1 |
commit: 0a8aa1bfe479e36ab9fa014dccccbec5b3c59b0b |
2 |
Author: Nicolas Iooss <nicolas.iooss <AT> m4x <DOT> org> |
3 |
AuthorDate: Mon Jan 18 23:01:10 2016 +0000 |
4 |
Commit: Jason Zaman <perfinion <AT> gentoo <DOT> org> |
5 |
CommitDate: Sat Jan 30 17:16:57 2016 +0000 |
6 |
URL: https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=0a8aa1bf |
7 |
|
8 |
Fix interface descriptions when duplicate ones are found |
9 |
|
10 |
Distinct interfaces should have different comments |
11 |
|
12 |
policy/modules/admin/bootloader.if | 4 ++-- |
13 |
policy/modules/kernel/corecommands.if | 4 ++-- |
14 |
policy/modules/kernel/corenetwork.if.in | 6 +++--- |
15 |
policy/modules/kernel/devices.if | 4 ++-- |
16 |
policy/modules/kernel/domain.if | 2 +- |
17 |
policy/modules/kernel/files.if | 2 +- |
18 |
policy/modules/kernel/filesystem.if | 9 +++++---- |
19 |
policy/modules/kernel/kernel.if | 2 +- |
20 |
policy/modules/kernel/storage.if | 4 ++-- |
21 |
policy/modules/system/iptables.if | 3 ++- |
22 |
policy/modules/system/locallogin.if | 2 +- |
23 |
policy/modules/system/miscfiles.if | 3 ++- |
24 |
policy/modules/system/modutils.if | 2 +- |
25 |
policy/modules/system/selinuxutil.if | 2 +- |
26 |
policy/modules/system/userdomain.if | 13 +++++++------ |
27 |
15 files changed, 33 insertions(+), 29 deletions(-) |
28 |
|
29 |
diff --git a/policy/modules/admin/bootloader.if b/policy/modules/admin/bootloader.if |
30 |
index cc8df9d..185f749 100644 |
31 |
--- a/policy/modules/admin/bootloader.if |
32 |
+++ b/policy/modules/admin/bootloader.if |
33 |
@@ -124,8 +124,8 @@ interface(`bootloader_rw_tmp_files',` |
34 |
|
35 |
######################################## |
36 |
## <summary> |
37 |
-## Read and write the bootloader |
38 |
-## temporary data in /tmp. |
39 |
+## Create, read and write the bootloader |
40 |
+## runtime data. |
41 |
## </summary> |
42 |
## <param name="domain"> |
43 |
## <summary> |
44 |
|
45 |
diff --git a/policy/modules/kernel/corecommands.if b/policy/modules/kernel/corecommands.if |
46 |
index 917b160..60c1feb 100644 |
47 |
--- a/policy/modules/kernel/corecommands.if |
48 |
+++ b/policy/modules/kernel/corecommands.if |
49 |
@@ -199,11 +199,11 @@ interface(`corecmd_getattr_bin_files',` |
50 |
|
51 |
######################################## |
52 |
## <summary> |
53 |
-## Get the attributes of files in bin directories. |
54 |
+## Do not audit attempts to get the attributes of files in bin directories. |
55 |
## </summary> |
56 |
## <param name="domain"> |
57 |
## <summary> |
58 |
-## Domain allowed access. |
59 |
+## Domain to not audit. |
60 |
## </summary> |
61 |
## </param> |
62 |
# |
63 |
|
64 |
diff --git a/policy/modules/kernel/corenetwork.if.in b/policy/modules/kernel/corenetwork.if.in |
65 |
index 6e0bb9f..4babd24 100644 |
66 |
--- a/policy/modules/kernel/corenetwork.if.in |
67 |
+++ b/policy/modules/kernel/corenetwork.if.in |
68 |
@@ -2753,12 +2753,12 @@ interface(`corenet_all_recvfrom_labeled',` |
69 |
|
70 |
######################################## |
71 |
## <summary> |
72 |
-## Make the specified type usable |
73 |
-## for labeled ipsec. |
74 |
+## Allow specified type to set the context of |
75 |
+## a SPD entry for labeled ipsec associations. |
76 |
## </summary> |
77 |
## <param name="domain"> |
78 |
## <summary> |
79 |
-## Type to be used for labeled ipsec. |
80 |
+## Domain allowed access. |
81 |
## </summary> |
82 |
## </param> |
83 |
# |
84 |
|
85 |
diff --git a/policy/modules/kernel/devices.if b/policy/modules/kernel/devices.if |
86 |
index 591b932..9615efd 100644 |
87 |
--- a/policy/modules/kernel/devices.if |
88 |
+++ b/policy/modules/kernel/devices.if |
89 |
@@ -227,7 +227,7 @@ interface(`dev_add_entry_generic_dirs',` |
90 |
|
91 |
######################################## |
92 |
## <summary> |
93 |
-## Add entries to directories in /dev. |
94 |
+## Remove entries from directories in /dev. |
95 |
## </summary> |
96 |
## <param name="domain"> |
97 |
## <summary> |
98 |
@@ -2023,7 +2023,7 @@ interface(`dev_read_input',` |
99 |
|
100 |
######################################## |
101 |
## <summary> |
102 |
-## Read input event devices (/dev/input). |
103 |
+## Read and write input event devices (/dev/input). |
104 |
## </summary> |
105 |
## <param name="domain"> |
106 |
## <summary> |
107 |
|
108 |
diff --git a/policy/modules/kernel/domain.if b/policy/modules/kernel/domain.if |
109 |
index 3420b3a..92cc408 100644 |
110 |
--- a/policy/modules/kernel/domain.if |
111 |
+++ b/policy/modules/kernel/domain.if |
112 |
@@ -1155,7 +1155,7 @@ interface(`domain_getattr_all_stream_sockets',` |
113 |
######################################## |
114 |
## <summary> |
115 |
## Do not audit attempts to get the attributes |
116 |
-## of all domains unix datagram sockets. |
117 |
+## of all domains unix stream sockets. |
118 |
## </summary> |
119 |
## <param name="domain"> |
120 |
## <summary> |
121 |
|
122 |
diff --git a/policy/modules/kernel/files.if b/policy/modules/kernel/files.if |
123 |
index 20acc0e..dc13e31 100644 |
124 |
--- a/policy/modules/kernel/files.if |
125 |
+++ b/policy/modules/kernel/files.if |
126 |
@@ -1317,7 +1317,7 @@ interface(`files_relabelto_all_file_type_fs',` |
127 |
|
128 |
######################################## |
129 |
## <summary> |
130 |
-## Relabel a filesystem to the type of a file. |
131 |
+## Relabel a filesystem to and from the type of a file. |
132 |
## </summary> |
133 |
## <param name="domain"> |
134 |
## <summary> |
135 |
|
136 |
diff --git a/policy/modules/kernel/filesystem.if b/policy/modules/kernel/filesystem.if |
137 |
index b9b30da..c5a1ad1 100644 |
138 |
--- a/policy/modules/kernel/filesystem.if |
139 |
+++ b/policy/modules/kernel/filesystem.if |
140 |
@@ -1399,7 +1399,7 @@ interface(`fs_read_cifs_named_pipes',` |
141 |
|
142 |
######################################## |
143 |
## <summary> |
144 |
-## Read named pipes |
145 |
+## Read named sockets |
146 |
## on a CIFS or SMB network filesystem. |
147 |
## </summary> |
148 |
## <param name="domain"> |
149 |
@@ -2360,8 +2360,8 @@ interface(`fs_getattr_iso9660_fs',` |
150 |
|
151 |
######################################## |
152 |
## <summary> |
153 |
-## Read files on an iso9660 filesystem, which |
154 |
-## is usually used on CDs. |
155 |
+## Get the attributes of files on an iso9660 |
156 |
+## filesystem, which is usually used on CDs. |
157 |
## </summary> |
158 |
## <param name="domain"> |
159 |
## <summary> |
160 |
@@ -2759,7 +2759,8 @@ interface(`fs_read_nfs_named_pipes',` |
161 |
|
162 |
######################################## |
163 |
## <summary> |
164 |
-## Read directories of RPC file system pipes. |
165 |
+## Get the attributes of directories of RPC |
166 |
+## file system pipes. |
167 |
## </summary> |
168 |
## <param name="domain"> |
169 |
## <summary> |
170 |
|
171 |
diff --git a/policy/modules/kernel/kernel.if b/policy/modules/kernel/kernel.if |
172 |
index 5f2f78e..5af202c 100644 |
173 |
--- a/policy/modules/kernel/kernel.if |
174 |
+++ b/policy/modules/kernel/kernel.if |
175 |
@@ -1087,7 +1087,7 @@ interface(`kernel_dontaudit_read_system_state',` |
176 |
######################################## |
177 |
## <summary> |
178 |
## Do not audit attempts by caller to |
179 |
-## read system state information in proc. |
180 |
+## read symbolic links in proc. |
181 |
## </summary> |
182 |
## <param name="domain"> |
183 |
## <summary> |
184 |
|
185 |
diff --git a/policy/modules/kernel/storage.if b/policy/modules/kernel/storage.if |
186 |
index 5c1be6b..0292eee 100644 |
187 |
--- a/policy/modules/kernel/storage.if |
188 |
+++ b/policy/modules/kernel/storage.if |
189 |
@@ -210,7 +210,7 @@ interface(`storage_create_fixed_disk_dev',` |
190 |
|
191 |
######################################## |
192 |
## <summary> |
193 |
-## Allow the caller to create fixed disk device nodes. |
194 |
+## Allow the caller to delete fixed disk device nodes. |
195 |
## </summary> |
196 |
## <param name="domain"> |
197 |
## <summary> |
198 |
@@ -738,7 +738,7 @@ interface(`storage_read_tape',` |
199 |
|
200 |
######################################## |
201 |
## <summary> |
202 |
-## Allow the caller to directly read |
203 |
+## Allow the caller to directly write |
204 |
## a tape device. |
205 |
## </summary> |
206 |
## <param name="domain"> |
207 |
|
208 |
diff --git a/policy/modules/system/iptables.if b/policy/modules/system/iptables.if |
209 |
index 5d2b406..00c49c6 100644 |
210 |
--- a/policy/modules/system/iptables.if |
211 |
+++ b/policy/modules/system/iptables.if |
212 |
@@ -70,7 +70,8 @@ interface(`iptables_exec',` |
213 |
|
214 |
##################################### |
215 |
## <summary> |
216 |
-## Execute iptables in the iptables domain. |
217 |
+## Execute iptables init scripts in |
218 |
+## the init script domain. |
219 |
## </summary> |
220 |
## <param name="domain"> |
221 |
## <summary> |
222 |
|
223 |
diff --git a/policy/modules/system/locallogin.if b/policy/modules/system/locallogin.if |
224 |
index 4305a86..d99475c 100644 |
225 |
--- a/policy/modules/system/locallogin.if |
226 |
+++ b/policy/modules/system/locallogin.if |
227 |
@@ -135,7 +135,7 @@ interface(`locallogin_link_keys',` |
228 |
|
229 |
######################################## |
230 |
## <summary> |
231 |
-## Execute local logins in the local login domain. |
232 |
+## Execute single-user logins in the single-user login domain. |
233 |
## </summary> |
234 |
## <param name="domain"> |
235 |
## <summary> |
236 |
|
237 |
diff --git a/policy/modules/system/miscfiles.if b/policy/modules/system/miscfiles.if |
238 |
index d9220f7..63ed47f 100644 |
239 |
--- a/policy/modules/system/miscfiles.if |
240 |
+++ b/policy/modules/system/miscfiles.if |
241 |
@@ -823,7 +823,8 @@ interface(`miscfiles_read_test_files',` |
242 |
|
243 |
######################################## |
244 |
## <summary> |
245 |
-## Execute test files. |
246 |
+## Create files in etc directories |
247 |
+## with localization file type. |
248 |
## </summary> |
249 |
## <param name="domain"> |
250 |
## <summary> |
251 |
|
252 |
diff --git a/policy/modules/system/modutils.if b/policy/modules/system/modutils.if |
253 |
index c1b049c..a5222e2 100644 |
254 |
--- a/policy/modules/system/modutils.if |
255 |
+++ b/policy/modules/system/modutils.if |
256 |
@@ -253,7 +253,7 @@ interface(`modutils_domtrans_depmod',` |
257 |
|
258 |
######################################## |
259 |
## <summary> |
260 |
-## Execute depmod in the depmod domain. |
261 |
+## Execute update_modules in the update_modules domain. |
262 |
## </summary> |
263 |
## <param name="domain"> |
264 |
## <summary> |
265 |
|
266 |
diff --git a/policy/modules/system/selinuxutil.if b/policy/modules/system/selinuxutil.if |
267 |
index bcb4330..55d2429 100644 |
268 |
--- a/policy/modules/system/selinuxutil.if |
269 |
+++ b/policy/modules/system/selinuxutil.if |
270 |
@@ -762,7 +762,7 @@ interface(`seutil_manage_config',` |
271 |
####################################### |
272 |
## <summary> |
273 |
## Create, read, write, and delete |
274 |
-## the general selinux configuration files. |
275 |
+## the general selinux configuration directories. |
276 |
## </summary> |
277 |
## <param name="domain"> |
278 |
## <summary> |
279 |
|
280 |
diff --git a/policy/modules/system/userdomain.if b/policy/modules/system/userdomain.if |
281 |
index ea03e86..e341a1c 100644 |
282 |
--- a/policy/modules/system/userdomain.if |
283 |
+++ b/policy/modules/system/userdomain.if |
284 |
@@ -1625,7 +1625,7 @@ interface(`userdom_dontaudit_list_user_home_dirs',` |
285 |
|
286 |
######################################## |
287 |
## <summary> |
288 |
-## Create user home directories. |
289 |
+## Manage user home directories. |
290 |
## </summary> |
291 |
## <param name="domain"> |
292 |
## <summary> |
293 |
@@ -1968,7 +1968,7 @@ interface(`userdom_dontaudit_append_user_home_content_files',` |
294 |
|
295 |
######################################## |
296 |
## <summary> |
297 |
-## Do not audit attempts to write user home files. |
298 |
+## Do not audit attempts to relabel user home files. |
299 |
## </summary> |
300 |
## <param name="domain"> |
301 |
## <summary> |
302 |
@@ -2248,8 +2248,9 @@ interface(`userdom_manage_user_home_content_sockets',` |
303 |
|
304 |
######################################## |
305 |
## <summary> |
306 |
-## Create objects in a user home directory |
307 |
-## with an automatic type transition to |
308 |
+## Create objects in a directory located |
309 |
+## in a user home directory with an |
310 |
+## automatic type transition to |
311 |
## a specified private type. |
312 |
## </summary> |
313 |
## <param name="domain"> |
314 |
@@ -2711,7 +2712,7 @@ interface(`userdom_tmp_filetrans_user_tmp',` |
315 |
|
316 |
######################################## |
317 |
## <summary> |
318 |
-## Read user tmpfs files. |
319 |
+## Read and write user tmpfs files. |
320 |
## </summary> |
321 |
## <param name="domain"> |
322 |
## <summary> |
323 |
@@ -2978,7 +2979,7 @@ interface(`userdom_spec_domtrans_all_users',` |
324 |
|
325 |
######################################## |
326 |
## <summary> |
327 |
-## Execute an Xserver session in all unprivileged user domains. This |
328 |
+## Execute an Xserver session in all user domains. This |
329 |
## is an explicit transition, requiring the |
330 |
## caller to use setexeccon(). |
331 |
## </summary> |