* [refpolicy] [ kernel layer patch 1/1] kernel: domain { allowed to transition, allowed access, to not audit }.
@ 2010-08-03 15:55 Dominick Grift
0 siblings, 0 replies; only message in thread
From: Dominick Grift @ 2010-08-03 15:55 UTC (permalink / raw)
To: refpolicy
Signed-off-by: Dominick Grift <domg472@gmail.com>
---
:100644 100644 314731b... ef1d72a... M policy/modules/kernel/corecommands.if
:100644 100644 f13a505... cac0c64... M policy/modules/kernel/devices.if
:100644 100644 deb03ea... 41f36ed... M policy/modules/kernel/domain.if
:100644 100644 28cb589... 8d3dfad... M policy/modules/kernel/files.if
:100644 100644 9b79f4a... e3e17ba... M policy/modules/kernel/filesystem.if
:100644 100644 547fcf4... 5bb8b30... M policy/modules/kernel/kernel.if
:100644 100644 677f82a... f8b357c... M policy/modules/kernel/selinux.if
:100644 100644 7b8a19c... fac255a... M policy/modules/kernel/storage.if
:100644 100644 f623b72... 85655a4... M policy/modules/kernel/terminal.if
policy/modules/kernel/corecommands.if | 18 +++---
policy/modules/kernel/devices.if | 64 ++++++++++++------------
policy/modules/kernel/domain.if | 38 +++++++-------
policy/modules/kernel/files.if | 56 ++++++++++----------
policy/modules/kernel/filesystem.if | 34 ++++++------
policy/modules/kernel/kernel.if | 90 ++++++++++++++++----------------
policy/modules/kernel/selinux.if | 20 ++++----
policy/modules/kernel/storage.if | 10 ++--
policy/modules/kernel/terminal.if | 38 +++++++-------
9 files changed, 184 insertions(+), 184 deletions(-)
diff --git a/policy/modules/kernel/corecommands.if b/policy/modules/kernel/corecommands.if
index 314731b..ef1d72a 100644
--- a/policy/modules/kernel/corecommands.if
+++ b/policy/modules/kernel/corecommands.if
@@ -131,7 +131,7 @@ interface(`corecmd_search_bin',`
## </summary>
## <param name="domain">
## <summary>
-## Domain allowed access.
+## Domain to not audit.
## </summary>
## </param>
#
@@ -167,7 +167,7 @@ interface(`corecmd_list_bin',`
## </summary>
## <param name="domain">
## <summary>
-## Domain allowed access.
+## Domain to not audit.
## </summary>
## </param>
#
@@ -410,7 +410,7 @@ interface(`corecmd_mmap_bin_files',`
## </desc>
## <param name="domain">
## <summary>
-## Domain allowed access.
+## Domain allowed to transition.
## </summary>
## </param>
## <param name="target_domain">
@@ -453,7 +453,7 @@ interface(`corecmd_bin_spec_domtrans',`
## </desc>
## <param name="domain">
## <summary>
-## Domain allowed access.
+## Domain allowed to transition.
## </summary>
## </param>
## <param name="target_domain">
@@ -713,7 +713,7 @@ interface(`corecmd_mmap_sbin_files',`
## </desc>
## <param name="domain">
## <summary>
-## Domain allowed access.
+## Domain allowed to transition.
## </summary>
## </param>
## <param name="target_domain">
@@ -754,7 +754,7 @@ interface(`corecmd_sbin_domtrans',`
## </desc>
## <param name="domain">
## <summary>
-## Domain allowed access.
+## Domain allowed to transition.
## </summary>
## </param>
## <param name="target_domain">
@@ -861,7 +861,7 @@ interface(`corecmd_exec_ls',`
## </desc>
## <param name="domain">
## <summary>
-## Domain allowed access.
+## Domain allowed to transition.
## </summary>
## </param>
## <param name="target_domain">
@@ -896,7 +896,7 @@ interface(`corecmd_shell_spec_domtrans',`
## </desc>
## <param name="domain">
## <summary>
-## Domain allowed access.
+## Domain allowed to transition.
## </summary>
## </param>
## <param name="target_domain">
@@ -1001,7 +1001,7 @@ interface(`corecmd_exec_all_executables',`
## </summary>
## <param name="domain">
## <summary>
-## Domain allowed access.
+## Domain allowed to not audit.
## </summary>
## </param>
#
diff --git a/policy/modules/kernel/devices.if b/policy/modules/kernel/devices.if
index f13a505..cac0c64 100644
--- a/policy/modules/kernel/devices.if
+++ b/policy/modules/kernel/devices.if
@@ -77,7 +77,7 @@ interface(`dev_node',`
## </summary>
## <param name="domain">
## <summary>
-## Domain allowed to relabel.
+## Domain allowed access.
## </summary>
## </param>
## <rolecap/>
@@ -103,7 +103,7 @@ interface(`dev_relabel_all_dev_nodes',`
## </summary>
## <param name="domain">
## <summary>
-## Domain allowed to list device nodes.
+## Domain allowed access.
## </summary>
## </param>
#
@@ -140,7 +140,7 @@ interface(`dev_setattr_generic_dirs',`
## </summary>
## <param name="domain">
## <summary>
-## Domain to dontaudit listing of device nodes.
+## Domain to not audit.
## </summary>
## </param>
#
@@ -158,7 +158,7 @@ interface(`dev_dontaudit_list_all_dev_nodes',`
## </summary>
## <param name="domain">
## <summary>
-## Domain allowed to add entries.
+## Domain allowed access.
## </summary>
## </param>
#
@@ -176,7 +176,7 @@ interface(`dev_add_entry_generic_dirs',`
## </summary>
## <param name="domain">
## <summary>
-## Domain allowed to add entries.
+## Domain allowed access.
## </summary>
## </param>
#
@@ -194,7 +194,7 @@ interface(`dev_remove_entry_generic_dirs',`
## </summary>
## <param name="domain">
## <summary>
-## Domain allowed to create the directory.
+## Domain allowed access.
## </summary>
## </param>
#
@@ -213,7 +213,7 @@ interface(`dev_create_generic_dirs',`
## </summary>
## <param name="domain">
## <summary>
-## Domain allowed to create the directory.
+## Domain allowed access.
## </summary>
## </param>
#
@@ -231,7 +231,7 @@ interface(`dev_delete_generic_dirs',`
## </summary>
## <param name="domain">
## <summary>
-## Domain allowed to relabel.
+## Domain allowed access.
## </summary>
## </param>
#
@@ -249,7 +249,7 @@ interface(`dev_manage_generic_dirs',`
## </summary>
## <param name="domain">
## <summary>
-## Domain allowed to relabel.
+## Domain allowed access.
## </summary>
## </param>
#
@@ -321,7 +321,7 @@ interface(`dev_delete_generic_files',`
## </summary>
## <param name="domain">
## <summary>
-## Domain allowed to create the files.
+## Domain allowed access.
## </summary>
## </param>
#
@@ -339,7 +339,7 @@ interface(`dev_manage_generic_files',`
## </summary>
## <param name="domain">
## <summary>
-## Domain to dontaudit.
+## Domain to not audit.
## </summary>
## </param>
#
@@ -375,7 +375,7 @@ interface(`dev_getattr_generic_blk_files',`
## </summary>
## <param name="domain">
## <summary>
-## Domain to dontaudit access.
+## Domain to not audit.
## </summary>
## </param>
#
@@ -393,7 +393,7 @@ interface(`dev_dontaudit_getattr_generic_blk_files',`
## </summary>
## <param name="domain">
## <summary>
-## Domain to dontaudit access.
+## Domain to not audit.
## </summary>
## </param>
#
@@ -465,7 +465,7 @@ interface(`dev_getattr_generic_chr_files',`
## </summary>
## <param name="domain">
## <summary>
-## Domain to dontaudit access.
+## Domain to not audit.
## </summary>
## </param>
#
@@ -483,7 +483,7 @@ interface(`dev_dontaudit_getattr_generic_chr_files',`
## </summary>
## <param name="domain">
## <summary>
-## Domain to dontaudit access.
+## Domain to not audit.
## </summary>
## </param>
#
@@ -682,7 +682,7 @@ interface(`dev_manage_all_dev_nodes',`
## </summary>
## <param name="domain">
## <summary>
-## Domain to dontaudit access.
+## Domain to not audit.
## </summary>
## </param>
#
@@ -816,7 +816,7 @@ interface(`dev_getattr_all_blk_files',`
## </summary>
## <param name="domain">
## <summary>
-## Domain to dontaudit access.
+## Domain to not audit.
## </summary>
## </param>
#
@@ -854,7 +854,7 @@ interface(`dev_getattr_all_chr_files',`
## </summary>
## <param name="domain">
## <summary>
-## Domain to dontaudit access.
+## Domain to not audit.
## </summary>
## </param>
#
@@ -1636,7 +1636,7 @@ interface(`dev_rw_dri',`
## </summary>
## <param name="domain">
## <summary>
-## Domain to dontaudit access.
+## Domain to not audit.
## </summary>
## </param>
#
@@ -1838,7 +1838,7 @@ interface(`dev_read_framebuffer',`
## </summary>
## <param name="domain">
## <summary>
-## Domain allowed access.
+## Domain to not audit.
## </summary>
## </param>
#
@@ -2181,7 +2181,7 @@ interface(`dev_rw_lvm_control',`
## </summary>
## <param name="domain">
## <summary>
-## Domain allowed access.
+## Domain to not audit.
## </summary>
## </param>
#
@@ -2217,7 +2217,7 @@ interface(`dev_delete_lvm_control_dev',`
## </summary>
## <param name="domain">
## <summary>
-## Domain allowed access.
+## Domain to not audit.
## </summary>
## </param>
#
@@ -2355,7 +2355,7 @@ interface(`dev_getattr_misc_dev',`
## </summary>
## <param name="domain">
## <summary>
-## Domain allowed access.
+## Domain to not audit.
## </summary>
## </param>
#
@@ -2392,7 +2392,7 @@ interface(`dev_setattr_misc_dev',`
## </summary>
## <param name="domain">
## <summary>
-## Domain allowed access.
+## Domain to not audit.
## </summary>
## </param>
#
@@ -2870,7 +2870,7 @@ interface(`dev_create_null_dev',`
## </summary>
## <param name="domain">
## <summary>
-## Domain allowed access.
+## Domain to not audit.
## </summary>
## </param>
#
@@ -3106,7 +3106,7 @@ interface(`dev_read_rand',`
## </summary>
## <param name="domain">
## <summary>
-## Domain allowed access.
+## Domain to not audit.
## </summary>
## </param>
#
@@ -3125,7 +3125,7 @@ interface(`dev_dontaudit_read_rand',`
## </summary>
## <param name="domain">
## <summary>
-## Domain allowed access.
+## Domain to not audit.
## </summary>
## </param>
#
@@ -3489,7 +3489,7 @@ interface(`dev_getattr_smartcard_dev',`
## </summary>
## <param name="domain">
## <summary>
-## Domain allowed access.
+## Domain to not audit.
## </summary>
## </param>
#
@@ -3580,7 +3580,7 @@ interface(`dev_search_sysfs',`
## </summary>
## <param name="domain">
## <summary>
-## Domain allowed access.
+## Domain to not audit.
## </summary>
## </param>
#
@@ -3665,7 +3665,7 @@ interface(`dev_read_sysfs',`
## </summary>
## <param name="domain">
## <summary>
-## The process type modifying hardware state information.
+## Domain allowed access.
## </summary>
## </param>
#
@@ -3946,7 +3946,7 @@ interface(`dev_search_usbfs',`
## </summary>
## <param name="domain">
## <summary>
-## The process type getting the list.
+## Domain allowed access.
## </summary>
## </param>
#
@@ -4007,7 +4007,7 @@ interface(`dev_read_usbfs',`
## </summary>
## <param name="domain">
## <summary>
-## The process type modifying the options.
+## Domain allowed access.
## </summary>
## </param>
#
diff --git a/policy/modules/kernel/domain.if b/policy/modules/kernel/domain.if
index deb03ea..41f36ed 100644
--- a/policy/modules/kernel/domain.if
+++ b/policy/modules/kernel/domain.if
@@ -402,7 +402,7 @@ interface(`domain_use_interactive_fds',`
## </summary>
## <param name="domain">
## <summary>
-## Domain allowed access.
+## Domain to not audit.
## </summary>
## </param>
#
@@ -727,7 +727,7 @@ interface(`domain_ptrace_all_domains',`
## </desc>
## <param name="domain">
## <summary>
-## Domain allowed access.
+## Domain to not audit.
## </summary>
## </param>
#
@@ -755,7 +755,7 @@ interface(`domain_dontaudit_ptrace_all_domains',`
## </desc>
## <param name="domain">
## <summary>
-## Domain allowed access.
+## Domain to not audit.
## </summary>
## </param>
#
@@ -774,7 +774,7 @@ interface(`domain_dontaudit_ptrace_confined_domains',`
## </summary>
## <param name="domain">
## <summary>
-## Domain allowed access.
+## Domain to not audit.
## </summary>
## </param>
#
@@ -799,7 +799,7 @@ interface(`domain_dontaudit_read_all_domains_state',`
## </summary>
## <param name="domain">
## <summary>
-## Domain allowed access.
+## Domain to not audit.
## </summary>
## </param>
#
@@ -836,7 +836,7 @@ interface(`domain_getsession_all_domains',`
## </summary>
## <param name="domain">
## <summary>
-## Domain allowed access.
+## Domain to not audit.
## </summary>
## </param>
#
@@ -949,7 +949,7 @@ interface(`domain_dontaudit_getattr_all_sockets',`
## </summary>
## <param name="domain">
## <summary>
-## Domain allowed access.
+## Domain to not audit.
## </summary>
## </param>
#
@@ -968,7 +968,7 @@ interface(`domain_dontaudit_getattr_all_tcp_sockets',`
## </summary>
## <param name="domain">
## <summary>
-## Domain allowed access.
+## Domain to not audit.
## </summary>
## </param>
#
@@ -987,7 +987,7 @@ interface(`domain_dontaudit_getattr_all_udp_sockets',`
## </summary>
## <param name="domain">
## <summary>
-## Domain allowed access.
+## Domain to not audit.
## </summary>
## </param>
#
@@ -1006,7 +1006,7 @@ interface(`domain_dontaudit_rw_all_udp_sockets',`
## </summary>
## <param name="domain">
## <summary>
-## Domain allowed access.
+## Domain to not audit.
## </summary>
## </param>
#
@@ -1025,7 +1025,7 @@ interface(`domain_dontaudit_getattr_all_key_sockets',`
## </summary>
## <param name="domain">
## <summary>
-## Domain allowed access.
+## Domain to not audit.
## </summary>
## </param>
#
@@ -1044,7 +1044,7 @@ interface(`domain_dontaudit_getattr_all_packet_sockets',`
## </summary>
## <param name="domain">
## <summary>
-## Domain allowed access.
+## Domain to not audit.
## </summary>
## </param>
#
@@ -1063,7 +1063,7 @@ interface(`domain_dontaudit_getattr_all_raw_sockets',`
## </summary>
## <param name="domain">
## <summary>
-## Domain allowed access.
+## Domain to not audit.
## </summary>
## </param>
#
@@ -1082,7 +1082,7 @@ interface(`domain_dontaudit_rw_all_key_sockets',`
## </summary>
## <param name="domain">
## <summary>
-## Domain allowed access.
+## Domain to not audit.
## </summary>
## </param>
#
@@ -1120,7 +1120,7 @@ interface(`domain_getattr_all_stream_sockets',`
## </summary>
## <param name="domain">
## <summary>
-## Domain allowed access.
+## Domain to not audit.
## </summary>
## </param>
#
@@ -1168,7 +1168,7 @@ interface(`domain_getattr_all_pipes',`
## </summary>
## <param name="domain">
## <summary>
-## Domain allowed access.
+## Domain to not audit.
## </summary>
## </param>
#
@@ -1187,7 +1187,7 @@ interface(`domain_dontaudit_getattr_all_pipes',`
## </summary>
## <param name="type">
## <summary>
-## Type of subject to be allowed this.
+## Domain allowed access.
## </summary>
## </param>
#
@@ -1341,7 +1341,7 @@ interface(`domain_mmap_all_entry_files',`
## </summary>
## <param name="domain">
## <summary>
-## Domain allowed access.
+## Domain allowed to transition.
## </summary>
## </param>
## <param name="target_domain">
@@ -1368,7 +1368,7 @@ interface(`domain_entry_file_spec_domtrans',`
## </summary>
## <param name="domain">
## <summary>
-## Domain allowed to mmap low memory.
+## Domain allowed access.
## </summary>
## </param>
#
diff --git a/policy/modules/kernel/files.if b/policy/modules/kernel/files.if
index 28cb589..8d3dfad 100644
--- a/policy/modules/kernel/files.if
+++ b/policy/modules/kernel/files.if
@@ -511,7 +511,7 @@ interface(`files_mounton_non_security',`
## </summary>
## <param name="domain">
## <summary>
-## Domain to allow
+## Domain allowed access.
## </summary>
## </param>
#
@@ -529,7 +529,7 @@ interface(`files_write_non_security_dirs',`
## </summary>
## <param name="domain">
## <summary>
-## Domain to allow
+## Domain allowed access.
## </summary>
## </param>
#
@@ -674,7 +674,7 @@ interface(`files_read_non_security_files',`
## </summary>
## <param name="domain">
## <summary>
-## The type of the domain perfoming this action.
+## Domain allowed access.
## </summary>
## </param>
## <param name="exception_types" optional="true">
@@ -699,7 +699,7 @@ interface(`files_read_all_dirs_except',`
## </summary>
## <param name="domain">
## <summary>
-## The type of the domain perfoming this action.
+## Domain allowed access.
## </summary>
## </param>
## <param name="exception_types" optional="true">
@@ -724,7 +724,7 @@ interface(`files_read_all_files_except',`
## </summary>
## <param name="domain">
## <summary>
-## The type of the domain perfoming this action.
+## Domain allowed access.
## </summary>
## </param>
## <param name="exception_types" optional="true">
@@ -1031,7 +1031,7 @@ interface(`files_read_all_chr_files',`
## </summary>
## <param name="domain">
## <summary>
-## The type of the domain perfoming this action.
+## Domain allowed access.
## </summary>
## </param>
## <param name="exception_types" optional="true">
@@ -1069,7 +1069,7 @@ interface(`files_relabel_all_files',`
## </summary>
## <param name="domain">
## <summary>
-## The type of the domain perfoming this action.
+## Domain allowed access.
## </summary>
## </param>
## <param name="exception_types" optional="true">
@@ -1095,7 +1095,7 @@ interface(`files_rw_all_files',`
## </summary>
## <param name="domain">
## <summary>
-## The type of the domain perfoming this action.
+## Domain allowed access.
## </summary>
## </param>
## <param name="exception_types" optional="true">
@@ -1168,7 +1168,7 @@ interface(`files_list_all',`
## </summary>
## <param name="domain">
## <summary>
-## Domain allowed access.
+## Domain to not audit.
## </summary>
## </param>
#
@@ -1281,7 +1281,7 @@ interface(`files_unmount_all_file_type_fs',`
## </summary>
## <param name="domain">
## <summary>
-## The type of domain performing this action
+## Domain allowed access.
## </summary>
## </param>
##
@@ -1300,7 +1300,7 @@ interface(`files_manage_config_dirs',`
## </summary>
## <param name="domain">
## <summary>
-## Type of domain performing this action
+## Domain allowed access.
## </summary>
## </param>
##
@@ -1339,7 +1339,7 @@ interface(`files_read_config_files',`
## </summary>
## <param name="domain">
## <summary>
-## The type of domain performing this action
+## Domain allowed access.
## </summary>
## </param>
##
@@ -1358,7 +1358,7 @@ interface(`files_manage_config_files',`
## </summary>
## <param name="domain">
## <summary>
-## Type of domain performing this action
+## Domain allowed access.
## </summary>
## </param>
##
@@ -1470,7 +1470,7 @@ interface(`files_list_root',`
## </summary>
## <param name="domain">
## <summary>
-## Domain allowed access.
+## Domain to not audit.
## </summary>
## </param>
#
@@ -1537,7 +1537,7 @@ interface(`files_dontaudit_read_root_files',`
## </summary>
## <param name="domain">
## <summary>
-## Domain allowed access.
+## Domain to not audit.
## </summary>
## </param>
#
@@ -1556,7 +1556,7 @@ interface(`files_dontaudit_rw_root_files',`
## </summary>
## <param name="domain">
## <summary>
-## Domain allowed access.
+## Domain to not audit.
## </summary>
## </param>
#
@@ -1683,7 +1683,7 @@ interface(`files_search_boot',`
## </summary>
## <param name="domain">
## <summary>
-## Domain allowed access.
+## Domain to not audit.
## </summary>
## </param>
#
@@ -2715,7 +2715,7 @@ interface(`files_getattr_isid_type_dirs',`
## </summary>
## <param name="domain">
## <summary>
-## Domain allowed access.
+## Domain to not audit.
## </summary>
## </param>
#
@@ -2943,7 +2943,7 @@ interface(`files_delete_isid_type_blk_files',`
## </summary>
## <param name="domain">
## <summary>
-## Domain allowed access.
+## Domain to not audit.
## </summary>
## </param>
#
@@ -3792,7 +3792,7 @@ interface(`files_search_tmp',`
## </summary>
## <param name="domain">
## <summary>
-## Domain allowed access.
+## Domain to not audit.
## </summary>
## </param>
#
@@ -4010,7 +4010,7 @@ interface(`files_dontaudit_getattr_all_tmp_files',`
## </summary>
## <param name="domain">
## <summary>
-## Domain not to audit.
+## Domain allowed access.
## </summary>
## </param>
#
@@ -4209,7 +4209,7 @@ interface(`files_rw_usr_dirs',`
## </summary>
## <param name="domain">
## <summary>
-## Domain allowed access.
+## Domain to not audit.
## </summary>
## </param>
#
@@ -4339,7 +4339,7 @@ interface(`files_exec_usr_files',`
## </summary>
## <param name="domain">
## <summary>
-## Domain allowed access.
+## Domain to not audit.
## </summary>
## </param>
#
@@ -4630,7 +4630,7 @@ interface(`files_dontaudit_write_var_dirs',`
## </summary>
## <param name="domain">
## <summary>
-## Domain to not audit.
+## Domain allowed access.
## </summary>
## </param>
#
@@ -4741,7 +4741,7 @@ interface(`files_rw_var_files',`
## </summary>
## <param name="domain">
## <summary>
-## Domain allowed access.
+## Domain to not audit.
## </summary>
## </param>
#
@@ -5455,7 +5455,7 @@ interface(`files_rw_generic_pids',`
## </summary>
## <param name="domain">
## <summary>
-## Domain allowed access.
+## Domain to not audit.
## </summary>
## </param>
#
@@ -5473,7 +5473,7 @@ interface(`files_dontaudit_getattr_all_pids',`
## </summary>
## <param name="domain">
## <summary>
-## Domain allowed access.
+## Domain to not audit.
## </summary>
## </param>
#
@@ -5491,7 +5491,7 @@ interface(`files_dontaudit_write_all_pids',`
## </summary>
## <param name="domain">
## <summary>
-## Domain allowed access.
+## Domain to not audit.
## </summary>
## </param>
#
diff --git a/policy/modules/kernel/filesystem.if b/policy/modules/kernel/filesystem.if
index 9b79f4a..e3e17ba 100644
--- a/policy/modules/kernel/filesystem.if
+++ b/policy/modules/kernel/filesystem.if
@@ -330,7 +330,7 @@ interface(`fs_rw_anon_inodefs_files',`
## </summary>
## <param name="domain">
## <summary>
-## Domain allowed access.
+## Domain to not audit.
## </summary>
## </param>
#
@@ -1084,7 +1084,7 @@ interface(`fs_read_noxattr_fs_files',`
## </summary>
## <param name="domain">
## <summary>
-## Domain allowed access.
+## Domain to not audit.
## </summary>
## </param>
#
@@ -1204,7 +1204,7 @@ interface(`fs_append_cifs_files',`
## </summary>
## <param name="domain">
## <summary>
-## Domain allowed access.
+## Domain to not audit.
## </summary>
## </param>
## <rolecap/>
@@ -1343,7 +1343,7 @@ interface(`fs_manage_cifs_dirs',`
## </summary>
## <param name="domain">
## <summary>
-## Domain allowed access.
+## Domain to not audit.
## </summary>
## </param>
#
@@ -1478,7 +1478,7 @@ interface(`fs_manage_cifs_named_sockets',`
## </desc>
## <param name="domain">
## <summary>
-## Domain allowed access.
+## Domain allowed to transition.
## </summary>
## </param>
## <param name="target_domain">
@@ -1999,7 +1999,7 @@ interface(`fs_list_inotifyfs',`
## </summary>
## <param name="domain">
## <summary>
-## Domain allowed access.
+## Domain to not audit.
## </summary>
## </param>
#
@@ -2412,7 +2412,7 @@ interface(`fs_append_nfs_files',`
## </summary>
## <param name="domain">
## <summary>
-## Domain allowed access.
+## Domain to not audit.
## </summary>
## </param>
## <rolecap/>
@@ -2469,7 +2469,7 @@ interface(`fs_read_nfs_symlinks',`
## </summary>
## <param name="domain">
## <summary>
-## Domain allowed access.
+## Domain to not audit.
## </summary>
## </param>
#
@@ -2918,7 +2918,7 @@ interface(`fs_manage_nfs_named_sockets',`
## </desc>
## <param name="domain">
## <summary>
-## Domain allowed access.
+## Domain allowed to transition.
## </summary>
## </param>
## <param name="target_domain">
@@ -3197,7 +3197,7 @@ interface(`fs_search_ramfs',`
## </summary>
## <param name="domain">
## <summary>
-## Domain allowed access.
+## Domain to not audit.
## </summary>
## </param>
#
@@ -3234,7 +3234,7 @@ interface(`fs_manage_ramfs_dirs',`
## </summary>
## <param name="domain">
## <summary>
-## Domain allowed access.
+## Domain to not audit.
## </summary>
## </param>
#
@@ -3252,7 +3252,7 @@ interface(`fs_dontaudit_read_ramfs_files',`
## </summary>
## <param name="domain">
## <summary>
-## Domain allowed access.
+## Domain to not audit.
## </summary>
## </param>
#
@@ -3308,7 +3308,7 @@ interface(`fs_write_ramfs_pipes',`
## </summary>
## <param name="domain">
## <summary>
-## Domain allowed access.
+## Domain to not audit.
## </summary>
## </param>
#
@@ -3677,7 +3677,7 @@ interface(`fs_getattr_tmpfs_dirs',`
## </summary>
## <param name="domain">
## <summary>
-## Domain allowed access.
+## Domain to not audit.
## </summary>
## </param>
#
@@ -3947,7 +3947,7 @@ interface(`fs_rw_tmpfs_chr_files',`
## </summary>
## <param name="domain">
## <summary>
-## Domain allowed access.
+## Domain to not audit.
## </summary>
## </param>
#
@@ -4341,7 +4341,7 @@ interface(`fs_dontaudit_getattr_all_fs',`
## </summary>
## <param name="domain">
## <summary>
-## The type of the domain getting quotas.
+## Domain allowed access.
## </summary>
## </param>
## <rolecap/>
@@ -4360,7 +4360,7 @@ interface(`fs_get_all_fs_quotas',`
## </summary>
## <param name="domain">
## <summary>
-## The type of the domain setting quotas.
+## Domain allowed access.
## </summary>
## </param>
## <rolecap/>
diff --git a/policy/modules/kernel/kernel.if b/policy/modules/kernel/kernel.if
index 547fcf4..5bb8b30 100644
--- a/policy/modules/kernel/kernel.if
+++ b/policy/modules/kernel/kernel.if
@@ -130,7 +130,7 @@ interface(`kernel_setsched',`
## </summary>
## <param name="domain">
## <summary>
-## The type of the process sending the signal.
+## Domain allowed access.
## </summary>
## </param>
#
@@ -148,7 +148,7 @@ interface(`kernel_sigchld',`
## </summary>
## <param name="domain">
## <summary>
-## The type of the process sending the signal.
+## Domain allowed access.
## </summary>
## </param>
#
@@ -166,7 +166,7 @@ interface(`kernel_kill',`
## </summary>
## <param name="domain">
## <summary>
-## The type of the process sending the signal.
+## Domain allowed access.
## </summary>
## </param>
#
@@ -203,7 +203,7 @@ interface(`kernel_share_state',`
## </summary>
## <param name="domain">
## <summary>
-## The type of the process using the descriptors.
+## Domain allowed access.
## </summary>
## </param>
#
@@ -336,7 +336,7 @@ interface(`kernel_udp_recvfrom',`
## </summary>
## <param name="domain">
## <summary>
-## The process type to allow to load kernel modules.
+## Domain allowed access.
## </summary>
## </param>
#
@@ -378,7 +378,7 @@ interface(`kernel_search_key',`
## </summary>
## <param name="domain">
## <summary>
-## Domain allowed access.
+## Domain to not audit.
## </summary>
## </param>
#
@@ -414,7 +414,7 @@ interface(`kernel_link_key',`
## </summary>
## <param name="domain">
## <summary>
-## Domain allowed access.
+## Domain to not audit.
## </summary>
## </param>
#
@@ -432,7 +432,7 @@ interface(`kernel_dontaudit_link_key',`
## </summary>
## <param name="domain">
## <summary>
-## The process type allowed to read the ring buffer.
+## Domain allowed access.
## </summary>
## </param>
## <rolecap/>
@@ -451,7 +451,7 @@ interface(`kernel_read_ring_buffer',`
## </summary>
## <param name="domain">
## <summary>
-## The domain to not audit.
+## Domain to not audit.
## </summary>
## </param>
#
@@ -488,7 +488,7 @@ interface(`kernel_change_ring_buffer_level',`
## </summary>
## <param name="domain">
## <summary>
-## The process type clearing the buffer.
+## Domain allowed access.
## </summary>
## </param>
## <rolecap/>
@@ -592,7 +592,7 @@ interface(`kernel_getattr_debugfs',`
## </summary>
## <param name="domain">
## <summary>
-## The type of the domain mounting the filesystem.
+## Domain allowed access.
## </summary>
## </param>
#
@@ -610,7 +610,7 @@ interface(`kernel_mount_debugfs',`
## </summary>
## <param name="domain">
## <summary>
-## The type of the domain unmounting the filesystem.
+## Domain allowed access.
## </summary>
## </param>
#
@@ -628,7 +628,7 @@ interface(`kernel_unmount_debugfs',`
## </summary>
## <param name="domain">
## <summary>
-## The type of the domain remounting the filesystem.
+## Domain allowed access.
## </summary>
## </param>
#
@@ -664,7 +664,7 @@ interface(`kernel_search_debugfs',`
## </summary>
## <param name="domain">
## <summary>
-## Domain allowed access.
+## Domain to not audit.
## </summary>
## </param>
#
@@ -702,7 +702,7 @@ interface(`kernel_read_debugfs',`
## </summary>
## <param name="domain">
## <summary>
-## The type of the domain mounting the filesystem.
+## Domain allowed access.
## </summary>
## </param>
#
@@ -720,7 +720,7 @@ interface(`kernel_mount_kvmfs',`
## </summary>
## <param name="domain">
## <summary>
-## The type of the domain unmounting the filesystem.
+## Domain allowed access.
## </summary>
## </param>
#
@@ -922,7 +922,7 @@ interface(`kernel_write_proc_files',`
## </summary>
## <param name="domain">
## <summary>
-## The process type not to audit.
+## Domain to not audit.
## </summary>
## </param>
#
@@ -941,7 +941,7 @@ interface(`kernel_dontaudit_read_system_state',`
## </summary>
## <param name="domain">
## <summary>
-## The process type not to audit.
+## Domain to not audit.
## </summary>
## </param>
#
@@ -979,7 +979,7 @@ interface(`kernel_rw_afs_state',`
## </summary>
## <param name="domain">
## <summary>
-## The process type reading software raid state.
+## Domain allowed access.
## </summary>
## </param>
## <rolecap/>
@@ -1000,7 +1000,7 @@ interface(`kernel_read_software_raid_state',`
## </summary>
## <param name="domain">
## <summary>
-## The process type reading software raid state.
+## Domain allowed access.
## </summary>
## </param>
#
@@ -1020,7 +1020,7 @@ interface(`kernel_rw_software_raid_state',`
## </summary>
## <param name="domain">
## <summary>
-## The process type getting the attibutes.
+## Domain allowed access.
## </summary>
## </param>
#
@@ -1041,7 +1041,7 @@ interface(`kernel_getattr_core_if',`
## </summary>
## <param name="domain">
## <summary>
-## The process type to not audit.
+## Domain to not audit.
## </summary>
## </param>
#
@@ -1083,7 +1083,7 @@ interface(`kernel_read_core_if',`
## </summary>
## <param name="domain">
## <summary>
-## The process type reading the messages.
+## Domain allowed access.
## </summary>
## </param>
#
@@ -1105,7 +1105,7 @@ interface(`kernel_read_messages',`
## </summary>
## <param name="domain">
## <summary>
-## The process type getting the attributes.
+## Domain allowed access.
## </summary>
## </param>
#
@@ -1124,7 +1124,7 @@ interface(`kernel_getattr_message_if',`
## </summary>
## <param name="domain">
## <summary>
-## The process type not to audit.
+## Domain to not audit.
## </summary>
## </param>
#
@@ -1143,7 +1143,7 @@ interface(`kernel_dontaudit_getattr_message_if',`
## </summary>
## <param name="domain">
## <summary>
-## The process type reading the state.
+## Domain to not audit.
## </summary>
## </param>
##
@@ -1162,7 +1162,7 @@ interface(`kernel_dontaudit_search_network_state',`
## </summary>
## <param name="domain">
## <summary>
-## The process type reading the state.
+## Domain allowed access.
## </summary>
## </param>
##
@@ -1214,7 +1214,7 @@ interface(`kernel_read_network_state',`
## </summary>
## <param name="domain">
## <summary>
-## The process type reading the state.
+## Domain allowed access.
## </summary>
## </param>
#
@@ -1234,7 +1234,7 @@ interface(`kernel_read_network_state_symlinks',`
## </summary>
## <param name="domain">
## <summary>
-## The process type reading the state.
+## Domain allowed access.
## </summary>
## </param>
##
@@ -1254,7 +1254,7 @@ interface(`kernel_search_xen_state',`
## </summary>
## <param name="domain">
## <summary>
-## The process type reading the state.
+## Domain to not audit.
## </summary>
## </param>
##
@@ -1273,7 +1273,7 @@ interface(`kernel_dontaudit_search_xen_state',`
## </summary>
## <param name="domain">
## <summary>
-## The process type reading the state.
+## Domain allowed access.
## </summary>
## </param>
##
@@ -1295,7 +1295,7 @@ interface(`kernel_read_xen_state',`
## </summary>
## <param name="domain">
## <summary>
-## The process type reading the state.
+## Domain allowed access.
## </summary>
## </param>
##
@@ -1316,7 +1316,7 @@ interface(`kernel_read_xen_state_symlinks',`
## </summary>
## <param name="domain">
## <summary>
-## The process type writing the state.
+## Domain allowed access.
## </summary>
## </param>
##
@@ -1335,7 +1335,7 @@ interface(`kernel_write_xen_state',`
## </summary>
## <param name="domain">
## <summary>
-## Domain to not audit.
+## Domain allowed access.
## </summary>
## </param>
#
@@ -1374,7 +1374,7 @@ interface(`kernel_dontaudit_list_all_proc',`
## </summary>
## <param name="domain">
## <summary>
-## The process type not to audit.
+## Domain to not audit.
## </summary>
## </param>
##
@@ -1393,7 +1393,7 @@ interface(`kernel_dontaudit_search_sysctl',`
## </summary>
## <param name="domain">
## <summary>
-## The process type to allow to read sysctl directories.
+## Domain allowed access.
## </summary>
## </param>
##
@@ -1413,7 +1413,7 @@ interface(`kernel_read_sysctl',`
## </summary>
## <param name="domain">
## <summary>
-## The process type to allow to read the device sysctls.
+## Domain allowed access.
## </summary>
## </param>
## <rolecap/>
@@ -1535,7 +1535,7 @@ interface(`kernel_search_network_sysctl',`
## </summary>
## <param name="domain">
## <summary>
-## The process type not to audit.
+## Domain to not audit.
## </summary>
## </param>
#
@@ -2052,7 +2052,7 @@ interface(`kernel_kill_unlabeled',`
## </summary>
## <param name="domain">
## <summary>
-## The type of the domain mounting the filesystem.
+## Domain allowed access.
## </summary>
## </param>
#
@@ -2253,7 +2253,7 @@ interface(`kernel_rw_unlabeled_files',`
## </summary>
## <param name="domain">
## <summary>
-## The process type not to audit.
+## Domain to not audit.
## </summary>
## </param>
#
@@ -2291,7 +2291,7 @@ interface(`kernel_dontaudit_read_unlabeled_files',`
## </summary>
## <param name="domain">
## <summary>
-## The process type not to audit.
+## Domain to not audit.
## </summary>
## </param>
#
@@ -2310,7 +2310,7 @@ interface(`kernel_dontaudit_getattr_unlabeled_symlinks',`
## </summary>
## <param name="domain">
## <summary>
-## The process type not to audit.
+## Domain to not audit.
## </summary>
## </param>
#
@@ -2329,7 +2329,7 @@ interface(`kernel_dontaudit_getattr_unlabeled_pipes',`
## </summary>
## <param name="domain">
## <summary>
-## The process type not to audit.
+## Domain to not audit.
## </summary>
## </param>
#
@@ -2348,7 +2348,7 @@ interface(`kernel_dontaudit_getattr_unlabeled_sockets',`
## </summary>
## <param name="domain">
## <summary>
-## The process type not to audit.
+## Domain to not audit.
## </summary>
## </param>
#
@@ -2385,7 +2385,7 @@ interface(`kernel_rw_unlabeled_blk_files',`
## </summary>
## <param name="domain">
## <summary>
-## The process type not to audit.
+## Domain to not audit.
## </summary>
## </param>
#
diff --git a/policy/modules/kernel/selinux.if b/policy/modules/kernel/selinux.if
index 677f82a..f8b357c 100644
--- a/policy/modules/kernel/selinux.if
+++ b/policy/modules/kernel/selinux.if
@@ -213,7 +213,7 @@ interface(`selinux_dontaudit_read_fs',`
## </summary>
## <param name="domain">
## <summary>
-## The process type to allow to get the enforcing mode.
+## Domain allowed access.
## </summary>
## </param>
## <rolecap/>
@@ -244,7 +244,7 @@ interface(`selinux_get_enforce_mode',`
## </desc>
## <param name="domain">
## <summary>
-## The process type to allow to set the enforcement mode.
+## Domain allowed access.
## </summary>
## </param>
## <rolecap/>
@@ -276,7 +276,7 @@ interface(`selinux_set_enforce_mode',`
## </summary>
## <param name="domain">
## <summary>
-## The process type that will load the policy.
+## Domain allowed access.
## </summary>
## </param>
#
@@ -323,7 +323,7 @@ interface(`selinux_load_policy',`
## </desc>
## <param name="domain">
## <summary>
-## The process type allowed to set the Boolean.
+## Domain allowed access.
## </summary>
## </param>
## <rolecap/>
@@ -350,7 +350,7 @@ interface(`selinux_set_boolean',`
## </desc>
## <param name="domain">
## <summary>
-## The process type allowed to set the Boolean.
+## Domain allowed access.
## </summary>
## </param>
## <rolecap/>
@@ -391,7 +391,7 @@ interface(`selinux_set_generic_booleans',`
## </desc>
## <param name="domain">
## <summary>
-## The process type allowed to set the Boolean.
+## Domain allowed access.
## </summary>
## </param>
## <rolecap/>
@@ -433,7 +433,7 @@ interface(`selinux_set_all_booleans',`
## </desc>
## <param name="domain">
## <summary>
-## The process type to allow to set security parameters.
+## Domain allowed access.
## </summary>
## </param>
## <rolecap/>
@@ -457,7 +457,7 @@ interface(`selinux_set_parameters',`
## </summary>
## <param name="domain">
## <summary>
-## The process type permitted to validate contexts.
+## Domain allowed access.
## </summary>
## </param>
## <rolecap/>
@@ -499,7 +499,7 @@ interface(`selinux_dontaudit_validate_context',`
## </summary>
## <param name="domain">
## <summary>
-## The process type allowed to compute an access vector.
+## Domain allowed access.
## </summary>
## </param>
## <rolecap/>
@@ -591,7 +591,7 @@ interface(`selinux_compute_relabel_context',`
## </summary>
## <param name="domain">
## <summary>
-## The process type allowed to compute user contexts.
+## Domain allowed access.
## </summary>
## </param>
#
diff --git a/policy/modules/kernel/storage.if b/policy/modules/kernel/storage.if
index 7b8a19c..fac255a 100644
--- a/policy/modules/kernel/storage.if
+++ b/policy/modules/kernel/storage.if
@@ -351,7 +351,7 @@ interface(`storage_getattr_fuse_dev',`
## </summary>
## <param name="domain">
## <summary>
-## Domain to not audit.
+## Domain allowed access.
## </summary>
## </param>
#
@@ -538,7 +538,7 @@ interface(`storage_getattr_removable_dev',`
## </summary>
## <param name="domain">
## <summary>
-## Domain to not audit
+## Domain to not audit.
## </summary>
## </param>
#
@@ -557,7 +557,7 @@ interface(`storage_dontaudit_getattr_removable_dev',`
## </summary>
## <param name="domain">
## <summary>
-## Domain to not audit
+## Domain to not audit.
## </summary>
## </param>
#
@@ -577,7 +577,7 @@ interface(`storage_dontaudit_read_removable_device',`
## </summary>
## <param name="domain">
## <summary>
-## Domain to not audit
+## Domain to not audit.
## </summary>
## </param>
#
@@ -616,7 +616,7 @@ interface(`storage_setattr_removable_dev',`
## </summary>
## <param name="domain">
## <summary>
-## Domain to not audit
+## Domain to not audit.
## </summary>
## </param>
#
diff --git a/policy/modules/kernel/terminal.if b/policy/modules/kernel/terminal.if
index f623b72..85655a4 100644
--- a/policy/modules/kernel/terminal.if
+++ b/policy/modules/kernel/terminal.if
@@ -245,7 +245,7 @@ interface(`term_read_console',`
## </summary>
## <param name="domain">
## <summary>
-## Domain allowed access.
+## Domain to not audit.
## </summary>
## </param>
## <rolecap/>
@@ -285,7 +285,7 @@ interface(`term_use_console',`
## </summary>
## <param name="domain">
## <summary>
-## Domain allowed access.
+## Domain to not audit.
## </summary>
## </param>
#
@@ -382,7 +382,7 @@ interface(`term_getattr_pty_fs',`
## </summary>
## <param name="domain">
## <summary>
-## Domain to not audit
+## Domain to not audit.
## </summary>
## </param>
#
@@ -420,7 +420,7 @@ interface(`term_search_ptys',`
## </summary>
## <param name="domain">
## <summary>
-## Domain allowed access.
+## Domain to not audit.
## </summary>
## </param>
#
@@ -479,7 +479,7 @@ interface(`term_dontaudit_list_ptys',`
## </summary>
## <param name="domain">
## <summary>
-## Domain to not audit
+## Domain to not audit.
## </summary>
## </param>
#
@@ -498,7 +498,7 @@ interface(`term_dontaudit_manage_pty_dirs',`
## </summary>
## <param name="domain">
## <summary>
-## Domain to not audit
+## Domain to not audit.
## </summary>
## </param>
#
@@ -557,7 +557,7 @@ interface(`term_setattr_generic_ptys',`
## </summary>
## <param name="domain">
## <summary>
-## Domain allowed access.
+## Domain to not audit.
## </summary>
## </param>
#
@@ -600,7 +600,7 @@ interface(`term_use_generic_ptys',`
## </summary>
## <param name="domain">
## <summary>
-## Domain to not audit
+## Domain to not audit.
## </summary>
## </param>
#
@@ -676,7 +676,7 @@ interface(`term_dontaudit_getattr_ptmx',`
## </summary>
## <param name="domain">
## <summary>
-## The type of the process to allow access.
+## Domain allowed access.
## </summary>
## </param>
#
@@ -696,7 +696,7 @@ interface(`term_use_ptmx',`
## </summary>
## <param name="domain">
## <summary>
-## Domain to not audit
+## Domain to not audit.
## </summary>
## </param>
#
@@ -739,7 +739,7 @@ interface(`term_getattr_all_ptys',`
## </summary>
## <param name="domain">
## <summary>
-## Domain allowed access.
+## Domain to not audit.
## </summary>
## </param>
#
@@ -975,7 +975,7 @@ interface(`term_use_all_user_ptys',`
## </summary>
## <param name="domain">
## <summary>
-## Domain to not audit
+## Domain to not audit.
## </summary>
## </param>
#
@@ -1028,7 +1028,7 @@ interface(`term_getattr_unallocated_ttys',`
## </summary>
## <param name="domain">
## <summary>
-## Domain allowed access.
+## Domain to not audit.
## </summary>
## </param>
#
@@ -1068,7 +1068,7 @@ interface(`term_setattr_unallocated_ttys',`
## </summary>
## <param name="domain">
## <summary>
-## Domain allowed access.
+## Domain to not audit.
## </summary>
## </param>
#
@@ -1087,7 +1087,7 @@ interface(`term_dontaudit_setattr_unallocated_ttys',`
## </summary>
## <param name="domain">
## <summary>
-## Domain allowed access.
+## Domain to not audit.
## </summary>
## </param>
#
@@ -1206,7 +1206,7 @@ interface(`term_use_unallocated_ttys',`
## </summary>
## <param name="domain">
## <summary>
-## Domain to not audit
+## Domain to not audit.
## </summary>
## </param>
#
@@ -1245,7 +1245,7 @@ interface(`term_getattr_all_ttys',`
## </summary>
## <param name="domain">
## <summary>
-## Domain allowed access.
+## Domain to not audit.
## </summary>
## </param>
#
@@ -1343,7 +1343,7 @@ interface(`term_use_all_ttys',`
## </summary>
## <param name="domain">
## <summary>
-## Domain allowed access.
+## Domain to not audit.
## </summary>
## </param>
#
@@ -1380,7 +1380,7 @@ interface(`term_getattr_all_user_ttys',`
## </summary>
## <param name="domain">
## <summary>
-## Domain allowed access.
+## Domain to not audit.
## </summary>
## </param>
#
--
1.7.2
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
Url : http://oss.tresys.com/pipermail/refpolicy/attachments/20100803/1e1812df/attachment-0001.bin
^ permalink raw reply related [flat|nested] only message in thread
only message in thread, other threads:[~2010-08-03 15:55 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2010-08-03 15:55 [refpolicy] [ kernel layer patch 1/1] kernel: domain { allowed to transition, allowed access, to not audit } Dominick Grift
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.