>
## </interface>
#
interface(`storage_dontaudit_setattr_removable_device',`
@@ -447,16 +447,16 @@ interface(`storage_dontaudit_setattr_removable_device',`
########################################
## <interface name="storage_raw_read_removable_device">
-## <description>
+## <desc>
## Allow the caller to directly read from
## a removable device.
## This is extremly dangerous as it can bypass the
## SELinux protections for filesystem objects, and
## should only be used by trusted domains.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the process performing this action.
-## </parameter>
+## </param>
## </interface>
#
interface(`storage_raw_read_removable_device',`
@@ -471,16 +471,16 @@ interface(`storage_raw_read_removable_device',`
########################################
## <interface name="storage_raw_write_removable_device">
-## <description>
+## <desc>
## Allow the caller to directly write to
## a removable device.
## This is extremly dangerous as it can bypass the
## SELinux protections for filesystem objects, and
## should only be used by trusted domains.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the process performing this action.
-## </parameter>
+## </param>
## </interface>
#
interface(`storage_raw_write_removable_device',`
@@ -495,13 +495,13 @@ interface(`storage_raw_write_removable_device',`
########################################
## <interface name="storage_read_tape_device">
-## <description>
+## <desc>
## Allow the caller to directly read
## a tape device.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the process performing this action.
-## </parameter>
+## </param>
## </interface>
#
interface(`storage_read_tape_device',`
@@ -516,13 +516,13 @@ interface(`storage_read_tape_device',`
########################################
## <interface name="storage_write_tape_device">
-## <description>
+## <desc>
## Allow the caller to directly read
## a tape device.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the process performing this action.
-## </parameter>
+## </param>
## </interface>
#
interface(`storage_write_tape_device',`
@@ -537,13 +537,13 @@ interface(`storage_write_tape_device',`
########################################
## <interface name="storage_getattr_tape_device">
-## <description>
+## <desc>
## Allow the caller to get the attributes
## of device nodes of tape devices.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the process performing this action.
-## </parameter>
+## </param>
## </interface>
#
interface(`storage_getattr_tape_device',`
@@ -558,13 +558,13 @@ interface(`storage_getattr_tape_device',`
########################################
## <interface name="storage_setattr_tape_device">
-## <description>
+## <desc>
## Allow the caller to set the attributes
## of device nodes of tape devices.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the process performing this action.
-## </parameter>
+## </param>
## </interface>
#
interface(`storage_setattr_tape_device',`
diff --git a/refpolicy/policy/modules/kernel/terminal.if b/refpolicy/policy/modules/kernel/terminal.if
index 181effd..4fbefc2 100644
--- a/refpolicy/policy/modules/kernel/terminal.if
+++ b/refpolicy/policy/modules/kernel/terminal.if
@@ -3,12 +3,12 @@
########################################
## <interface name="term_pty">
-## <description>
+## <desc>
## Transform specified type into a pty type.
-## </description>
-## <parameter name="pty_type">
+## </desc>
+## <param name="pty_type">
## An object type that will applied to a pty.
-## </parameter>
+## </param>
## </interface>
#
interface(`term_pty',`
@@ -24,18 +24,18 @@ interface(`term_pty',`
########################################
## <interface name="term_user_pty">
-## <description>
+## <desc>
## Transform specified type into an user
## pty type. This allows it to be relabeled via
## type change by login programs such as ssh.
-## </description>
-## <parameter name="userdomain">
+## </desc>
+## <param name="userdomain">
## The type of the user domain associated with
## this pty.
-## </parameter>
-## <parameter name="object_type">
+## </param>
+## <param name="object_type">
## An object type that will applied to a pty.
-## </parameter>
+## </param>
## </interface>
#
interface(`term_user_pty',`
@@ -49,13 +49,13 @@ interface(`term_user_pty',`
########################################
## <interface name="term_login_pty">
-## <description>
+## <desc>
## Transform specified type into a pty type
## used by login programs, such as sshd.
-## </description>
-## <parameter name="pty_type">
+## </desc>
+## <param name="pty_type">
## An object type that will applied to a pty.
-## </parameter>
+## </param>
## </interface>
#
interface(`term_login_pty',`
@@ -69,12 +69,12 @@ interface(`term_login_pty',`
########################################
## <interface name="term_tty">
-## <description>
+## <desc>
## Transform specified type into a tty type.
-## </description>
-## <parameter name="tty_type">
+## </desc>
+## <param name="tty_type">
## An object type that will applied to a tty.
-## </parameter>
+## </param>
## </interface>
#
interface(`term_tty',`
@@ -99,15 +99,15 @@ interface(`term_tty',`
########################################
## <interface name="term_create_pty">
-## <description>
+## <desc>
## Create a pty in the /dev/pts directory.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the process creating the pty.
-## </parameter>
-## <parameter name="pty_type">
+## </param>
+## <param name="pty_type">
## The type of the pty.
-## </parameter>
+## </param>
## </interface>
#
interface(`term_create_pty',`
@@ -129,13 +129,13 @@ interface(`term_create_pty',`
########################################
## <interface name="term_use_all_terms">
-## <description>
+## <desc>
## Read and write the console, all
## ttys and all ptys.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the process performing this action.
-## </parameter>
+## </param>
## </interface>
#
interface(`term_use_all_terms',`
@@ -153,12 +153,12 @@ interface(`term_use_all_terms',`
########################################
## <interface name="term_write_console">
-## <description>
+## <desc>
## Write to the console.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the process performing this action.
-## </parameter>
+## </param>
## </interface>
#
interface(`term_write_console',`
@@ -173,12 +173,12 @@ interface(`term_write_console',`
########################################
## <interface name="term_use_console">
-## <description>
+## <desc>
## Read from and write to the console.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the process performing this action.
-## </parameter>
+## </param>
## </interface>
#
interface(`term_use_console',`
@@ -193,13 +193,13 @@ interface(`term_use_console',`
########################################
## <interface name="term_dontaudit_use_console">
-## <description>
+## <desc>
## Do not audit attemtps to read from
## or write to the console.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the process performing this action.
-## </parameter>
+## </param>
## </interface>
#
interface(`term_dontaudit_use_console',`
@@ -213,13 +213,13 @@ interface(`term_dontaudit_use_console',`
########################################
## <interface name="term_setattr_console">
-## <description>
+## <desc>
## Set the attributes of the console
## device node.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the process performing this action.
-## </parameter>
+## </param>
## </interface>
#
interface(`term_setattr_console',`
@@ -234,13 +234,13 @@ interface(`term_setattr_console',`
########################################
## <interface name="term_list_ptys">
-## <description>
+## <desc>
## Read the /dev/pts directory to
## list all ptys.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the process performing this action.
-## </parameter>
+## </param>
## </interface>
#
interface(`term_list_ptys',`
@@ -255,13 +255,13 @@ interface(`term_list_ptys',`
########################################
## <interface name="term_dontaudit_list_ptys">
-## <description>
+## <desc>
## Do not audit attempts to read the
## /dev/pts directory to.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the process to not audit.
-## </parameter>
+## </param>
## </interface>
#
interface(`term_dontaudit_list_ptys',`
@@ -275,14 +275,14 @@ interface(`term_dontaudit_list_ptys',`
########################################
## <interface name="term_use_generic_pty">
-## <description>
+## <desc>
## Read and write the generic pty
## type. This is generally only used in
## the targeted policy.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the process performing this action.
-## </parameter>
+## </param>
## </interface>
#
interface(`term_use_generic_pty',`
@@ -297,14 +297,14 @@ interface(`term_use_generic_pty',`
########################################
## <interface name="term_dontaudit_use_generic_pty">
-## <description>
+## <desc>
## Dot not audit attempts to read and
## write the generic pty type. This is
## generally only used in the targeted policy.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the process to not audit.
-## </parameter>
+## </param>
## </interface>
#
interface(`term_dontaudit_use_generic_pty',`
@@ -318,13 +318,13 @@ interface(`term_dontaudit_use_generic_pty',`
########################################
## <interface name="term_use_controlling_term">
-## <description>
+## <desc>
## Read and write the controlling
## terminal (/dev/tty).
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the process performing this action.
-## </parameter>
+## </param>
## </interface>
#
interface(`term_use_controlling_term',`
@@ -339,13 +339,13 @@ interface(`term_use_controlling_term',`
########################################
## <interface name="term_dontaudit_use_ptmx">
-## <description>
+## <desc>
## Do not audit attempts to read and
## write the pty multiplexor (/dev/ptmx).
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the process to not audit.
-## </parameter>
+## </param>
## </interface>
#
interface(`term_dontaudit_use_ptmx',`
@@ -359,13 +359,13 @@ interface(`term_dontaudit_use_ptmx',`
########################################
## <interface name="term_getattr_all_user_ptys">
-## <description>
+## <desc>
## Get the attributes of all user
## pty device nodes.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the process performing this action.
-## </parameter>
+## </param>
## </interface>
#
interface(`term_getattr_all_user_ptys',`
@@ -382,12 +382,12 @@ interface(`term_getattr_all_user_ptys',`
########################################
## <interface name="term_use_all_user_ptys">
-## <description>
+## <desc>
## Read and write all user ptys.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the process performing this action.
-## </parameter>
+## </param>
## </interface>
#
interface(`term_use_all_user_ptys',`
@@ -404,13 +404,13 @@ interface(`term_use_all_user_ptys',`
########################################
## <interface name="term_dontaudit_use_all_user_ptys">
-## <description>
+## <desc>
## Do not audit attempts to read any
## user ptys.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the process to not audit.
-## </parameter>
+## </param>
## </interface>
#
interface(`term_dontaudit_use_all_user_ptys',`
@@ -424,13 +424,13 @@ interface(`term_dontaudit_use_all_user_ptys',`
########################################
## <interface name="term_relabel_all_user_ptys">
-## <description>
+## <desc>
## Relabel from and to all user
## user pty device nodes.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the process performing this action.
-## </parameter>
+## </param>
## </interface>
#
interface(`term_relabel_all_user_ptys',`
@@ -445,13 +445,13 @@ interface(`term_relabel_all_user_ptys',`
########################################
## <interface name="term_getattr_unallocated_ttys">
-## <description>
+## <desc>
## Get the attributes of all unallocated
## tty device nodes.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the process performing this action.
-## </parameter>
+## </param>
## </interface>
#
interface(`term_getattr_unallocated_ttys',`
@@ -466,13 +466,13 @@ interface(`term_getattr_unallocated_ttys',`
########################################
## <interface name="term_setattr_unallocated_ttys">
-## <description>
+## <desc>
## Set the attributes of all unallocated
## tty device nodes.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the process performing this action.
-## </parameter>
+## </param>
## </interface>
#
interface(`term_setattr_unallocated_ttys',`
@@ -487,13 +487,13 @@ interface(`term_setattr_unallocated_ttys',`
########################################
## <interface name="term_relabel_unallocated_ttys">
-## <description>
+## <desc>
## Relabel from and to the unallocated
## tty type.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the process performing this action.
-## </parameter>
+## </param>
## </interface>
#
interface(`term_relabel_unallocated_ttys',`
@@ -508,13 +508,13 @@ interface(`term_relabel_unallocated_ttys',`
########################################
## <interface name="term_reset_tty_labels">
-## <description>
+## <desc>
## Relabel from all user tty types to
## the unallocated tty type.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the process performing this action.
-## </parameter>
+## </param>
## </interface>
#
interface(`term_reset_tty_labels',`
@@ -531,12 +531,12 @@ interface(`term_reset_tty_labels',`
########################################
## <interface name="term_write_unallocated_ttys">
-## <description>
+## <desc>
## Write to unallocated ttys.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the process performing this action.
-## </parameter>
+## </param>
## </interface>
#
interface(`term_write_unallocated_ttys',`
@@ -551,12 +551,12 @@ interface(`term_write_unallocated_ttys',`
########################################
## <interface name="term_use_unallocated_tty">
-## <description>
+## <desc>
## Read and write unallocated ttys.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the process performing this action.
-## </parameter>
+## </param>
## </interface>
#
interface(`term_use_unallocated_tty',`
@@ -571,13 +571,13 @@ interface(`term_use_unallocated_tty',`
########################################
## <interface name="term_dontaudit_use_unallocated_tty">
-## <description>
+## <desc>
## Do not audit attempts to read or
## write unallocated ttys.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the process to not audit.
-## </parameter>
+## </param>
## </interface>
#
interface(`term_dontaudit_use_unallocated_tty',`
@@ -591,13 +591,13 @@ interface(`term_dontaudit_use_unallocated_tty',`
########################################
## <interface name="term_getattr_all_user_ttys">
-## <description>
+## <desc>
## Get the attributes of all user tty
## device nodes.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the process performing this action.
-## </parameter>
+## </param>
## </interface>
#
interface(`term_getattr_all_user_ttys',`
@@ -612,14 +612,14 @@ interface(`term_getattr_all_user_ttys',`
########################################
## <interface name="term_dontaudit_getattr_all_user_ttys">
-## <description>
+## <desc>
## Do not audit attempts to get the
## attributes of any user tty
## device nodes.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the process performing this action.
-## </parameter>
+## </param>
## </interface>
#
interface(`term_dontaudit_getattr_all_user_ttys',`
@@ -634,13 +634,13 @@ interface(`term_dontaudit_getattr_all_user_ttys',`
########################################
## <interface name="term_setattr_all_user_ttys">
-## <description>
+## <desc>
## Set the attributes of all user tty
## device nodes.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the process performing this action.
-## </parameter>
+## </param>
## </interface>
#
interface(`term_setattr_all_user_ttys',`
@@ -655,13 +655,13 @@ interface(`term_setattr_all_user_ttys',`
########################################
## <interface name="term_relabel_all_user_ttys">
-## <description>
+## <desc>
## Relabel from and to all user
## user tty device nodes.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the process performing this action.
-## </parameter>
+## </param>
## </interface>
#
interface(`term_relabel_all_user_ttys',`
@@ -676,12 +676,12 @@ interface(`term_relabel_all_user_ttys',`
########################################
## <interface name="term_write_all_user_ttys">
-## <description>
+## <desc>
## Write to all user ttys.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the process performing this action.
-## </parameter>
+## </param>
## </interface>
#
interface(`term_write_all_user_ttys',`
@@ -696,12 +696,12 @@ interface(`term_write_all_user_ttys',`
########################################
## <interface name="term_use_all_user_ttys">
-## <description>
+## <desc>
## Read and write all user to all user ttys.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the process performing this action.
-## </parameter>
+## </param>
## </interface>
#
interface(`term_use_all_user_ttys',`
@@ -716,13 +716,13 @@ interface(`term_use_all_user_ttys',`
########################################
## <interface name="term_dontaudit_use_all_user_ttys">
-## <description>
+## <desc>
## Do not audit attempts to read or write
## any user ttys.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the process performing this action.
-## </parameter>
+## </param>
## </interface>
#
interface(`term_dontaudit_use_all_user_ttys',`
diff --git a/refpolicy/policy/modules/services/mta.if b/refpolicy/policy/modules/services/mta.if
index 679f6ff..a48d3f4 100644
--- a/refpolicy/policy/modules/services/mta.if
+++ b/refpolicy/policy/modules/services/mta.if
@@ -195,12 +195,12 @@ interface(`mta_exec',`
########################################
## <interface name="mta_read_aliases">
-## <description>
+## <desc>
## Read mail address aliases.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the process performing this action.
-## </parameter>
+## </param>
## </interface>
#
interface(`mta_read_aliases',`
diff --git a/refpolicy/policy/modules/services/remotelogin.if b/refpolicy/policy/modules/services/remotelogin.if
index ed1f2d0..064d244 100644
--- a/refpolicy/policy/modules/services/remotelogin.if
+++ b/refpolicy/policy/modules/services/remotelogin.if
@@ -3,12 +3,12 @@
########################################
## <interface name="remotelogin_domtrans">
-## <description>
+## <desc>
## Domain transition to the remote login domain.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the process performing this action.
-## </parameter>
+## </param>
## </interface>
#
interface(`remotelogin_domtrans',`
diff --git a/refpolicy/policy/modules/services/sendmail.if b/refpolicy/policy/modules/services/sendmail.if
index b69e0a3..6a3d98d 100644
--- a/refpolicy/policy/modules/services/sendmail.if
+++ b/refpolicy/policy/modules/services/sendmail.if
@@ -3,12 +3,12 @@
########################################
## <interface name="sendmail_domtrans">
-## <description>
+## <desc>
## Domain transition to sendmail.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the process performing this action.
-## </parameter>
+## </param>
## </interface>
#
interface(`sendmail_domtrans',`
diff --git a/refpolicy/policy/modules/system/authlogin.if b/refpolicy/policy/modules/system/authlogin.if
index 1021d61..567032a 100644
--- a/refpolicy/policy/modules/system/authlogin.if
+++ b/refpolicy/policy/modules/system/authlogin.if
@@ -90,12 +90,12 @@ interface(`authlogin_per_userdomain_template',`
########################################
## <interface name="auth_login_entry_type">
-## <description>
+## <desc>
## Use the login program as an entry point program.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of process using the login program as entry point.
-## </parameter>
+## </param>
## </interface>
#
interface(`auth_login_entry_type',`
@@ -108,15 +108,15 @@ interface(`auth_login_entry_type',`
########################################
## <interface name="auth_domtrans_login_program">
-## <description>
+## <desc>
## Execute a login_program in the target domain.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the process performing this action.
-## </parameter>
-## <parameter name="target_domain">
+## </param>
+## <param name="target_domain">
## The type of the login_program process.
-## </parameter>
+## </param>
## </interface>
#
interface(`auth_domtrans_login_program',`
@@ -138,12 +138,12 @@ interface(`auth_domtrans_login_program',`
########################################
## <interface name="auth_domtrans_chk_passwd">
-## <description>
+## <desc>
## Run unix_chkpwd to check a password.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the process performing this action.
-## </parameter>
+## </param>
## </interface>
#
interface(`auth_domtrans_chk_passwd',`
@@ -182,12 +182,12 @@ interface(`auth_domtrans_chk_passwd',`
########################################
## <interface name="auth_dontaudit_getattr_shadow">
-## <description>
+## <desc>
##
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the process performing this action.
-## </parameter>
+## </param>
## </interface>
#
interface(`auth_dontaudit_getattr_shadow',`
@@ -201,12 +201,12 @@ interface(`auth_dontaudit_getattr_shadow',`
########################################
## <interface name="auth_read_shadow">
-## <description>
+## <desc>
## Read the shadow passwords file (/etc/shadow)
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the process performing this action.
-## </parameter>
+## </param>
## </interface>
#
interface(`auth_read_shadow',`
@@ -223,13 +223,13 @@ interface(`auth_read_shadow',`
########################################
## <interface name="auth_dontaudit_read_shadow">
-## <description>
+## <desc>
## Do not audit attempts to read the shadow
## password file (/etc/shadow).
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the domain to not audit.
-## </parameter>
+## </param>
## </interface>
#
interface(`auth_dontaudit_read_shadow',`
@@ -243,12 +243,12 @@ interface(`auth_dontaudit_read_shadow',`
########################################
## <interface name="auth_rw_shadow">
-## <description>
+## <desc>
## Read and write the shadow password file (/etc/shadow).
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the process performing this action.
-## </parameter>
+## </param>
## </interface>
#
interface(`auth_rw_shadow',`
@@ -326,12 +326,12 @@ interface(`auth_rw_lastlog',`
########################################
## <interface name="auth_domtrans_pam">
-## <description>
+## <desc>
## Execute pam programs in the pam domain.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the process performing this action.
-## </parameter>
+## </param>
## </interface>
#
interface(`auth_domtrans_pam',`
@@ -352,18 +352,18 @@ interface(`auth_domtrans_pam',`
########################################
## <interface name="auth_run_pam">
-## <description>
+## <desc>
## Execute pam programs in the PAM domain.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the process performing this action.
-## </parameter>
-## <parameter name="role">
+## </param>
+## <param name="role">
## The role to allow the PAM domain.
-## </parameter>
-## <parameter name="terminal">
+## </param>
+## <param name="terminal">
## The type of the terminal allow the PAM domain to use.
-## </parameter>
+## </param>
## </interface>
#
interface(`auth_run_pam',`
@@ -379,12 +379,12 @@ interface(`auth_run_pam',`
########################################
## <interface name="auth_exec_pam">
-## <description>
+## <desc>
## Execute the pam program.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the process performing this action.
-## </parameter>
+## </param>
## </interface>
#
interface(`auth_exec_pam',`
@@ -414,12 +414,12 @@ interface(`auth_read_pam_pid',`
########################################
## <interface name="auth_delete_pam_pid">
-## <description>
+## <desc>
## Delete pam PID files.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the process performing this action.
-## </parameter>
+## </param>
## </interface>
#
interface(`auth_delete_pam_pid',`
@@ -508,17 +508,17 @@ interface(`auth_manage_pam_console_data',`
########################################
## <interface name="auth_relabel_all_files_except_shadow">
-## <description>
+## <desc>
## Relabel all files on the filesystem, except
## the shadow passwords and listed exceptions.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the domain perfoming this action.
-## </parameter>
-## <parameter name="exception_types" optional="true">
+## </param>
+## <param name="exception_types" optional="true">
## The types to be excluded. Each type or attribute
## must be negated by the caller.
-## </parameter>
+## </param>
## </interface>
#
@@ -532,17 +532,17 @@ interface(`auth_relabel_all_files_except_shadow',`
########################################
## <interface name="auth_manage_all_files_except_shadow">
-## <description>
+## <desc>
## Manage all files on the filesystem, except
## the shadow passwords and listed exceptions.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the domain perfoming this action.
-## </parameter>
-## <parameter name="exception_types" optional="true">
+## </param>
+## <param name="exception_types" optional="true">
## The types to be excluded. Each type or attribute
## must be negated by the caller.
-## </parameter>
+## </param>
## </interface>
#
@@ -556,12 +556,12 @@ interface(`auth_manage_all_files_except_shadow',`
########################################
## <interface name="auth_domtrans_utempter">
-## <description>
+## <desc>
## Execute utempter programs in the utempter domain.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the process performing this action.
-## </parameter>
+## </param>
## </interface>
#
interface(`auth_domtrans_utempter',`
@@ -582,18 +582,18 @@ interface(`auth_domtrans_utempter',`
########################################
## <interface name="auth_run_utempter">
-## <description>
+## <desc>
## Execute utempter programs in the utempter domain.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the process performing this action.
-## </parameter>
-## <parameter name="role">
+## </param>
+## <param name="role">
## The role to allow the utempter domain.
-## </parameter>
-## <parameter name="terminal">
+## </param>
+## <param name="terminal">
## The type of the terminal allow the utempter domain to use.
-## </parameter>
+## </param>
## </interface>
#
interface(`auth_run_utempter',`
diff --git a/refpolicy/policy/modules/system/clock.if b/refpolicy/policy/modules/system/clock.if
index 71fd8ab..3e9f853 100644
--- a/refpolicy/policy/modules/system/clock.if
+++ b/refpolicy/policy/modules/system/clock.if
@@ -3,12 +3,12 @@
########################################
## <interface name="clock_domtrans">
-## <description>
+## <desc>
## Execute hwclock in the clock domain.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the process performing this action.
-## </parameter>
+## </param>
## </interface>
#
interface(`clock_domtrans',`
@@ -28,19 +28,19 @@ interface(`clock_domtrans',`
########################################
## <interface name="clock_run">
-## <description>
+## <desc>
## Execute hwclock in the clock domain, and
## allow the specified role the hwclock domain.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the process performing this action.
-## </parameter>
-## <parameter name="role">
+## </param>
+## <param name="role">
## The role to be allowed the clock domain.
-## </parameter>
-## <parameter name="terminal">
+## </param>
+## <param name="terminal">
## The type of the terminal allow the clock domain to use.
-## </parameter>
+## </param>
## </interface>
#
interface(`clock_run',`
@@ -56,12 +56,12 @@ interface(`clock_run',`
########################################
## <interface name="clock_exec">
-## <description>
+## <desc>
## Execute hwclock
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the process performing this action.
-## </parameter>
+## </param>
## </interface>
#
interface(`clock_exec',`
@@ -74,12 +74,12 @@ interface(`clock_exec',`
########################################
## <interface name="clock_rw_adjtime">
-## <description>
+## <desc>
## Allow executing domain to modify clock drift
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the process performing this action.
-## </parameter>
+## </param>
## </interface>
#
interface(`clock_rw_adjtime',`
diff --git a/refpolicy/policy/modules/system/corecommands.if b/refpolicy/policy/modules/system/corecommands.if
index 77ab469..5496e11 100644
--- a/refpolicy/policy/modules/system/corecommands.if
+++ b/refpolicy/policy/modules/system/corecommands.if
@@ -149,17 +149,17 @@ interface(`corecmd_exec_ls',`
########################################
## <interface name="corecmd_shell_spec_domtrans">
-## <description>
+## <desc>
## Execute a shell in the target domain. This
## is an explicit transition, requiring the
## caller to use setexeccon().
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the process performing this action.
-## </parameter>
-## <parameter name="target_domain">
+## </param>
+## <param name="target_domain">
## The type of the shell process.
-## </parameter>
+## </param>
## </interface>
#
interface(`corecmd_shell_spec_domtrans',`
@@ -185,15 +185,15 @@ interface(`corecmd_shell_spec_domtrans',`
########################################
## <interface name="corecmd_domtrans_shell">
-## <description>
+## <desc>
## Execute a shell in the target domain.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the process performing this action.
-## </parameter>
-## <parameter name="target_domain">
+## </param>
+## <param name="target_domain">
## The type of the shell process.
-## </parameter>
+## </param>
## </interface>
#
interface(`corecmd_domtrans_shell',`
diff --git a/refpolicy/policy/modules/system/domain.if b/refpolicy/policy/modules/system/domain.if
index 4088072..163fc4e 100644
--- a/refpolicy/policy/modules/system/domain.if
+++ b/refpolicy/policy/modules/system/domain.if
@@ -93,13 +93,13 @@ interface(`domain_dyntrans_type',`
########################################
## <interface name="domain_subj_id_change_exempt">
-## <description>
+## <desc>
## Makes caller an exception to the constraint preventing
## changing of user identity.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The process type to make an exception to the constraint.
-## </parameter>
+## </param>
## </interface>
#
interface(`domain_subj_id_change_exempt',`
@@ -112,13 +112,13 @@ interface(`domain_subj_id_change_exempt',`
########################################
## <interface name="domain_role_change_exempt">
-## <description>
+## <desc>
## Makes caller an exception to the constraint preventing
## changing of role.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The process type to make an exception to the constraint.
-## </parameter>
+## </param>
## </interface>
#
interface(`domain_role_change_exempt',`
@@ -131,13 +131,13 @@ interface(`domain_role_change_exempt',`
########################################
## <interface name="domain_obj_id_change_exempt">
-## <description>
+## <desc>
## Makes caller an exception to the constraint preventing
## changing the user identity in object contexts.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The process type to make an exception to the constraint.
-## </parameter>
+## </param>
## </interface>
#
interface(`domain_obj_id_change_exempt',`
@@ -189,12 +189,12 @@ interface(`domain_setpriority_all_domains',`
########################################
## <interface name="domain_signal_all_domains">
-## <description>
+## <desc>
## Send general signals to all domains.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the process performing this action.
-## </parameter>
+## </param>
## </interface>
#
interface(`domain_signal_all_domains',`
@@ -208,12 +208,12 @@ interface(`domain_signal_all_domains',`
########################################
## <interface name="domain_signull_all_domains">
-## <description>
+## <desc>
## Send a null signal to all domains.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the process performing this action.
-## </parameter>
+## </param>
## </interface>
#
interface(`domain_signull_all_domains',`
@@ -227,12 +227,12 @@ interface(`domain_signull_all_domains',`
########################################
## <interface name="domain_sigstop_all_domains">
-## <description>
+## <desc>
## Send a stop signal to all domains.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the process performing this action.
-## </parameter>
+## </param>
## </interface>
#
interface(`domain_sigstop_all_domains',`
@@ -246,12 +246,12 @@ interface(`domain_sigstop_all_domains',`
########################################
## <interface name="domain_sigchld_all_domains">
-## <description>
+## <desc>
## Send a child terminated signal to all domains.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the process performing this action.
-## </parameter>
+## </param>
## </interface>
#
interface(`domain_sigchld_all_domains',`
@@ -265,12 +265,12 @@ interface(`domain_sigchld_all_domains',`
########################################
## <interface name="domain_kill_all_domains">
-## <description>
+## <desc>
## Send a kill signal to all domains.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the process performing this action.
-## </parameter>
+## </param>
## </interface>
#
interface(`domain_kill_all_domains',`
@@ -286,12 +286,12 @@ interface(`domain_kill_all_domains',`
########################################
## <interface name="domain_read_all_domains_state">
-## <description>
+## <desc>
## Read the process state (/proc/pid) of all domains.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the process performing this action.
-## </parameter>
+## </param>
## </interface>
#
interface(`domain_read_all_domains_state',`
@@ -317,13 +317,13 @@ interface(`domain_read_all_domains_state',`
########################################
## <interface name="domain_dontaudit_list_all_domains_proc">
-## <description>
+## <desc>
## Do not audit attempts to read the process state
## directories of all domains.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the process performing this action.
-## </parameter>
+## </param>
## </interface>
#
interface(`domain_dontaudit_list_all_domains_proc',`
@@ -337,12 +337,12 @@ interface(`domain_dontaudit_list_all_domains_proc',`
########################################
## <interface name="domain_getsession_all_domains">
-## <description>
+## <desc>
## Get the session ID of all domains.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the process performing this action.
-## </parameter>
+## </param>
## </interface>
#
interface(`domain_getsession_all_domains',`
@@ -356,13 +356,13 @@ interface(`domain_getsession_all_domains',`
########################################
## <interface name="domain_dontaudit_getattr_all_udp_sockets">
-## <description>
+## <desc>
## Do not audit attempts to get the attributes
## of all domains UDP sockets.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the process performing this action.
-## </parameter>
+## </param>
## </interface>
#
interface(`domain_dontaudit_getattr_all_udp_sockets',`
@@ -376,13 +376,13 @@ interface(`domain_dontaudit_getattr_all_udp_sockets',`
########################################
## <interface name="domain_dontaudit_getattr_all_tcp_sockets">
-## <description>
+## <desc>
## Do not audit attempts to get the attributes
## of all domains TCP sockets.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the process performing this action.
-## </parameter>
+## </param>
## </interface>
#
interface(`domain_dontaudit_getattr_all_tcp_sockets',`
@@ -396,13 +396,13 @@ interface(`domain_dontaudit_getattr_all_tcp_sockets',`
########################################
## <interface name="domain_dontaudit_getattr_all_unix_dgram_sockets">
-## <description>
+## <desc>
## Do not audit attempts to get the attributes
## of all domains unix datagram sockets.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the process performing this action.
-## </parameter>
+## </param>
## </interface>
#
interface(`domain_dontaudit_getattr_all_unix_dgram_sockets',`
@@ -416,13 +416,13 @@ interface(`domain_dontaudit_getattr_all_unix_dgram_sockets',`
########################################
## <interface name="domain_dontaudit_getattr_all_unnamed_pipes">
-## <description>
+## <desc>
## Do not audit attempts to get the attributes
## of all domains unnamed pipes.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the process performing this action.
-## </parameter>
+## </param>
## </interface>
#
interface(`domain_dontaudit_getattr_all_unnamed_pipes',`
diff --git a/refpolicy/policy/modules/system/files.if b/refpolicy/policy/modules/system/files.if
index 7510c01..53fc9d3 100644
--- a/refpolicy/policy/modules/system/files.if
+++ b/refpolicy/policy/modules/system/files.if
@@ -2,7 +2,7 @@
## <summary>
## Basic filesystem types and interfaces.
## </summary>
-## <description>
+## <desc>
## <p>
## This module contains basic filesystem types and interfaces. This
## includes:
@@ -14,7 +14,7 @@
## (/, /etc, /tmp, /usr, etc.).</li>
## </ul>
## </p>
-## </description>
+## </desc>
########################################
#
@@ -84,13 +84,13 @@ interface(`files_tmp_file',`
########################################
## <interface name="files_tmpfs_file">
-## <description>
+## <desc>
## Transform the type into a file, for use on a
## virtual memory filesystem (tmpfs).
-## </description>
-## <parameter name="type">
+## </desc>
+## <param name="type">
## The type to be transformed.
-## </parameter>
+## </param>
## </interface>
#
interface(`files_tmpfs_file',`
@@ -126,17 +126,17 @@ interface(`files_getattr_all_files',`
########################################
## <interface name="files_relabel_all_files">
-## <description>
+## <desc>
## Relabel all files on the filesystem, except
## the listed exceptions.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the domain perfoming this action.
-## </parameter>
-## <parameter name="exception_types" optional="true">
+## </param>
+## <param name="exception_types" optional="true">
## The types to be excluded. Each type or attribute
## must be negated by the caller.
-## </parameter>
+## </param>
## </interface>
#
interface(`files_relabel_all_files',`
@@ -165,17 +165,17 @@ interface(`files_relabel_all_files',`
########################################
## <interface name="files_manage_all_files">
-## <description>
+## <desc>
## Manage all files on the filesystem, except
## the listed exceptions.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the domain perfoming this action.
-## </parameter>
-## <parameter name="exception_types" optional="true">
+## </param>
+## <param name="exception_types" optional="true">
## The types to be excluded. Each type or attribute
## must be negated by the caller.
-## </parameter>
+## </param>
## </interface>
#
interface(`files_manage_all_files',`
@@ -307,23 +307,23 @@ interface(`files_list_root',`
########################################
## <interface name="files_create_root">
-## <description>
+## <desc>
## Create an object in the root directory, with a private
## type. If no object class is specified, the
## default is file.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the process performing this action.
-## </parameter>
-## <parameter name="private type" optional="true">
+## </param>
+## <param name="private type" optional="true">
## The type of the object to be created. If no type
## is specified, the type of the root directory will
## be used.
-## </parameter>
-## <parameter name="object" optional="true">
+## </param>
+## <param name="object" optional="true">
## The object class of the object being created. If
## no class is specified, file will be used.
-## </parameter>
+## </param>
## </interface>
#
interface(`files_create_root',`
@@ -499,12 +499,12 @@ interface(`files_manage_generic_etc_files',`
########################################
## <interface name="files_delete_generic_etc_files">
-## <description>
+## <desc>
## Delete system configuration files in /etc.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the process performing this action.
-## </parameter>
+## </param>
## </interface>
#
interface(`files_delete_generic_etc_files',`
@@ -643,12 +643,12 @@ interface(`files_dontaudit_search_isid_type_dir',`
########################################
## <interface name="files_list_home">
-## <description>
+## <desc>
## Get listing home home directories.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the process performing this action.
-## </parameter>
+## </param>
## </interface>
#
interface(`files_list_home',`
@@ -744,12 +744,12 @@ interface(`files_read_usr_files',`
########################################
## <interface name="files_exec_usr_files">
-## <description>
+## <desc>
## Execute programs in /usr/src in the caller domain.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the process performing this action.
-## </parameter>
+## </param>
## </interface>
#
interface(`files_exec_usr_files',`
@@ -811,12 +811,12 @@ interface(`files_dontaudit_search_var',`
########################################
## <interface name="files_search_var_lib">
-## <description>
+## <desc>
## Search the /var/lib directory.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the process performing this action.
-## </parameter>
+## </param>
## </interface>
#
interface(`files_search_var_lib',`
@@ -988,12 +988,12 @@ interface(`files_rw_generic_pids',`
########################################
## <interface name="files_dontaudit_write_all_pids">
-## <description>
+## <desc>
## Do not audit attempts to write to daemon runtime data files.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the process performing this action.
-## </parameter>
+## </param>
## </interface>
#
interface(`files_dontaudit_write_all_pids',`
@@ -1007,12 +1007,12 @@ interface(`files_dontaudit_write_all_pids',`
########################################
## <interface name="files_dontaudit_ioctl_all_pids">
-## <description>
+## <desc>
## Do not audit attempts to ioctl daemon runtime data files.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the process performing this action.
-## </parameter>
+## </param>
## </interface>
#
interface(`files_dontaudit_ioctl_all_pids',`
diff --git a/refpolicy/policy/modules/system/getty.if b/refpolicy/policy/modules/system/getty.if
index adef284..a1d895f 100644
--- a/refpolicy/policy/modules/system/getty.if
+++ b/refpolicy/policy/modules/system/getty.if
@@ -3,12 +3,12 @@
########################################
## <interface name="getty_domtrans">
-## <description>
+## <desc>
## Execute gettys in the getty domain.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the process performing this action.
-## </parameter>
+## </param>
## </interface>
#
interface(`getty_domtrans',`
@@ -30,12 +30,12 @@ interface(`getty_domtrans',`
########################################
## <interface name="getty_read_log">
-## <description>
+## <desc>
## Allow process to read getty log file.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the process performing this action.
-## </parameter>
+## </param>
## </interface>
#
interface(`getty_read_log',`
@@ -50,12 +50,12 @@ interface(`getty_read_log',`
########################################
## <interface name="getty_read_config">
-## <description>
+## <desc>
## Allow process to read getty config file.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the process performing this action.
-## </parameter>
+## </param>
## </interface>
#
interface(`getty_read_config',`
@@ -70,12 +70,12 @@ interface(`getty_read_config',`
########################################
## <interface name="getty_modify_config">
-## <description>
+## <desc>
## Allow process to edit getty config file.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the process performing this action.
-## </parameter>
+## </param>
## </interface>
#
interface(`getty_modify_config',`
diff --git a/refpolicy/policy/modules/system/hostname.if b/refpolicy/policy/modules/system/hostname.if
index 9d0f67c..52cdcca 100644
--- a/refpolicy/policy/modules/system/hostname.if
+++ b/refpolicy/policy/modules/system/hostname.if
@@ -3,13 +3,13 @@
########################################
## <interface name="hostname_domtrans">
-## <description>
+## <desc>
## Execute hostname in the hostname domain.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the process performing this action.
## Has a sigchld signal backchannel.
-## </parameter>
+## </param>
## </interface>
#
interface(`hostname_domtrans',`
@@ -31,20 +31,20 @@ interface(`hostname_domtrans',`
########################################
## <interface name="hostname_run">
-## <description>
+## <desc>
## Execute hostname in the hostname domain, and
## allow the specified role the hostname domain.
## Has a sigchld signal backchannel.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the process performing this action.
-## </parameter>
-## <parameter name="role">
+## </param>
+## <param name="role">
## The role to be allowed the hostname domain.
-## </parameter>
-## <parameter name="terminal">
+## </param>
+## <param name="terminal">
## The type of the terminal allow the hostname domain to use.
-## </parameter>
+## </param>
## </interface>
#
interface(`hostname_run',`
@@ -60,13 +60,13 @@ interface(`hostname_run',`
########################################
## <interface name="hostname_exec">
-## <description>
+## <desc>
## Execute hostname in the hostname domain, and
## Has a sigchld signal backchannel.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the process performing this action.
-## </parameter>
+## </param>
## </interface>
#
interface(`hostname_exec',`
diff --git a/refpolicy/policy/modules/system/hotplug.if b/refpolicy/policy/modules/system/hotplug.if
index 94ec505..842f950 100644
--- a/refpolicy/policy/modules/system/hotplug.if
+++ b/refpolicy/policy/modules/system/hotplug.if
@@ -79,12 +79,12 @@ interface(`hotplug_dontaudit_search_config',`
########################################
## <interface name="hotplug_read_config">
-## <description>
+## <desc>
## Read the configuration files for hotplug.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the process performing this action.
-## </parameter>
+## </param>
## </interface>
#
interface(`hotplug_read_config',`
diff --git a/refpolicy/policy/modules/system/init.if b/refpolicy/policy/modules/system/init.if
index ef2354f..c7ecd2d 100644
--- a/refpolicy/policy/modules/system/init.if
+++ b/refpolicy/policy/modules/system/init.if
@@ -261,12 +261,12 @@ interface(`init_exec_script',`
########################################
## <interface name="init_read_script_process_state">
-## <description>
+## <desc>
## Read the process state (/proc/pid) of the init scripts.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the process performing this action.
-## </parameter>
+## </param>
## </interface>
#
interface(`init_read_script_process_state',`
@@ -331,12 +331,12 @@ interface(`init_get_script_process_group',`
########################################
## <interface name="init_rw_script_pipe">
-## <description>
+## <desc>
## Read and write init script unnamed pipes.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the process performing this action.
-## </parameter>
+## </param>
## </interface>
#
interface(`init_rw_script_pipe',`
@@ -377,12 +377,12 @@ interface(`init_dontaudit_use_script_pty',`
########################################
## <interface name="init_rw_script_tmp_files">
-## <description>
+## <desc>
## Read and write init script temporary data.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the process performing this action.
-## </parameter>
+## </param>
## </interface>
#
interface(`init_rw_script_tmp_files',`
diff --git a/refpolicy/policy/modules/system/iptables.if b/refpolicy/policy/modules/system/iptables.if
index 60d4da5..d8783d0 100644
--- a/refpolicy/policy/modules/system/iptables.if
+++ b/refpolicy/policy/modules/system/iptables.if
@@ -3,12 +3,12 @@
########################################
## <interface name="iptables_domtrans">
-## <description>
+## <desc>
## Execute iptables in the iptables domain.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the process performing this action.
-## </parameter>
+## </param>
## </interface>
#
interface(`iptables_domtrans',`
@@ -30,19 +30,19 @@ interface(`iptables_domtrans',`
########################################
## <interface name="iptables_run">
-## <description>
+## <desc>
## Execute iptables in the iptables domain, and
## allow the specified role the iptables domain.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the process performing this action.
-## </parameter>
-## <parameter name="role">
+## </param>
+## <param name="role">
## The role to be allowed the iptables domain.
-## </parameter>
-## <parameter name="terminal">
+## </param>
+## <param name="terminal">
## The type of the terminal allow the iptables domain to use.
-## </parameter>
+## </param>
## </interface>
#
interface(`iptables_run',`
@@ -58,12 +58,12 @@ interface(`iptables_run',`
########################################
## <interface name="iptables_exec">
-## <description>
+## <desc>
## Execute iptables in the caller domain.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the process performing this action.
-## </parameter>
+## </param>
## </interface>
#
interface(`iptables_exec',`
diff --git a/refpolicy/policy/modules/system/libraries.if b/refpolicy/policy/modules/system/libraries.if
index 2cd42f0..08449e0 100644
--- a/refpolicy/policy/modules/system/libraries.if
+++ b/refpolicy/policy/modules/system/libraries.if
@@ -3,12 +3,12 @@
########################################
## <interface name="libs_domtrans_ldconfig">
-## <description>
+## <desc>
## Execute ldconfig in the ldconfig domain.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the process performing this action.
-## </parameter>
+## </param>
## </interface>
#
interface(`libs_domtrans_ldconfig',`
@@ -30,18 +30,18 @@ interface(`libs_domtrans_ldconfig',`
########################################
## <interface name="libs_run_ldconfig">
-## <description>
+## <desc>
## Execute ldconfig in the ldconfig domain.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the process performing this action.
-## </parameter>
-## <parameter name="role">
+## </param>
+## <param name="role">
## The role to allow the ldconfig domain.
-## </parameter>
-## <parameter name="terminal">
+## </param>
+## <param name="terminal">
## The type of the terminal allow the ldconfig domain to use.
-## </parameter>
+## </param>
## </interface>
#
interface(`libs_run_ldconfig',`
@@ -57,13 +57,13 @@ interface(`libs_run_ldconfig',`
########################################
## <interface name="libs_use_ld_so">
-## <description>
+## <desc>
## Use the dynamic link/loader for automatic loading
## of shared libraries.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the process performing this action.
-## </parameter>
+## </param>
## </interface>
#
interface(`libs_use_ld_so',`
@@ -84,13 +84,13 @@ interface(`libs_use_ld_so',`
########################################
## <interface name="libs_legacy_use_ld_so">
-## <description>
+## <desc>
## Use the dynamic link/loader for automatic loading
## of shared libraries with legacy support.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the process performing this action.
-## </parameter>
+## </param>
## </interface>
#
interface(`libs_legacy_use_ld_so',`
@@ -106,14 +106,14 @@ interface(`libs_legacy_use_ld_so',`
########################################
## <interface name="libs_exec_ld_so">
-## <description>
+## <desc>
## Execute the dynamic link/loader in the caller's
## domain. This is commonly needed for the
## /usr/bin/ldd program.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the process performing this action.
-## </parameter>
+## </param>
## </interface>
#
interface(`libs_exec_ld_so',`
@@ -131,13 +131,13 @@ interface(`libs_exec_ld_so',`
########################################
## <interface name="libs_rw_ld_so_cache">
-## <description>
+## <desc>
## Modify the dynamic link/loader's cached listing
## of shared libraries.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the process performing this action.
-## </parameter>
+## </param>
## </interface>
#
interface(`libs_rw_ld_so_cache',`
@@ -152,12 +152,12 @@ interface(`libs_rw_ld_so_cache',`
########################################
## <interface name="libs_search_lib">
-## <description>
+## <desc>
## Search lib directories.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the process performing this action.
-## </parameter>
+## </param>
## </interface>
#
interface(`libs_search_lib',`
@@ -171,13 +171,13 @@ interface(`libs_search_lib',`
########################################
## <interface name="libs_read_lib">
-## <description>
+## <desc>
## Read files in the library directories, such
## as static libraries.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the process performing this action.
-## </parameter>
+## </param>
## </interface>
#
interface(`libs_read_lib',`
@@ -195,12 +195,12 @@ interface(`libs_read_lib',`
########################################
## <interface name="libs_exec_lib_files">
-## <description>
+## <desc>
## Execute library scripts in the caller domain.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the process performing this action.
-## </parameter>
+## </param>
## </interface>
#
interface(`libs_exec_lib_files',`
@@ -218,12 +218,12 @@ interface(`libs_exec_lib_files',`
########################################
## <interface name="libs_use_shared_libs">
-## <description>
+## <desc>
## Load and execute functions from shared libraries.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the process performing this action.
-## </parameter>
+## </param>
## </interface>
#
interface(`libs_use_shared_libs',`
@@ -243,13 +243,13 @@ interface(`libs_use_shared_libs',`
########################################
## <interface name="libs_legacy_use_shared_libs">
-## <description>
+## <desc>
## Load and execute functions from shared libraries,
## with legacy support.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the process performing this action.
-## </parameter>
+## </param>
## </interface>
#
interface(`libs_legacy_use_shared_libs',`
diff --git a/refpolicy/policy/modules/system/locallogin.if b/refpolicy/policy/modules/system/locallogin.if
index f089e62..fa9d179 100644
--- a/refpolicy/policy/modules/system/locallogin.if
+++ b/refpolicy/policy/modules/system/locallogin.if
@@ -3,12 +3,12 @@
########################################
## <interface name="locallogin_domtrans">
-## <description>
+## <desc>
## Execute local logins in the locallogin domain.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the process performing this action.
-## </parameter>
+## </param>
## </interface>
#
interface(`locallogin_domtrans',`
@@ -21,12 +21,12 @@ interface(`locallogin_domtrans',`
########################################
## <interface name="locallogin_use_fd">
-## <description>
+## <desc>
## Allow processes to inherit local login file descriptors
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the process performing this action.
-## </parameter>
+## </param>
## </interface>
#
interface(`locallogin_use_fd',`
diff --git a/refpolicy/policy/modules/system/logging.if b/refpolicy/policy/modules/system/logging.if
index b4271bd..4dcd83f 100644
--- a/refpolicy/policy/modules/system/logging.if
+++ b/refpolicy/policy/modules/system/logging.if
@@ -61,14 +61,14 @@ interface(`logging_send_syslog_msg',`
########################################
## <interface name="logging_search_logs">
-## <description>
+## <desc>
## Allows the domain to open a file in the
## log directory, but does not allow the listing
## of the contents of the log directory.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the process performing this action.
-## </parameter>
+## </param>
## </interface>
#
interface(`logging_search_logs',`
diff --git a/refpolicy/policy/modules/system/lvm.if b/refpolicy/policy/modules/system/lvm.if
index 9e90c7d..9b2a325 100644
--- a/refpolicy/policy/modules/system/lvm.if
+++ b/refpolicy/policy/modules/system/lvm.if
@@ -3,12 +3,12 @@
########################################
## <interface name="lvm_domtrans">
-## <description>
+## <desc>
## Execute lvm programs in the lvm domain.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the process performing this action.
-## </parameter>
+## </param>
## </interface>
#
interface(`lvm_domtrans',`
@@ -30,18 +30,18 @@ interface(`lvm_domtrans',`
########################################
## <interface name="lvm_run">
-## <description>
+## <desc>
## Execute lvm programs in the lvm domain.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the process performing this action.
-## </parameter>
-## <parameter name="role">
+## </param>
+## <param name="role">
## The role to allow the LVM domain.
-## </parameter>
-## <parameter name="terminal">
+## </param>
+## <param name="terminal">
## The type of the terminal allow the LVM domain to use.
-## </parameter>
+## </param>
## </interface>
#
interface(`lvm_run',`
@@ -57,12 +57,12 @@ interface(`lvm_run',`
########################################
## <interface name="lvm_read_config">
-## <description>
+## <desc>
## Read LVM configuration files.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the process performing this action.
-## </parameter>
+## </param>
## </interface>
#
interface(`lvm_read_config',`
diff --git a/refpolicy/policy/modules/system/miscfiles.if b/refpolicy/policy/modules/system/miscfiles.if
index 385af70..99549df 100644
--- a/refpolicy/policy/modules/system/miscfiles.if
+++ b/refpolicy/policy/modules/system/miscfiles.if
@@ -3,13 +3,13 @@
########################################
## <interface name="miscfiles_rw_man_cache">
-## <description>
+## <desc>
## Allow process to create files and dirs in /var/cache/man
## and /var/catman/
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## Type type of the process performing this action.
-## </parameter>
+## </param>
## </interface>
#
interface(`miscfiles_rw_man_cache',`
@@ -26,12 +26,12 @@ interface(`miscfiles_rw_man_cache',`
########################################
## <interface name="miscfiles_read_fonts">
-## <description>
+## <desc>
## Allow process to read fonts files
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## Type type of the process performing this action.
-## </parameter>
+## </param>
## </interface>
#
interface(`miscfiles_read_fonts',`
@@ -51,12 +51,12 @@ interface(`miscfiles_read_fonts',`
########################################
## <interface name="miscfiles_read_localization">
-## <description>
+## <desc>
## Allow process to read localization info
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## Type type of the process performing this action.
-## </parameter>
+## </param>
## </interface>
#
interface(`miscfiles_read_localization',`
@@ -80,12 +80,12 @@ interface(`miscfiles_read_localization',`
########################################
## <interface name="miscfiles_legacy_read_localization">
-## <description>
+## <desc>
## Allow process to read legacy time localization info
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## Type type of the process performing this action.
-## </parameter>
+## </param>
## </interface>
#
interface(`miscfiles_legacy_read_localization',`
@@ -100,12 +100,12 @@ interface(`miscfiles_legacy_read_localization',`
########################################
## <interface name="miscfiles_read_man_pages">
-## <description>
+## <desc>
## Allow process to read manpages
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## Type type of the process performing this action.
-## </parameter>
+## </param>
## </interface>
#
interface(`miscfiles_read_man_pages',`
diff --git a/refpolicy/policy/modules/system/modutils.if b/refpolicy/policy/modules/system/modutils.if
index 46af240..8c9eb47 100644
--- a/refpolicy/policy/modules/system/modutils.if
+++ b/refpolicy/policy/modules/system/modutils.if
@@ -3,12 +3,12 @@
########################################
## <interface name="modutils_read_kernel_module_dependencies">
-## <description>
+## <desc>
## Read the dependencies of kernel modules.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the process performing this action.
-## </parameter>
+## </param>
## </interface>
#
interface(`modutils_read_kernel_module_dependencies',`
@@ -23,13 +23,13 @@ interface(`modutils_read_kernel_module_dependencies',`
########################################
## <interface name="modutils_read_module_conf">
-## <description>
+## <desc>
## Read the configuration options used when
## loading modules.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the process performing this action.
-## </parameter>
+## </param>
## </interface>
#
interface(`modutils_read_module_conf',`
@@ -48,12 +48,12 @@ interface(`modutils_read_module_conf',`
########################################
## <interface name="modutils_domtrans_insmod">
-## <description>
+## <desc>
## Execute insmod in the insmod domain.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the process performing this action.
-## </parameter>
+## </param>
## </interface>
#
interface(`modutils_domtrans_insmod',`
@@ -75,21 +75,21 @@ interface(`modutils_domtrans_insmod',`
########################################
## <interface name="modutils_run_insmod">
-## <description>
+## <desc>
## Execute insmod in the insmod domain, and
## allow the specified role the insmod domain,
## and use the caller's terminal. Has a sigchld
## backchannel.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the process performing this action.
-## </parameter>
-## <parameter name="role">
+## </param>
+## <param name="role">
## The role to be allowed the insmod domain.
-## </parameter>
-## <parameter name="terminal">
+## </param>
+## <param name="terminal">
## The type of the terminal allow the insmod domain to use.
-## </parameter>
+## </param>
## </interface>
#
interface(`modutils_run_insmod',`
@@ -118,12 +118,12 @@ interface(`modutils_exec_insmod',`
########################################
## <interface name="modutils_domtrans_depmod">
-## <description>
+## <desc>
## Execute depmod in the depmod domain.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the process performing this action.
-## </parameter>
+## </param>
## </interface>
#
interface(`modutils_domtrans_depmod',`
@@ -145,18 +145,18 @@ interface(`modutils_domtrans_depmod',`
########################################
## <interface name="modutils_run_depmod">
-## <description>
+## <desc>
## Execute depmod in the depmod domain.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the process performing this action.
-## </parameter>
-## <parameter name="role">
+## </param>
+## <param name="role">
## The role to be allowed the depmod domain.
-## </parameter>
-## <parameter name="terminal">
+## </param>
+## <param name="terminal">
## The type of the terminal allow the depmod domain to use.
-## </parameter>
+## </param>
## </interface>
#
interface(`modutils_run_depmod',`
@@ -185,12 +185,12 @@ interface(`modutils_exec_depmod',`
########################################
## <interface name="modutils_domtrans_update_mods">
-## <description>
+## <desc>
## Execute depmod in the depmod domain.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the process performing this action.
-## </parameter>
+## </param>
## </interface>
#
interface(`modutils_domtrans_update_mods',`
@@ -212,18 +212,18 @@ interface(`modutils_domtrans_update_mods',`
########################################
## <interface name="modutils_run_update_mods">
-## <description>
+## <desc>
## Execute update_modules in the update_modules domain.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the process performing this action.
-## </parameter>
-## <parameter name="role">
+## </param>
+## <param name="role">
## The role to be allowed the update_modules domain.
-## </parameter>
-## <parameter name="terminal">
+## </param>
+## <param name="terminal">
## The type of the terminal allow the update_modules domain to use.
-## </parameter>
+## </param>
## </interface>
#
interface(`modutils_run_update_mods',`
diff --git a/refpolicy/policy/modules/system/mount.if b/refpolicy/policy/modules/system/mount.if
index 3c63e29..ec6c88a 100644
--- a/refpolicy/policy/modules/system/mount.if
+++ b/refpolicy/policy/modules/system/mount.if
@@ -3,12 +3,12 @@
########################################
## <interface name="mount_domtrans">
-## <description>
+## <desc>
## Execute mount in the mount domain.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the process performing this action.
-## </parameter>
+## </param>
## </interface>
#
interface(`mount_domtrans',`
@@ -29,20 +29,20 @@ interface(`mount_domtrans',`
########################################
## <interface name="mount_run">
-## <description>
+## <desc>
## Execute mount in the mount domain, and
## allow the specified role the mount domain,
## and use the caller's terminal.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the process performing this action.
-## </parameter>
-## <parameter name="role">
+## </param>
+## <param name="role">
## The role to be allowed the mount domain.
-## </parameter>
-## <parameter name="terminal">
+## </param>
+## <param name="terminal">
## The type of the terminal allow the mount domain to use.
-## </parameter>
+## </param>
## </interface>
#
interface(`mount_run',`
@@ -58,12 +58,12 @@ interface(`mount_run',`
########################################
## <interface name="mount_use_fd">
-## <description>
+## <desc>
## Use file descriptors for mount.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the process performing this action.
-## </parameter>
+## </param>
## </interface>
#
interface(`mount_use_fd',`
@@ -77,13 +77,13 @@ interface(`mount_use_fd',`
########################################
## <interface name="mount_send_nfs_client_request">
-## <description>
+## <desc>
## Allow the mount domain to send nfs requests for mounting
## network drives
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the process performing this action.
-## </parameter>
+## </param>
## </interface>
#
interface(`mount_send_nfs_client_request',`
diff --git a/refpolicy/policy/modules/system/selinuxutil.if b/refpolicy/policy/modules/system/selinuxutil.if
index 0767bb7..e42bd22 100644
--- a/refpolicy/policy/modules/system/selinuxutil.if
+++ b/refpolicy/policy/modules/system/selinuxutil.if
@@ -3,12 +3,12 @@
#######################################
## <interface name="seutil_domtrans_checkpol">
-## <description>
+## <desc>
## Execute checkpolicy in the checkpolicy domain.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the process performing this action.
-## </parameter>
+## </param>
## </interface>
#
interface(`seutil_domtrans_checkpol',`
@@ -31,21 +31,21 @@ interface(`seutil_domtrans_checkpol',`
########################################
## <interface name="seutil_run_checkpol">
-## <description>
+## <desc>
## Execute checkpolicy in the checkpolicy domain, and
## allow the specified role the checkpolicy domain,
## and use the caller's terminal.
## Has a SIGCHLD signal backchannel.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the process performing this action.
-## </parameter>
-## <parameter name="role">
+## </param>
+## <param name="role">
## The role to be allowed the checkpolicy domain.
-## </parameter>
-## <parameter name="terminal">
+## </param>
+## <param name="terminal">
## The type of the terminal allow the checkpolicy domain to use.
-## </parameter>
+## </param>
## </interface>
#
interface(`seutil_run_checkpol',`
@@ -75,12 +75,12 @@ interface(`seutil_exec_checkpol',`
#######################################
## <interface name="seutil_domtrans_loadpol">
-## <description>
+## <desc>
## Execute load_policy in the load_policy domain.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the process performing this action.
-## </parameter>
+## </param>
## </interface>
#
interface(`seutil_domtrans_loadpol',`
@@ -102,21 +102,21 @@ interface(`seutil_domtrans_loadpol',`
########################################
## <interface name="seutil_run_loadpol">
-## <description>
+## <desc>
## Execute load_policy in the load_policy domain, and
## allow the specified role the load_policy domain,
## and use the caller's terminal.
## Has a SIGCHLD signal backchannel.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the process performing this action.
-## </parameter>
-## <parameter name="role">
+## </param>
+## <param name="role">
## The role to be allowed the load_policy domain.
-## </parameter>
-## <parameter name="terminal">
+## </param>
+## <param name="terminal">
## The type of the terminal allow the load_policy domain to use.
-## </parameter>
+## </param>
## </interface>
#
interface(`seutil_run_loadpol',`
@@ -159,12 +159,12 @@ interface(`seutil_read_loadpol',`
#######################################
## <interface name="seutil_domtrans_newrole">
-## <description>
+## <desc>
## Execute newrole in the load_policy domain.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the process performing this action.
-## </parameter>
+## </param>
## </interface>
#
interface(`seutil_domtrans_newrole',`
@@ -187,20 +187,20 @@ interface(`seutil_domtrans_newrole',`
########################################
## <interface name="seutil_run_newrole">
-## <description>
+## <desc>
## Execute newrole in the newrole domain, and
## allow the specified role the newrole domain,
## and use the caller's terminal.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the process performing this action.
-## </parameter>
-## <parameter name="role">
+## </param>
+## <param name="role">
## The role to be allowed the newrole domain.
-## </parameter>
-## <parameter name="terminal">
+## </param>
+## <param name="terminal">
## The type of the terminal allow the newrole domain to use.
-## </parameter>
+## </param>
## </interface>
#
interface(`seutil_run_newrole',`
@@ -230,13 +230,13 @@ interface(`seutil_exec_newrole',`
########################################
## <interface name="seutil_dontaudit_newrole_signal">
-## <description>
+## <desc>
## Do not audit the caller attempts to send
## a signal to newrole.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the process performing this action.
-## </parameter>
+## </param>
## </interface>
#
interface(`seutil_dontaudit_newrole_signal',`
@@ -276,12 +276,12 @@ interface(`seutil_use_newrole_fd',`
#######################################
## <interface name="seutil_domtrans_restorecon">
-## <description>
+## <desc>
## Execute restorecon in the restorecon domain.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the process performing this action.
-## </parameter>
+## </param>
## </interface>
#
interface(`seutil_domtrans_restorecon',`
@@ -303,20 +303,20 @@ interface(`seutil_domtrans_restorecon',`
########################################
## <interface name="seutil_run_restorecon">
-## <description>
+## <desc>
## Execute restorecon in the restorecon domain, and
## allow the specified role the restorecon domain,
## and use the caller's terminal.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the process performing this action.
-## </parameter>
-## <parameter name="role">
+## </param>
+## <param name="role">
## The role to be allowed the restorecon domain.
-## </parameter>
-## <parameter name="terminal">
+## </param>
+## <param name="terminal">
## The type of the terminal allow the restorecon domain to use.
-## </parameter>
+## </param>
## </interface>
#
interface(`seutil_run_restorecon',`
@@ -345,12 +345,12 @@ interface(`seutil_exec_restorecon',`
########################################
## <interface name="seutil_domtrans_runinit">
-## <description>
+## <desc>
## Execute run_init in the run_init domain.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the process performing this action.
-## </parameter>
+## </param>
## </interface>
#
interface(`seutil_domtrans_runinit',`
@@ -373,20 +373,20 @@ interface(`seutil_domtrans_runinit',`
########################################
## <interface name="seutil_run_runinit">
-## <description>
+## <desc>
## Execute run_init in the run_init domain, and
## allow the specified role the run_init domain,
## and use the caller's terminal.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the process performing this action.
-## </parameter>
-## <parameter name="role">
+## </param>
+## <param name="role">
## The role to be allowed the run_init domain.
-## </parameter>
-## <parameter name="terminal">
+## </param>
+## <param name="terminal">
## The type of the terminal allow the run_init domain to use.
-## </parameter>
+## </param>
## </interface>
#
interface(`seutil_run_runinit',`
@@ -415,12 +415,12 @@ interface(`seutil_use_runinit_fd',`
########################################
## <interface name="seutil_domtrans_setfiles">
-## <description>
+## <desc>
## Execute setfiles in the setfiles domain.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the process performing this action.
-## </parameter>
+## </param>
## </interface>
#
interface(`seutil_domtrans_setfiles',`
@@ -443,20 +443,20 @@ interface(`seutil_domtrans_setfiles',`
########################################
## <interface name="seutil_run_setfiles">
-## <description>
+## <desc>
## Execute setfiles in the setfiles domain, and
## allow the specified role the setfiles domain,
## and use the caller's terminal.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the process performing this action.
-## </parameter>
-## <parameter name="role">
+## </param>
+## <param name="role">
## The role to be allowed the setfiles domain.
-## </parameter>
-## <parameter name="terminal">
+## </param>
+## <param name="terminal">
## The type of the terminal allow the setfiles domain to use.
-## </parameter>
+## </param>
## </interface>
#
interface(`seutil_run_setfiles',`
@@ -572,12 +572,12 @@ interface(`seutil_create_binary_pol',`
########################################
## <interface name="seutil_relabelto_binary_pol">
-## <description>
+## <desc>
## Allow the caller to relabel a file to the binary policy type.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the process performing this action.
-## </parameter>
+## </param>
## </interface>
#
interface(`seutil_relabelto_binary_pol',`
diff --git a/refpolicy/policy/modules/system/sysnetwork.if b/refpolicy/policy/modules/system/sysnetwork.if
index d5a0808..1aa265d 100644
--- a/refpolicy/policy/modules/system/sysnetwork.if
+++ b/refpolicy/policy/modules/system/sysnetwork.if
@@ -3,12 +3,12 @@
#######################################
## <interface name="sysnet_domtrans_dhcpc">
-## <description>
+## <desc>
## Execute dhcp client in dhcpc domain.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the process performing this action.
-## </parameter>
+## </param>
## </interface>
#
interface(`sysnet_domtrans_dhcpc',`
@@ -30,12 +30,12 @@ interface(`sysnet_domtrans_dhcpc',`
#######################################
## <interface name="sysnet_domtrans_ifconfig">
-## <description>
+## <desc>
## Execute ifconfig in the ifconfig domain.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the process performing this action.
-## </parameter>
+## </param>
## </interface>
#
interface(`sysnet_domtrans_ifconfig',`
@@ -57,20 +57,20 @@ interface(`sysnet_domtrans_ifconfig',`
########################################
## <interface name="sysnet_run_ifconfig">
-## <description>
+## <desc>
## Execute ifconfig in the ifconfig domain, and
## allow the specified role the ifconfig domain,
## and use the caller's terminal.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the process performing this action.
-## </parameter>
-## <parameter name="role">
+## </param>
+## <param name="role">
## The role to be allowed the ifconfig domain.
-## </parameter>
-## <parameter name="terminal">
+## </param>
+## <param name="terminal">
## The type of the terminal allow the ifconfig domain to use.
-## </parameter>
+## </param>
## </interface>
#
interface(`sysnet_run_ifconfig',`
@@ -87,12 +87,12 @@ interface(`sysnet_run_ifconfig',`
#######################################
## <interface name="sysnet_read_config">
-## <description>
+## <desc>
## Allow network init to read network config files.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the process performing this action.
-## </parameter>
+## </param>
## </interface>
#
interface(`sysnet_read_config',`
diff --git a/refpolicy/policy/modules/system/udev.if b/refpolicy/policy/modules/system/udev.if
index 0dd6da7..33d2815 100644
--- a/refpolicy/policy/modules/system/udev.if
+++ b/refpolicy/policy/modules/system/udev.if
@@ -3,12 +3,12 @@
########################################
## <interface name="udev_domtrans">
-## <description>
+## <desc>
## Execute udev in the udev domain.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the process performing this action.
-## </parameter>
+## </param>
## </interface>
#
interface(`udev_domtrans',`
@@ -29,12 +29,12 @@ interface(`udev_domtrans',`
########################################
## <interface name="udev_read_db">
-## <description>
+## <desc>
## Allow process to read list of devices.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the process performing this action.
-## </parameter>
+## </param>
## </interface>
#
interface(`udev_read_db',`
@@ -49,12 +49,12 @@ interface(`udev_read_db',`
########################################
## <interface name="udev_rw_db">
-## <description>
+## <desc>
## Allow process to modify list of devices.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the process performing this action.
-## </parameter>
+## </param>
## </interface>
#
interface(`udev_rw_db',`
diff --git a/refpolicy/policy/modules/system/userdomain.if b/refpolicy/policy/modules/system/userdomain.if
index 22927d5..b05018b 100644
--- a/refpolicy/policy/modules/system/userdomain.if
+++ b/refpolicy/policy/modules/system/userdomain.if
@@ -810,14 +810,14 @@ template(`admin_domain_template',`
########################################
## <interface name="userdom_spec_domtrans_all_users">
-## <description>
+## <desc>
## Execute a shell in all user domains. This
## is an explicit transition, requiring the
## caller to use setexeccon().
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the process performing this action.
-## </parameter>
+## </param>
## </interface>
#
interface(`userdom_spec_domtrans_all_users',`
@@ -830,14 +830,14 @@ interface(`userdom_spec_domtrans_all_users',`
########################################
## <interface name="userdom_spec_domtrans_unpriv_users">
-## <description>
+## <desc>
## Execute a shell in all unprivileged user domains. This
## is an explicit transition, requiring the
## caller to use setexeccon().
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the process performing this action.
-## </parameter>
+## </param>
## </interface>
#
interface(`userdom_spec_domtrans_unpriv_users',`
@@ -850,12 +850,12 @@ interface(`userdom_spec_domtrans_unpriv_users',`
########################################
## <interface name="userdom_shell_domtrans_sysadm">
-## <description>
+## <desc>
## Execute a shell in the sysadm domain.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the process performing this action.
-## </parameter>
+## </param>
## </interface>
#
interface(`userdom_shell_domtrans_sysadm',`
@@ -868,12 +868,12 @@ interface(`userdom_shell_domtrans_sysadm',`
########################################
## <interface name="userdom_use_sysadm_tty">
-## <description>
+## <desc>
## Read and write sysadm ttys.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the process performing this action.
-## </parameter>
+## </param>
## </interface>
#
interface(`userdom_use_sysadm_tty',`
@@ -889,12 +889,12 @@ interface(`userdom_use_sysadm_tty',`
########################################
## <interface name="userdom_use_sysadm_terms">
-## <description>
+## <desc>
## Read and write sysadm ttys and ptys.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the process performing this action.
-## </parameter>
+## </param>
## </interface>
#
interface(`userdom_use_sysadm_terms',`
@@ -910,12 +910,12 @@ interface(`userdom_use_sysadm_terms',`
########################################
## <interface name="userdom_dontaudit_use_sysadm_terms">
-## <description>
+## <desc>
## Do not audit attempts to use admin ttys and ptys.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the process performing this action.
-## </parameter>
+## </param>
## </interface>
#
interface(`userdom_dontaudit_use_sysadm_terms',`
@@ -929,12 +929,12 @@ interface(`userdom_dontaudit_use_sysadm_terms',`
########################################
## <interface name="userdom_search_all_users_home">
-## <description>
+## <desc>
## Search all users home directories.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the process performing this action.
-## </parameter>
+## </param>
## </interface>
#
interface(`userdom_search_all_users_home',`
@@ -949,12 +949,12 @@ interface(`userdom_search_all_users_home',`
########################################
## <interface name="userdom_read_all_user_data">
-## <description>
+## <desc>
## Read all files in all users home directories.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the process performing this action.
-## </parameter>
+## </param>
## </interface>
#
interface(`userdom_read_all_user_data',`
@@ -971,12 +971,12 @@ interface(`userdom_read_all_user_data',`
########################################
## <interface name="userdom_use_all_user_fd">
-## <description>
+## <desc>
## Inherit the file descriptors from all user domains
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the process performing this action.
-## </parameter>
+## </param>
## </interface>
#
interface(`userdom_use_all_user_fd',`
@@ -990,12 +990,12 @@ interface(`userdom_use_all_user_fd',`
########################################
## <interface name="userdom_signal_all_users">
-## <description>
+## <desc>
## Send general signals to all user domains.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the process performing this action.
-## </parameter>
+## </param>
## </interface>
#
interface(`userdom_signal_all_users',`
@@ -1009,12 +1009,12 @@ interface(`userdom_signal_all_users',`
########################################
## <interface name="userdom_signal_unpriv_users">
-## <description>
+## <desc>
## Send general signals to unprivileged user domains.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the process performing this action.
-## </parameter>
+## </param>
## </interface>
#
interface(`userdom_signal_unpriv_users',`
@@ -1028,12 +1028,12 @@ interface(`userdom_signal_unpriv_users',`
########################################
## <interface name="userdom_use_unpriv_users_fd">
-## <description>
+## <desc>
## Inherit the file descriptors from all user domains.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the process performing this action.
-## </parameter>
+## </param>
## </interface>
#
interface(`userdom_use_unpriv_users_fd',`
@@ -1047,13 +1047,13 @@ interface(`userdom_use_unpriv_users_fd',`
########################################
## <interface name="userdom_dontaudit_use_unpriv_user_fd">
-## <description>
+## <desc>
## Do not audit attempts to inherit the
## file descriptors from all user domains.
-## </description>
-## <parameter name="domain">
+## </desc>
+## <param name="domain">
## The type of the process performing this action.
-## </parameter>
+## </param>
## </interface>
#
interface(`userdom_dontaudit_use_unpriv_user_fd',`
More information about the scm-commits
mailing list