[refpolicy] [ admin layer patch 2/2] Kernel layer xml fixes.

From: cpebenito@tresys.com (Christopher J. PeBenito)
To: refpolicy@oss.tresys.com
Subject: [refpolicy] [ admin layer patch 2/2] Kernel layer xml fixes.
Date: Thu, 05 Aug 2010 10:04:05 -0400	[thread overview]
Message-ID: <4C5AC4D5.9020207@tresys.com> (raw)
In-Reply-To: <20100805125707.GA27289@localhost.localdomain>

On 08/05/10 08:57, Dominick Grift wrote:
> Signed-off-by: Dominick Grift<domg472@gmail.com>

Merged.

> ---
> :100644 100644 314731b... ef1d72a... M	policy/modules/kernel/corecommands.if
> :100644 100644 f13a505... cac0c64... M	policy/modules/kernel/devices.if
> :100644 100644 deb03ea... 41f36ed... M	policy/modules/kernel/domain.if
> :100644 100644 28cb589... 8d3dfad... M	policy/modules/kernel/files.if
> :100644 100644 9b79f4a... e3e17ba... M	policy/modules/kernel/filesystem.if
> :100644 100644 b46db36... ed7667a... M	policy/modules/kernel/kernel.if
> :100644 100644 677f82a... f8b357c... M	policy/modules/kernel/selinux.if
> :100644 100644 d7ca7b2... 3723150... M	policy/modules/kernel/storage.if
> :100644 100644 4d9d592... 492bf76... M	policy/modules/kernel/terminal.if
>   policy/modules/kernel/corecommands.if |   18 +++---
>   policy/modules/kernel/devices.if      |   64 ++++++++++++------------
>   policy/modules/kernel/domain.if       |   38 +++++++-------
>   policy/modules/kernel/files.if        |   56 ++++++++++----------
>   policy/modules/kernel/filesystem.if   |   34 ++++++------
>   policy/modules/kernel/kernel.if       |   90 ++++++++++++++++----------------
>   policy/modules/kernel/selinux.if      |   20 ++++----
>   policy/modules/kernel/storage.if      |    2 +-
>   policy/modules/kernel/terminal.if     |   24 ++++----
>   9 files changed, 173 insertions(+), 173 deletions(-)
>
> diff --git a/policy/modules/kernel/corecommands.if b/policy/modules/kernel/corecommands.if
> index 314731b..ef1d72a 100644
> --- a/policy/modules/kernel/corecommands.if
> +++ b/policy/modules/kernel/corecommands.if
> @@ -131,7 +131,7 @@ interface(`corecmd_search_bin',`
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	Domain allowed access.
> +##	Domain to not audit.
>   ##	</summary>
>   ##</param>
>   #
> @@ -167,7 +167,7 @@ interface(`corecmd_list_bin',`
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	Domain allowed access.
> +##	Domain to not audit.
>   ##	</summary>
>   ##</param>
>   #
> @@ -410,7 +410,7 @@ interface(`corecmd_mmap_bin_files',`
>   ##</desc>
>   ##<param name="domain">
>   ##	<summary>
> -##	Domain allowed access.
> +##	Domain allowed to transition.
>   ##	</summary>
>   ##</param>
>   ##<param name="target_domain">
> @@ -453,7 +453,7 @@ interface(`corecmd_bin_spec_domtrans',`
>   ##</desc>
>   ##<param name="domain">
>   ##	<summary>
> -##	Domain allowed access.
> +##	Domain allowed to transition.
>   ##	</summary>
>   ##</param>
>   ##<param name="target_domain">
> @@ -713,7 +713,7 @@ interface(`corecmd_mmap_sbin_files',`
>   ##</desc>
>   ##<param name="domain">
>   ##	<summary>
> -##	Domain allowed access.
> +##	Domain allowed to transition.
>   ##	</summary>
>   ##</param>
>   ##<param name="target_domain">
> @@ -754,7 +754,7 @@ interface(`corecmd_sbin_domtrans',`
>   ##</desc>
>   ##<param name="domain">
>   ##	<summary>
> -##	Domain allowed access.
> +##	Domain allowed to transition.
>   ##	</summary>
>   ##</param>
>   ##<param name="target_domain">
> @@ -861,7 +861,7 @@ interface(`corecmd_exec_ls',`
>   ##</desc>
>   ##<param name="domain">
>   ##	<summary>
> -##	Domain allowed access.
> +##	Domain allowed to transition.
>   ##	</summary>
>   ##</param>
>   ##<param name="target_domain">
> @@ -896,7 +896,7 @@ interface(`corecmd_shell_spec_domtrans',`
>   ##</desc>
>   ##<param name="domain">
>   ##	<summary>
> -##	Domain allowed access.
> +##	Domain allowed to transition.
>   ##	</summary>
>   ##</param>
>   ##<param name="target_domain">
> @@ -1001,7 +1001,7 @@ interface(`corecmd_exec_all_executables',`
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	Domain allowed access.
> +##	Domain allowed to not audit.
>   ##	</summary>
>   ##</param>
>   #
> diff --git a/policy/modules/kernel/devices.if b/policy/modules/kernel/devices.if
> index f13a505..cac0c64 100644
> --- a/policy/modules/kernel/devices.if
> +++ b/policy/modules/kernel/devices.if
> @@ -77,7 +77,7 @@ interface(`dev_node',`
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	Domain allowed to relabel.
> +##	Domain allowed access.
>   ##	</summary>
>   ##</param>
>   ##<rolecap/>
> @@ -103,7 +103,7 @@ interface(`dev_relabel_all_dev_nodes',`
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	Domain allowed to list device nodes.
> +##	Domain allowed access.
>   ##	</summary>
>   ##</param>
>   #
> @@ -140,7 +140,7 @@ interface(`dev_setattr_generic_dirs',`
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	Domain to dontaudit listing of device nodes.
> +##	Domain to not audit.
>   ##	</summary>
>   ##</param>
>   #
> @@ -158,7 +158,7 @@ interface(`dev_dontaudit_list_all_dev_nodes',`
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	Domain allowed to add entries.
> +##	Domain allowed access.
>   ##	</summary>
>   ##</param>
>   #
> @@ -176,7 +176,7 @@ interface(`dev_add_entry_generic_dirs',`
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	Domain allowed to add entries.
> +##	Domain allowed access.
>   ##	</summary>
>   ##</param>
>   #
> @@ -194,7 +194,7 @@ interface(`dev_remove_entry_generic_dirs',`
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	Domain allowed to create the directory.
> +##	Domain allowed access.
>   ##	</summary>
>   ##</param>
>   #
> @@ -213,7 +213,7 @@ interface(`dev_create_generic_dirs',`
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	Domain allowed to create the directory.
> +##	Domain allowed access.
>   ##	</summary>
>   ##</param>
>   #
> @@ -231,7 +231,7 @@ interface(`dev_delete_generic_dirs',`
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	Domain allowed to relabel.
> +##	Domain allowed access.
>   ##	</summary>
>   ##</param>
>   #
> @@ -249,7 +249,7 @@ interface(`dev_manage_generic_dirs',`
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	Domain allowed to relabel.
> +##	Domain allowed access.
>   ##	</summary>
>   ##</param>
>   #
> @@ -321,7 +321,7 @@ interface(`dev_delete_generic_files',`
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	Domain allowed to create the files.
> +##	Domain allowed access.
>   ##	</summary>
>   ##</param>
>   #
> @@ -339,7 +339,7 @@ interface(`dev_manage_generic_files',`
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	Domain to dontaudit.
> +##	Domain to not audit.
>   ##	</summary>
>   ##</param>
>   #
> @@ -375,7 +375,7 @@ interface(`dev_getattr_generic_blk_files',`
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	Domain to dontaudit access.
> +##	Domain to not audit.
>   ##	</summary>
>   ##</param>
>   #
> @@ -393,7 +393,7 @@ interface(`dev_dontaudit_getattr_generic_blk_files',`
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	Domain to dontaudit access.
> +##	Domain to not audit.
>   ##	</summary>
>   ##</param>
>   #
> @@ -465,7 +465,7 @@ interface(`dev_getattr_generic_chr_files',`
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	Domain to dontaudit access.
> +##	Domain to not audit.
>   ##	</summary>
>   ##</param>
>   #
> @@ -483,7 +483,7 @@ interface(`dev_dontaudit_getattr_generic_chr_files',`
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	Domain to dontaudit access.
> +##	Domain to not audit.
>   ##	</summary>
>   ##</param>
>   #
> @@ -682,7 +682,7 @@ interface(`dev_manage_all_dev_nodes',`
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	Domain to dontaudit access.
> +##	Domain to not audit.
>   ##	</summary>
>   ##</param>
>   #
> @@ -816,7 +816,7 @@ interface(`dev_getattr_all_blk_files',`
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	Domain to dontaudit access.
> +##	Domain to not audit.
>   ##	</summary>
>   ##</param>
>   #
> @@ -854,7 +854,7 @@ interface(`dev_getattr_all_chr_files',`
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	Domain to dontaudit access.
> +##	Domain to not audit.
>   ##	</summary>
>   ##</param>
>   #
> @@ -1636,7 +1636,7 @@ interface(`dev_rw_dri',`
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	Domain to dontaudit access.
> +##	Domain to not audit.
>   ##	</summary>
>   ##</param>
>   #
> @@ -1838,7 +1838,7 @@ interface(`dev_read_framebuffer',`
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	Domain allowed access.
> +##	Domain to not audit.
>   ##	</summary>
>   ##</param>
>   #
> @@ -2181,7 +2181,7 @@ interface(`dev_rw_lvm_control',`
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	Domain allowed access.
> +##	Domain to not audit.
>   ##	</summary>
>   ##</param>
>   #
> @@ -2217,7 +2217,7 @@ interface(`dev_delete_lvm_control_dev',`
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	Domain allowed access.
> +##	Domain to not audit.
>   ##	</summary>
>   ##</param>
>   #
> @@ -2355,7 +2355,7 @@ interface(`dev_getattr_misc_dev',`
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	Domain allowed access.
> +##	Domain to not audit.
>   ##	</summary>
>   ##</param>
>   #
> @@ -2392,7 +2392,7 @@ interface(`dev_setattr_misc_dev',`
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	Domain allowed access.
> +##	Domain to not audit.
>   ##	</summary>
>   ##</param>
>   #
> @@ -2870,7 +2870,7 @@ interface(`dev_create_null_dev',`
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	Domain allowed access.
> +##	Domain to not audit.
>   ##	</summary>
>   ##</param>
>   #
> @@ -3106,7 +3106,7 @@ interface(`dev_read_rand',`
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	Domain allowed access.
> +##	Domain to not audit.
>   ##	</summary>
>   ##</param>
>   #
> @@ -3125,7 +3125,7 @@ interface(`dev_dontaudit_read_rand',`
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	Domain allowed access.
> +##	Domain to not audit.
>   ##	</summary>
>   ##</param>
>   #
> @@ -3489,7 +3489,7 @@ interface(`dev_getattr_smartcard_dev',`
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	Domain allowed access.
> +##	Domain to not audit.
>   ##	</summary>
>   ##</param>
>   #
> @@ -3580,7 +3580,7 @@ interface(`dev_search_sysfs',`
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	Domain allowed access.
> +##	Domain to not audit.
>   ##	</summary>
>   ##</param>
>   #
> @@ -3665,7 +3665,7 @@ interface(`dev_read_sysfs',`
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	The process type modifying hardware state information.
> +##	Domain allowed access.
>   ##	</summary>
>   ##</param>
>   #
> @@ -3946,7 +3946,7 @@ interface(`dev_search_usbfs',`
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	The process type getting the list.
> +##	Domain allowed access.
>   ##	</summary>
>   ##</param>
>   #
> @@ -4007,7 +4007,7 @@ interface(`dev_read_usbfs',`
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	The process type modifying the options.
> +##	Domain allowed access.
>   ##	</summary>
>   ##</param>
>   #
> diff --git a/policy/modules/kernel/domain.if b/policy/modules/kernel/domain.if
> index deb03ea..41f36ed 100644
> --- a/policy/modules/kernel/domain.if
> +++ b/policy/modules/kernel/domain.if
> @@ -402,7 +402,7 @@ interface(`domain_use_interactive_fds',`
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	Domain allowed access.
> +##	Domain to not audit.
>   ##	</summary>
>   ##</param>
>   #
> @@ -727,7 +727,7 @@ interface(`domain_ptrace_all_domains',`
>   ##</desc>
>   ##<param name="domain">
>   ##	<summary>
> -##	Domain allowed access.
> +##	Domain to not audit.
>   ##	</summary>
>   ##</param>
>   #
> @@ -755,7 +755,7 @@ interface(`domain_dontaudit_ptrace_all_domains',`
>   ##</desc>
>   ##<param name="domain">
>   ##	<summary>
> -##	Domain allowed access.
> +##	Domain to not audit.
>   ##	</summary>
>   ##</param>
>   #
> @@ -774,7 +774,7 @@ interface(`domain_dontaudit_ptrace_confined_domains',`
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	Domain allowed access.
> +##	Domain to not audit.
>   ##	</summary>
>   ##</param>
>   #
> @@ -799,7 +799,7 @@ interface(`domain_dontaudit_read_all_domains_state',`
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	Domain allowed access.
> +##	Domain to not audit.
>   ##	</summary>
>   ##</param>
>   #
> @@ -836,7 +836,7 @@ interface(`domain_getsession_all_domains',`
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	Domain allowed access.
> +##	Domain to not audit.
>   ##	</summary>
>   ##</param>
>   #
> @@ -949,7 +949,7 @@ interface(`domain_dontaudit_getattr_all_sockets',`
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	Domain allowed access.
> +##	Domain to not audit.
>   ##	</summary>
>   ##</param>
>   #
> @@ -968,7 +968,7 @@ interface(`domain_dontaudit_getattr_all_tcp_sockets',`
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	Domain allowed access.
> +##	Domain to not audit.
>   ##	</summary>
>   ##</param>
>   #
> @@ -987,7 +987,7 @@ interface(`domain_dontaudit_getattr_all_udp_sockets',`
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	Domain allowed access.
> +##	Domain to not audit.
>   ##	</summary>
>   ##</param>
>   #
> @@ -1006,7 +1006,7 @@ interface(`domain_dontaudit_rw_all_udp_sockets',`
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	Domain allowed access.
> +##	Domain to not audit.
>   ##	</summary>
>   ##</param>
>   #
> @@ -1025,7 +1025,7 @@ interface(`domain_dontaudit_getattr_all_key_sockets',`
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	Domain allowed access.
> +##	Domain to not audit.
>   ##	</summary>
>   ##</param>
>   #
> @@ -1044,7 +1044,7 @@ interface(`domain_dontaudit_getattr_all_packet_sockets',`
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	Domain allowed access.
> +##	Domain to not audit.
>   ##	</summary>
>   ##</param>
>   #
> @@ -1063,7 +1063,7 @@ interface(`domain_dontaudit_getattr_all_raw_sockets',`
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	Domain allowed access.
> +##	Domain to not audit.
>   ##	</summary>
>   ##</param>
>   #
> @@ -1082,7 +1082,7 @@ interface(`domain_dontaudit_rw_all_key_sockets',`
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	Domain allowed access.
> +##	Domain to not audit.
>   ##	</summary>
>   ##</param>
>   #
> @@ -1120,7 +1120,7 @@ interface(`domain_getattr_all_stream_sockets',`
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	Domain allowed access.
> +##	Domain to not audit.
>   ##	</summary>
>   ##</param>
>   #
> @@ -1168,7 +1168,7 @@ interface(`domain_getattr_all_pipes',`
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	Domain allowed access.
> +##	Domain to not audit.
>   ##	</summary>
>   ##</param>
>   #
> @@ -1187,7 +1187,7 @@ interface(`domain_dontaudit_getattr_all_pipes',`
>   ##</summary>
>   ##<param name="type">
>   ##	<summary>
> -##	Type of subject to be allowed this.
> +##	Domain allowed access.
>   ##	</summary>
>   ##</param>
>   #
> @@ -1341,7 +1341,7 @@ interface(`domain_mmap_all_entry_files',`
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	Domain allowed access.
> +##	Domain allowed to transition.
>   ##	</summary>
>   ##</param>
>   ##<param name="target_domain">
> @@ -1368,7 +1368,7 @@ interface(`domain_entry_file_spec_domtrans',`
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	Domain allowed to mmap low memory.
> +##	Domain allowed access.
>   ##	</summary>
>   ##</param>
>   #
> diff --git a/policy/modules/kernel/files.if b/policy/modules/kernel/files.if
> index 28cb589..8d3dfad 100644
> --- a/policy/modules/kernel/files.if
> +++ b/policy/modules/kernel/files.if
> @@ -511,7 +511,7 @@ interface(`files_mounton_non_security',`
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	Domain to allow
> +##	Domain allowed access.
>   ##	</summary>
>   ##</param>
>   #
> @@ -529,7 +529,7 @@ interface(`files_write_non_security_dirs',`
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	Domain to allow
> +##	Domain allowed access.
>   ##	</summary>
>   ##</param>
>   #
> @@ -674,7 +674,7 @@ interface(`files_read_non_security_files',`
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	The type of the domain perfoming this action.
> +##	Domain allowed access.
>   ##	</summary>
>   ##</param>
>   ##<param name="exception_types" optional="true">
> @@ -699,7 +699,7 @@ interface(`files_read_all_dirs_except',`
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	The type of the domain perfoming this action.
> +##	Domain allowed access.
>   ##	</summary>
>   ##</param>
>   ##<param name="exception_types" optional="true">
> @@ -724,7 +724,7 @@ interface(`files_read_all_files_except',`
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	The type of the domain perfoming this action.
> +##	Domain allowed access.
>   ##	</summary>
>   ##</param>
>   ##<param name="exception_types" optional="true">
> @@ -1031,7 +1031,7 @@ interface(`files_read_all_chr_files',`
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	The type of the domain perfoming this action.
> +##	Domain allowed access.
>   ##	</summary>
>   ##</param>
>   ##<param name="exception_types" optional="true">
> @@ -1069,7 +1069,7 @@ interface(`files_relabel_all_files',`
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	The type of the domain perfoming this action.
> +##	Domain allowed access.
>   ##	</summary>
>   ##</param>
>   ##<param name="exception_types" optional="true">
> @@ -1095,7 +1095,7 @@ interface(`files_rw_all_files',`
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	The type of the domain perfoming this action.
> +##	Domain allowed access.
>   ##	</summary>
>   ##</param>
>   ##<param name="exception_types" optional="true">
> @@ -1168,7 +1168,7 @@ interface(`files_list_all',`
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	Domain allowed access.
> +##	Domain to not audit.
>   ##	</summary>
>   ##</param>
>   #
> @@ -1281,7 +1281,7 @@ interface(`files_unmount_all_file_type_fs',`
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	The type of domain performing this action
> +##	Domain allowed access.
>   ##	</summary>
>   ##</param>
>   ##
> @@ -1300,7 +1300,7 @@ interface(`files_manage_config_dirs',`
>   ##</summary>
>   ##<param name="domain">
>   ## 	<summary>
> -##	Type of domain performing this action
> +##	Domain allowed access.
>   ##	</summary>
>   ##</param>
>   ##
> @@ -1339,7 +1339,7 @@ interface(`files_read_config_files',`
>   ##</summary>
>   ##<param name="domain">
>   ## 	<summary>
> -##	The type of domain performing this action
> +##	Domain allowed access.
>   ## 	</summary>
>   ##</param>
>   ##
> @@ -1358,7 +1358,7 @@ interface(`files_manage_config_files',`
>   ##</summary>
>   ##<param name="domain">
>   ## 	<summary>
> -##	Type of domain performing this action
> +##	Domain allowed access.
>   ##	</summary>
>   ##</param>
>   ##
> @@ -1470,7 +1470,7 @@ interface(`files_list_root',`
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	Domain allowed access.
> +##	Domain to not audit.
>   ##	</summary>
>   ##</param>
>   #
> @@ -1537,7 +1537,7 @@ interface(`files_dontaudit_read_root_files',`
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	Domain allowed access.
> +##	Domain to not audit.
>   ##	</summary>
>   ##</param>
>   #
> @@ -1556,7 +1556,7 @@ interface(`files_dontaudit_rw_root_files',`
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	Domain allowed access.
> +##	Domain to not audit.
>   ##	</summary>
>   ##</param>
>   #
> @@ -1683,7 +1683,7 @@ interface(`files_search_boot',`
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	Domain allowed access.
> +##	Domain to not audit.
>   ##	</summary>
>   ##</param>
>   #
> @@ -2715,7 +2715,7 @@ interface(`files_getattr_isid_type_dirs',`
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	Domain allowed access.
> +##	Domain to not audit.
>   ##	</summary>
>   ##</param>
>   #
> @@ -2943,7 +2943,7 @@ interface(`files_delete_isid_type_blk_files',`
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	Domain allowed access.
> +##	Domain to not audit.
>   ##	</summary>
>   ##</param>
>   #
> @@ -3792,7 +3792,7 @@ interface(`files_search_tmp',`
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	Domain allowed access.
> +##	Domain to not audit.
>   ##	</summary>
>   ##</param>
>   #
> @@ -4010,7 +4010,7 @@ interface(`files_dontaudit_getattr_all_tmp_files',`
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	Domain not to audit.
> +##	Domain allowed access.
>   ##	</summary>
>   ##</param>
>   #
> @@ -4209,7 +4209,7 @@ interface(`files_rw_usr_dirs',`
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	Domain allowed access.
> +##	Domain to not audit.
>   ##	</summary>
>   ##</param>
>   #
> @@ -4339,7 +4339,7 @@ interface(`files_exec_usr_files',`
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	Domain allowed access.
> +##	Domain to not audit.
>   ##	</summary>
>   ##</param>
>   #
> @@ -4630,7 +4630,7 @@ interface(`files_dontaudit_write_var_dirs',`
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	Domain to not audit.
> +##	Domain allowed access.
>   ##	</summary>
>   ##</param>
>   #
> @@ -4741,7 +4741,7 @@ interface(`files_rw_var_files',`
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	Domain allowed access.
> +##	Domain to not audit.
>   ##	</summary>
>   ##</param>
>   #
> @@ -5455,7 +5455,7 @@ interface(`files_rw_generic_pids',`
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	Domain allowed access.
> +##	Domain to not audit.
>   ##	</summary>
>   ##</param>
>   #
> @@ -5473,7 +5473,7 @@ interface(`files_dontaudit_getattr_all_pids',`
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	Domain allowed access.
> +##	Domain to not audit.
>   ##	</summary>
>   ##</param>
>   #
> @@ -5491,7 +5491,7 @@ interface(`files_dontaudit_write_all_pids',`
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	Domain allowed access.
> +##	Domain to not audit.
>   ##	</summary>
>   ##</param>
>   #
> diff --git a/policy/modules/kernel/filesystem.if b/policy/modules/kernel/filesystem.if
> index 9b79f4a..e3e17ba 100644
> --- a/policy/modules/kernel/filesystem.if
> +++ b/policy/modules/kernel/filesystem.if
> @@ -330,7 +330,7 @@ interface(`fs_rw_anon_inodefs_files',`
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	Domain allowed access.
> +##	Domain to not audit.
>   ##	</summary>
>   ##</param>
>   #
> @@ -1084,7 +1084,7 @@ interface(`fs_read_noxattr_fs_files',`
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	Domain allowed access.
> +##	Domain to not audit.
>   ##	</summary>
>   ##</param>
>   #
> @@ -1204,7 +1204,7 @@ interface(`fs_append_cifs_files',`
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	Domain allowed access.
> +##	Domain to not audit.
>   ##	</summary>
>   ##</param>
>   ##<rolecap/>
> @@ -1343,7 +1343,7 @@ interface(`fs_manage_cifs_dirs',`
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	Domain allowed access.
> +##	Domain to not audit.
>   ##	</summary>
>   ##</param>
>   #
> @@ -1478,7 +1478,7 @@ interface(`fs_manage_cifs_named_sockets',`
>   ##</desc>
>   ##<param name="domain">
>   ##	<summary>
> -##	Domain allowed access.
> +##	Domain allowed to transition.
>   ##	</summary>
>   ##</param>
>   ##<param name="target_domain">
> @@ -1999,7 +1999,7 @@ interface(`fs_list_inotifyfs',`
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	Domain allowed access.
> +##	Domain to not audit.
>   ##	</summary>
>   ##</param>
>   #
> @@ -2412,7 +2412,7 @@ interface(`fs_append_nfs_files',`
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	Domain allowed access.
> +##	Domain to not audit.
>   ##	</summary>
>   ##</param>
>   ##<rolecap/>
> @@ -2469,7 +2469,7 @@ interface(`fs_read_nfs_symlinks',`
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	Domain allowed access.
> +##	Domain to not audit.
>   ##	</summary>
>   ##</param>
>   #
> @@ -2918,7 +2918,7 @@ interface(`fs_manage_nfs_named_sockets',`
>   ##</desc>
>   ##<param name="domain">
>   ##	<summary>
> -##	Domain allowed access.
> +##	Domain allowed to transition.
>   ##	</summary>
>   ##</param>
>   ##<param name="target_domain">
> @@ -3197,7 +3197,7 @@ interface(`fs_search_ramfs',`
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	Domain allowed access.
> +##	Domain to not audit.
>   ##	</summary>
>   ##</param>
>   #
> @@ -3234,7 +3234,7 @@ interface(`fs_manage_ramfs_dirs',`
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	Domain allowed access.
> +##	Domain to not audit.
>   ##	</summary>
>   ##</param>
>   #
> @@ -3252,7 +3252,7 @@ interface(`fs_dontaudit_read_ramfs_files',`
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	Domain allowed access.
> +##	Domain to not audit.
>   ##	</summary>
>   ##</param>
>   #
> @@ -3308,7 +3308,7 @@ interface(`fs_write_ramfs_pipes',`
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	Domain allowed access.
> +##	Domain to not audit.
>   ##	</summary>
>   ##</param>
>   #
> @@ -3677,7 +3677,7 @@ interface(`fs_getattr_tmpfs_dirs',`
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	Domain allowed access.
> +##	Domain to not audit.
>   ##	</summary>
>   ##</param>
>   #
> @@ -3947,7 +3947,7 @@ interface(`fs_rw_tmpfs_chr_files',`
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	Domain allowed access.
> +##	Domain to not audit.
>   ##	</summary>
>   ##</param>
>   #
> @@ -4341,7 +4341,7 @@ interface(`fs_dontaudit_getattr_all_fs',`
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	The type of the domain getting quotas.
> +##	Domain allowed access.
>   ##	</summary>
>   ##</param>
>   ##<rolecap/>
> @@ -4360,7 +4360,7 @@ interface(`fs_get_all_fs_quotas',`
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	The type of the domain setting quotas.
> +##	Domain allowed access.
>   ##	</summary>
>   ##</param>
>   ##<rolecap/>
> diff --git a/policy/modules/kernel/kernel.if b/policy/modules/kernel/kernel.if
> index b46db36..ed7667a 100644
> --- a/policy/modules/kernel/kernel.if
> +++ b/policy/modules/kernel/kernel.if
> @@ -130,7 +130,7 @@ interface(`kernel_setsched',`
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	The type of the process sending the signal.
> +##	Domain allowed access.
>   ##	</summary>
>   ##</param>
>   #
> @@ -148,7 +148,7 @@ interface(`kernel_sigchld',`
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	The type of the process sending the signal.
> +##	Domain allowed access.
>   ##	</summary>
>   ##</param>
>   #
> @@ -166,7 +166,7 @@ interface(`kernel_kill',`
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	The type of the process sending the signal.
> +##	Domain allowed access.
>   ##	</summary>
>   ##</param>
>   #
> @@ -203,7 +203,7 @@ interface(`kernel_share_state',`
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	The type of the process using the descriptors.
> +##	Domain allowed access.
>   ##	</summary>
>   ##</param>
>   #
> @@ -336,7 +336,7 @@ interface(`kernel_udp_recvfrom',`
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	The process type to allow to load kernel modules.
> +##	Domain allowed access.
>   ##	</summary>
>   ##</param>
>   #
> @@ -378,7 +378,7 @@ interface(`kernel_search_key',`
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	Domain allowed access.
> +##	Domain to not audit.
>   ##	</summary>
>   ##</param>
>   #
> @@ -414,7 +414,7 @@ interface(`kernel_link_key',`
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	Domain allowed access.
> +##	Domain to not audit.
>   ##	</summary>
>   ##</param>
>   #
> @@ -432,7 +432,7 @@ interface(`kernel_dontaudit_link_key',`
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	The process type allowed to read the ring buffer.
> +##	Domain allowed access.
>   ##	</summary>
>   ##</param>
>   ##<rolecap/>
> @@ -451,7 +451,7 @@ interface(`kernel_read_ring_buffer',`
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	The domain to not audit.
> +##	Domain to not audit.
>   ##	</summary>
>   ##</param>
>   #
> @@ -488,7 +488,7 @@ interface(`kernel_change_ring_buffer_level',`
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	The process type clearing the buffer.
> +##	Domain allowed access.
>   ##	</summary>
>   ##</param>
>   ##<rolecap/>
> @@ -592,7 +592,7 @@ interface(`kernel_getattr_debugfs',`
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	The type of the domain mounting the filesystem.
> +##	Domain allowed access.
>   ##	</summary>
>   ##</param>
>   #
> @@ -610,7 +610,7 @@ interface(`kernel_mount_debugfs',`
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	The type of the domain unmounting the filesystem.
> +##	Domain allowed access.
>   ##	</summary>
>   ##</param>
>   #
> @@ -628,7 +628,7 @@ interface(`kernel_unmount_debugfs',`
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	The type of the domain remounting the filesystem.
> +##	Domain allowed access.
>   ##	</summary>
>   ##</param>
>   #
> @@ -664,7 +664,7 @@ interface(`kernel_search_debugfs',`
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	Domain allowed access.
> +##	Domain to not audit.
>   ##	</summary>
>   ##</param>
>   #
> @@ -702,7 +702,7 @@ interface(`kernel_read_debugfs',`
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	The type of the domain mounting the filesystem.
> +##	Domain allowed access.
>   ##	</summary>
>   ##</param>
>   #
> @@ -720,7 +720,7 @@ interface(`kernel_mount_kvmfs',`
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	The type of the domain unmounting the filesystem.
> +##	Domain allowed access.
>   ##	</summary>
>   ##</param>
>   #
> @@ -922,7 +922,7 @@ interface(`kernel_write_proc_files',`
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	The process type not to audit.
> +##	Domain to not audit.
>   ##	</summary>
>   ##</param>
>   #
> @@ -941,7 +941,7 @@ interface(`kernel_dontaudit_read_system_state',`
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	The process type not to audit.
> +##	Domain to not audit.
>   ##	</summary>
>   ##</param>
>   #
> @@ -979,7 +979,7 @@ interface(`kernel_rw_afs_state',`
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	The process type reading software raid state.
> +##	Domain allowed access.
>   ##	</summary>
>   ##</param>
>   ##<rolecap/>
> @@ -1000,7 +1000,7 @@ interface(`kernel_read_software_raid_state',`
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	The process type reading software raid state.
> +##	Domain allowed access.
>   ##	</summary>
>   ##</param>
>   #
> @@ -1020,7 +1020,7 @@ interface(`kernel_rw_software_raid_state',`
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	The process type getting the attibutes.
> +##	Domain allowed access.
>   ##	</summary>
>   ##</param>
>   #
> @@ -1041,7 +1041,7 @@ interface(`kernel_getattr_core_if',`
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	The process type to not audit.
> +##	Domain to not audit.
>   ##	</summary>
>   ##</param>
>   #
> @@ -1083,7 +1083,7 @@ interface(`kernel_read_core_if',`
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	The process type reading the messages.
> +##	Domain allowed access.
>   ##	</summary>
>   ##</param>
>   #
> @@ -1105,7 +1105,7 @@ interface(`kernel_read_messages',`
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	The process type getting the attributes.
> +##	Domain allowed access.
>   ##	</summary>
>   ##</param>
>   #
> @@ -1124,7 +1124,7 @@ interface(`kernel_getattr_message_if',`
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	The process type not to audit.
> +##	Domain to not audit.
>   ##	</summary>
>   ##</param>
>   #
> @@ -1143,7 +1143,7 @@ interface(`kernel_dontaudit_getattr_message_if',`
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	The process type reading the state.
> +##	Domain to not audit.
>   ##	</summary>
>   ##</param>
>   ##
> @@ -1162,7 +1162,7 @@ interface(`kernel_dontaudit_search_network_state',`
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	The process type reading the state.
> +##	Domain allowed access.
>   ##	</summary>
>   ##</param>
>   ##
> @@ -1214,7 +1214,7 @@ interface(`kernel_read_network_state',`
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	The process type reading the state.
> +##	Domain allowed access.
>   ##	</summary>
>   ##</param>
>   #
> @@ -1234,7 +1234,7 @@ interface(`kernel_read_network_state_symlinks',`
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	The process type reading the state.
> +##	Domain allowed access.
>   ##	</summary>
>   ##</param>
>   ##
> @@ -1254,7 +1254,7 @@ interface(`kernel_search_xen_state',`
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	The process type reading the state.
> +##	Domain to not audit.
>   ##	</summary>
>   ##</param>
>   ##
> @@ -1273,7 +1273,7 @@ interface(`kernel_dontaudit_search_xen_state',`
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	The process type reading the state.
> +##	Domain allowed access.
>   ##	</summary>
>   ##</param>
>   ##
> @@ -1295,7 +1295,7 @@ interface(`kernel_read_xen_state',`
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	The process type reading the state.
> +##	Domain allowed access.
>   ##	</summary>
>   ##</param>
>   ##
> @@ -1316,7 +1316,7 @@ interface(`kernel_read_xen_state_symlinks',`
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	The process type writing the state.
> +##	Domain allowed access.
>   ##	</summary>
>   ##</param>
>   ##
> @@ -1335,7 +1335,7 @@ interface(`kernel_write_xen_state',`
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	Domain to not audit.
> +##	Domain allowed access.
>   ##	</summary>
>   ##</param>
>   #
> @@ -1374,7 +1374,7 @@ interface(`kernel_dontaudit_list_all_proc',`
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	The process type not to audit.
> +##	Domain to not audit.
>   ##	</summary>
>   ##</param>
>   ##
> @@ -1393,7 +1393,7 @@ interface(`kernel_dontaudit_search_sysctl',`
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	The process type to allow to read sysctl directories.
> +##	Domain allowed access.
>   ##	</summary>
>   ##</param>
>   ##
> @@ -1413,7 +1413,7 @@ interface(`kernel_read_sysctl',`
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	The process type to allow to read the device sysctls.
> +##	Domain allowed access.
>   ##	</summary>
>   ##</param>
>   ##<rolecap/>
> @@ -1535,7 +1535,7 @@ interface(`kernel_search_network_sysctl',`
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	The process type not to audit.
> +##	Domain to not audit.
>   ##	</summary>
>   ##</param>
>   #
> @@ -2052,7 +2052,7 @@ interface(`kernel_kill_unlabeled',`
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	The type of the domain mounting the filesystem.
> +##	Domain allowed access.
>   ##	</summary>
>   ##</param>
>   #
> @@ -2253,7 +2253,7 @@ interface(`kernel_rw_unlabeled_files',`
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	The process type not to audit.
> +##	Domain to not audit.
>   ##	</summary>
>   ##</param>
>   #
> @@ -2291,7 +2291,7 @@ interface(`kernel_dontaudit_read_unlabeled_files',`
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	The process type not to audit.
> +##	Domain to not audit.
>   ##	</summary>
>   ##</param>
>   #
> @@ -2310,7 +2310,7 @@ interface(`kernel_dontaudit_getattr_unlabeled_symlinks',`
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	The process type not to audit.
> +##	Domain to not audit.
>   ##	</summary>
>   ##</param>
>   #
> @@ -2329,7 +2329,7 @@ interface(`kernel_dontaudit_getattr_unlabeled_pipes',`
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	The process type not to audit.
> +##	Domain to not audit.
>   ##	</summary>
>   ##</param>
>   #
> @@ -2348,7 +2348,7 @@ interface(`kernel_dontaudit_getattr_unlabeled_sockets',`
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	The process type not to audit.
> +##	Domain to not audit.
>   ##	</summary>
>   ##</param>
>   #
> @@ -2385,7 +2385,7 @@ interface(`kernel_rw_unlabeled_blk_files',`
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	The process type not to audit.
> +##	Domain to not audit.
>   ##	</summary>
>   ##</param>
>   #
> diff --git a/policy/modules/kernel/selinux.if b/policy/modules/kernel/selinux.if
> index 677f82a..f8b357c 100644
> --- a/policy/modules/kernel/selinux.if
> +++ b/policy/modules/kernel/selinux.if
> @@ -213,7 +213,7 @@ interface(`selinux_dontaudit_read_fs',`
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	The process type to allow to get the enforcing mode.
> +##	Domain allowed access.
>   ##	</summary>
>   ##</param>
>   ##<rolecap/>
> @@ -244,7 +244,7 @@ interface(`selinux_get_enforce_mode',`
>   ##</desc>
>   ##<param name="domain">
>   ##	<summary>
> -##	The process type to allow to set the enforcement mode.
> +##	Domain allowed access.
>   ##	</summary>
>   ##</param>
>   ##<rolecap/>
> @@ -276,7 +276,7 @@ interface(`selinux_set_enforce_mode',`
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	The process type that will load the policy.
> +##	Domain allowed access.
>   ##	</summary>
>   ##</param>
>   #
> @@ -323,7 +323,7 @@ interface(`selinux_load_policy',`
>   ##</desc>
>   ##<param name="domain">
>   ##	<summary>
> -##	The process type allowed to set the Boolean.
> +##	Domain allowed access.
>   ##	</summary>
>   ##</param>
>   ##<rolecap/>
> @@ -350,7 +350,7 @@ interface(`selinux_set_boolean',`
>   ##</desc>
>   ##<param name="domain">
>   ##	<summary>
> -##	The process type allowed to set the Boolean.
> +##	Domain allowed access.
>   ##	</summary>
>   ##</param>
>   ##<rolecap/>
> @@ -391,7 +391,7 @@ interface(`selinux_set_generic_booleans',`
>   ##</desc>
>   ##<param name="domain">
>   ##	<summary>
> -##	The process type allowed to set the Boolean.
> +##	Domain allowed access.
>   ##	</summary>
>   ##</param>
>   ##<rolecap/>
> @@ -433,7 +433,7 @@ interface(`selinux_set_all_booleans',`
>   ##</desc>
>   ##<param name="domain">
>   ##	<summary>
> -##	The process type to allow to set security parameters.
> +##	Domain allowed access.
>   ##	</summary>
>   ##</param>
>   ##<rolecap/>
> @@ -457,7 +457,7 @@ interface(`selinux_set_parameters',`
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	The process type permitted to validate contexts.
> +##	Domain allowed access.
>   ##	</summary>
>   ##</param>
>   ##<rolecap/>
> @@ -499,7 +499,7 @@ interface(`selinux_dontaudit_validate_context',`
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	The process type allowed to compute an access vector.
> +##	Domain allowed access.
>   ##	</summary>
>   ##</param>
>   ##<rolecap/>
> @@ -591,7 +591,7 @@ interface(`selinux_compute_relabel_context',`
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	The process type allowed to compute user contexts.
> +##	Domain allowed access.
>   ##	</summary>
>   ##</param>
>   #
> diff --git a/policy/modules/kernel/storage.if b/policy/modules/kernel/storage.if
> index d7ca7b2..3723150 100644
> --- a/policy/modules/kernel/storage.if
> +++ b/policy/modules/kernel/storage.if
> @@ -351,7 +351,7 @@ interface(`storage_getattr_fuse_dev',`
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	Domain to not audit.
> +##	Domain allowed access.
>   ##	</summary>
>   ##</param>
>   #
> diff --git a/policy/modules/kernel/terminal.if b/policy/modules/kernel/terminal.if
> index 4d9d592..492bf76 100644
> --- a/policy/modules/kernel/terminal.if
> +++ b/policy/modules/kernel/terminal.if
> @@ -245,7 +245,7 @@ interface(`term_read_console',`
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	Domain allowed access.
> +##	Domain to not audit.
>   ##	</summary>
>   ##</param>
>   ##<rolecap/>
> @@ -285,7 +285,7 @@ interface(`term_use_console',`
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	Domain allowed access.
> +##	Domain to not audit.
>   ##	</summary>
>   ##</param>
>   #
> @@ -420,7 +420,7 @@ interface(`term_search_ptys',`
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	Domain allowed access.
> +##	Domain to not audit.
>   ##	</summary>
>   ##</param>
>   #
> @@ -557,7 +557,7 @@ interface(`term_setattr_generic_ptys',`
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	Domain allowed access.
> +##	Domain to not audit.
>   ##	</summary>
>   ##</param>
>   #
> @@ -676,7 +676,7 @@ interface(`term_dontaudit_getattr_ptmx',`
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	The type of the process to allow access.
> +##	Domain allowed access.
>   ##	</summary>
>   ##</param>
>   #
> @@ -739,7 +739,7 @@ interface(`term_getattr_all_ptys',`
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	Domain allowed access.
> +##	Domain to not audit.
>   ##	</summary>
>   ##</param>
>   #
> @@ -1028,7 +1028,7 @@ interface(`term_getattr_unallocated_ttys',`
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	Domain allowed access.
> +##	Domain to not audit.
>   ##	</summary>
>   ##</param>
>   #
> @@ -1068,7 +1068,7 @@ interface(`term_setattr_unallocated_ttys',`
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	Domain allowed access.
> +##	Domain to not audit.
>   ##	</summary>
>   ##</param>
>   #
> @@ -1087,7 +1087,7 @@ interface(`term_dontaudit_setattr_unallocated_ttys',`
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	Domain allowed access.
> +##	Domain to not audit.
>   ##	</summary>
>   ##</param>
>   #
> @@ -1245,7 +1245,7 @@ interface(`term_getattr_all_ttys',`
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	Domain allowed access.
> +##	Domain to not audit.
>   ##	</summary>
>   ##</param>
>   #
> @@ -1343,7 +1343,7 @@ interface(`term_use_all_ttys',`
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	Domain allowed access.
> +##	Domain to not audit.
>   ##	</summary>
>   ##</param>
>   #
> @@ -1380,7 +1380,7 @@ interface(`term_getattr_all_user_ttys',`
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	Domain allowed access.
> +##	Domain to not audit.
>   ##	</summary>
>   ##</param>
>   #
>
>
>
> _______________________________________________
> refpolicy mailing list
> refpolicy at oss.tresys.com
> http://oss.tresys.com/mailman/listinfo/refpolicy

-- 
Chris PeBenito
Tresys Technology, LLC
www.tresys.com | oss.tresys.com