[selinux-policy: 2453/3172] Improve the documentation of domain interfaces: domain_type() domain_use_interactive_fds()

Daniel J Walsh dwalsh at fedoraproject.org
Thu Oct 7 22:37:48 UTC 2010 

commit 88daf126f29a667808a4119a8712df790c468e85
Author: Chris PeBenito <cpebenito at tresys.com>
Date:   Tue Mar 2 12:52:07 2010 -0500

    Improve the documentation of domain interfaces:
    domain_type()
    domain_use_interactive_fds()

 policy/modules/kernel/domain.if |   40 +++++++++++++++++++++++++++++++++++++++
 1 files changed, 40 insertions(+), 0 deletions(-)
---
diff --git a/policy/modules/kernel/domain.if b/policy/modules/kernel/domain.if
index 5667bcc..6c0c20b 100644
--- a/policy/modules/kernel/domain.if
+++ b/policy/modules/kernel/domain.if
@@ -35,11 +35,42 @@ interface(`domain_base_type',`
 ## <summary>
 ##	Make the specified type usable as a domain.
 ## </summary>
+## <desc>
+##	<p>
+##	Make the specified type usable as a domain.  This,
+##	or an interface that calls this interface, must be
+##	used on all types that are used as domains.
+##	</p>
+##	<p>
+##	Related interfaces:
+##	</p>
+##	<ul>
+##		<li>application_domain()</li>
+##		<li>init_daemon_domain()</li>
+##		<li>init_domaion()</li>
+##		<li>init_ranged_daemon_domain()</li>
+##		<li>init_ranged_domain()</li>
+##		<li>init_ranged_system_domain()</li>
+##		<li>init_script_domain()</li>
+##		<li>init_system_domain()</li>
+##	</ul>
+##	<p>
+##	Example:
+##	</p>
+##	<p>
+##	type mydomain_t;
+##	domain_type(mydomain_t)
+##	type myfile_t;
+##	files_type(myfile_t)
+##	allow mydomain_t myfile_t:file read_file_perms;
+##	</p>
+## </desc>
 ## <param name="type">
 ##	<summary>
 ##	Type to be used as a domain type.
 ##	</summary>
 ## </param>
+## <infoflow type="none"/>
 #
 interface(`domain_type',`
 	# start with basic domain
@@ -340,11 +371,20 @@ interface(`domain_cron_exemption_target',`
 ##	Inherit and use file descriptors from
 ##	domains with interactive programs.
 ## </summary>
+## <desc>
+##	<p>
+##	Allow the specified domain to inherit and use file
+##	descriptors from domains with interactive programs. 
+##	This does not allow access to the objects being referenced
+##	by the file descriptors.
+##	</p>
+## </desc>
 ## <param name="domain">
 ##	<summary>
 ##	Domain allowed access.
 ##	</summary>
 ## </param>
+## <infoflow type="read" weight="1"/>
 #
 interface(`domain_use_interactive_fds',`
 	gen_require(`

More information about the scm-commits mailing list