| 1 |
commit: 0a8aa1bfe479e36ab9fa014dccccbec5b3c59b0b |
| 2 |
Author: Nicolas Iooss <nicolas.iooss <AT> m4x <DOT> org> |
| 3 |
AuthorDate: Mon Jan 18 23:01:10 2016 +0000 |
| 4 |
Commit: Jason Zaman <perfinion <AT> gentoo <DOT> org> |
| 5 |
CommitDate: Sat Jan 30 17:16:57 2016 +0000 |
| 6 |
URL: https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=0a8aa1bf |
| 7 |
|
| 8 |
Fix interface descriptions when duplicate ones are found |
| 9 |
|
| 10 |
Distinct interfaces should have different comments |
| 11 |
|
| 12 |
policy/modules/admin/bootloader.if | 4 ++-- |
| 13 |
policy/modules/kernel/corecommands.if | 4 ++-- |
| 14 |
policy/modules/kernel/corenetwork.if.in | 6 +++--- |
| 15 |
policy/modules/kernel/devices.if | 4 ++-- |
| 16 |
policy/modules/kernel/domain.if | 2 +- |
| 17 |
policy/modules/kernel/files.if | 2 +- |
| 18 |
policy/modules/kernel/filesystem.if | 9 +++++---- |
| 19 |
policy/modules/kernel/kernel.if | 2 +- |
| 20 |
policy/modules/kernel/storage.if | 4 ++-- |
| 21 |
policy/modules/system/iptables.if | 3 ++- |
| 22 |
policy/modules/system/locallogin.if | 2 +- |
| 23 |
policy/modules/system/miscfiles.if | 3 ++- |
| 24 |
policy/modules/system/modutils.if | 2 +- |
| 25 |
policy/modules/system/selinuxutil.if | 2 +- |
| 26 |
policy/modules/system/userdomain.if | 13 +++++++------ |
| 27 |
15 files changed, 33 insertions(+), 29 deletions(-) |
| 28 |
|
| 29 |
diff --git a/policy/modules/admin/bootloader.if b/policy/modules/admin/bootloader.if |
| 30 |
index cc8df9d..185f749 100644 |
| 31 |
--- a/policy/modules/admin/bootloader.if |
| 32 |
+++ b/policy/modules/admin/bootloader.if |
| 33 |
@@ -124,8 +124,8 @@ interface(`bootloader_rw_tmp_files',` |
| 34 |
|
| 35 |
######################################## |
| 36 |
## <summary> |
| 37 |
-## Read and write the bootloader |
| 38 |
-## temporary data in /tmp. |
| 39 |
+## Create, read and write the bootloader |
| 40 |
+## runtime data. |
| 41 |
## </summary> |
| 42 |
## <param name="domain"> |
| 43 |
## <summary> |
| 44 |
|
| 45 |
diff --git a/policy/modules/kernel/corecommands.if b/policy/modules/kernel/corecommands.if |
| 46 |
index 917b160..60c1feb 100644 |
| 47 |
--- a/policy/modules/kernel/corecommands.if |
| 48 |
+++ b/policy/modules/kernel/corecommands.if |
| 49 |
@@ -199,11 +199,11 @@ interface(`corecmd_getattr_bin_files',` |
| 50 |
|
| 51 |
######################################## |
| 52 |
## <summary> |
| 53 |
-## Get the attributes of files in bin directories. |
| 54 |
+## Do not audit attempts to get the attributes of files in bin directories. |
| 55 |
## </summary> |
| 56 |
## <param name="domain"> |
| 57 |
## <summary> |
| 58 |
-## Domain allowed access. |
| 59 |
+## Domain to not audit. |
| 60 |
## </summary> |
| 61 |
## </param> |
| 62 |
# |
| 63 |
|
| 64 |
diff --git a/policy/modules/kernel/corenetwork.if.in b/policy/modules/kernel/corenetwork.if.in |
| 65 |
index 6e0bb9f..4babd24 100644 |
| 66 |
--- a/policy/modules/kernel/corenetwork.if.in |
| 67 |
+++ b/policy/modules/kernel/corenetwork.if.in |
| 68 |
@@ -2753,12 +2753,12 @@ interface(`corenet_all_recvfrom_labeled',` |
| 69 |
|
| 70 |
######################################## |
| 71 |
## <summary> |
| 72 |
-## Make the specified type usable |
| 73 |
-## for labeled ipsec. |
| 74 |
+## Allow specified type to set the context of |
| 75 |
+## a SPD entry for labeled ipsec associations. |
| 76 |
## </summary> |
| 77 |
## <param name="domain"> |
| 78 |
## <summary> |
| 79 |
-## Type to be used for labeled ipsec. |
| 80 |
+## Domain allowed access. |
| 81 |
## </summary> |
| 82 |
## </param> |
| 83 |
# |
| 84 |
|
| 85 |
diff --git a/policy/modules/kernel/devices.if b/policy/modules/kernel/devices.if |
| 86 |
index 591b932..9615efd 100644 |
| 87 |
--- a/policy/modules/kernel/devices.if |
| 88 |
+++ b/policy/modules/kernel/devices.if |
| 89 |
@@ -227,7 +227,7 @@ interface(`dev_add_entry_generic_dirs',` |
| 90 |
|
| 91 |
######################################## |
| 92 |
## <summary> |
| 93 |
-## Add entries to directories in /dev. |
| 94 |
+## Remove entries from directories in /dev. |
| 95 |
## </summary> |
| 96 |
## <param name="domain"> |
| 97 |
## <summary> |
| 98 |
@@ -2023,7 +2023,7 @@ interface(`dev_read_input',` |
| 99 |
|
| 100 |
######################################## |
| 101 |
## <summary> |
| 102 |
-## Read input event devices (/dev/input). |
| 103 |
+## Read and write input event devices (/dev/input). |
| 104 |
## </summary> |
| 105 |
## <param name="domain"> |
| 106 |
## <summary> |
| 107 |
|
| 108 |
diff --git a/policy/modules/kernel/domain.if b/policy/modules/kernel/domain.if |
| 109 |
index 3420b3a..92cc408 100644 |
| 110 |
--- a/policy/modules/kernel/domain.if |
| 111 |
+++ b/policy/modules/kernel/domain.if |
| 112 |
@@ -1155,7 +1155,7 @@ interface(`domain_getattr_all_stream_sockets',` |
| 113 |
######################################## |
| 114 |
## <summary> |
| 115 |
## Do not audit attempts to get the attributes |
| 116 |
-## of all domains unix datagram sockets. |
| 117 |
+## of all domains unix stream sockets. |
| 118 |
## </summary> |
| 119 |
## <param name="domain"> |
| 120 |
## <summary> |
| 121 |
|
| 122 |
diff --git a/policy/modules/kernel/files.if b/policy/modules/kernel/files.if |
| 123 |
index 20acc0e..dc13e31 100644 |
| 124 |
--- a/policy/modules/kernel/files.if |
| 125 |
+++ b/policy/modules/kernel/files.if |
| 126 |
@@ -1317,7 +1317,7 @@ interface(`files_relabelto_all_file_type_fs',` |
| 127 |
|
| 128 |
######################################## |
| 129 |
## <summary> |
| 130 |
-## Relabel a filesystem to the type of a file. |
| 131 |
+## Relabel a filesystem to and from the type of a file. |
| 132 |
## </summary> |
| 133 |
## <param name="domain"> |
| 134 |
## <summary> |
| 135 |
|
| 136 |
diff --git a/policy/modules/kernel/filesystem.if b/policy/modules/kernel/filesystem.if |
| 137 |
index b9b30da..c5a1ad1 100644 |
| 138 |
--- a/policy/modules/kernel/filesystem.if |
| 139 |
+++ b/policy/modules/kernel/filesystem.if |
| 140 |
@@ -1399,7 +1399,7 @@ interface(`fs_read_cifs_named_pipes',` |
| 141 |
|
| 142 |
######################################## |
| 143 |
## <summary> |
| 144 |
-## Read named pipes |
| 145 |
+## Read named sockets |
| 146 |
## on a CIFS or SMB network filesystem. |
| 147 |
## </summary> |
| 148 |
## <param name="domain"> |
| 149 |
@@ -2360,8 +2360,8 @@ interface(`fs_getattr_iso9660_fs',` |
| 150 |
|
| 151 |
######################################## |
| 152 |
## <summary> |
| 153 |
-## Read files on an iso9660 filesystem, which |
| 154 |
-## is usually used on CDs. |
| 155 |
+## Get the attributes of files on an iso9660 |
| 156 |
+## filesystem, which is usually used on CDs. |
| 157 |
## </summary> |
| 158 |
## <param name="domain"> |
| 159 |
## <summary> |
| 160 |
@@ -2759,7 +2759,8 @@ interface(`fs_read_nfs_named_pipes',` |
| 161 |
|
| 162 |
######################################## |
| 163 |
## <summary> |
| 164 |
-## Read directories of RPC file system pipes. |
| 165 |
+## Get the attributes of directories of RPC |
| 166 |
+## file system pipes. |
| 167 |
## </summary> |
| 168 |
## <param name="domain"> |
| 169 |
## <summary> |
| 170 |
|
| 171 |
diff --git a/policy/modules/kernel/kernel.if b/policy/modules/kernel/kernel.if |
| 172 |
index 5f2f78e..5af202c 100644 |
| 173 |
--- a/policy/modules/kernel/kernel.if |
| 174 |
+++ b/policy/modules/kernel/kernel.if |
| 175 |
@@ -1087,7 +1087,7 @@ interface(`kernel_dontaudit_read_system_state',` |
| 176 |
######################################## |
| 177 |
## <summary> |
| 178 |
## Do not audit attempts by caller to |
| 179 |
-## read system state information in proc. |
| 180 |
+## read symbolic links in proc. |
| 181 |
## </summary> |
| 182 |
## <param name="domain"> |
| 183 |
## <summary> |
| 184 |
|
| 185 |
diff --git a/policy/modules/kernel/storage.if b/policy/modules/kernel/storage.if |
| 186 |
index 5c1be6b..0292eee 100644 |
| 187 |
--- a/policy/modules/kernel/storage.if |
| 188 |
+++ b/policy/modules/kernel/storage.if |
| 189 |
@@ -210,7 +210,7 @@ interface(`storage_create_fixed_disk_dev',` |
| 190 |
|
| 191 |
######################################## |
| 192 |
## <summary> |
| 193 |
-## Allow the caller to create fixed disk device nodes. |
| 194 |
+## Allow the caller to delete fixed disk device nodes. |
| 195 |
## </summary> |
| 196 |
## <param name="domain"> |
| 197 |
## <summary> |
| 198 |
@@ -738,7 +738,7 @@ interface(`storage_read_tape',` |
| 199 |
|
| 200 |
######################################## |
| 201 |
## <summary> |
| 202 |
-## Allow the caller to directly read |
| 203 |
+## Allow the caller to directly write |
| 204 |
## a tape device. |
| 205 |
## </summary> |
| 206 |
## <param name="domain"> |
| 207 |
|
| 208 |
diff --git a/policy/modules/system/iptables.if b/policy/modules/system/iptables.if |
| 209 |
index 5d2b406..00c49c6 100644 |
| 210 |
--- a/policy/modules/system/iptables.if |
| 211 |
+++ b/policy/modules/system/iptables.if |
| 212 |
@@ -70,7 +70,8 @@ interface(`iptables_exec',` |
| 213 |
|
| 214 |
##################################### |
| 215 |
## <summary> |
| 216 |
-## Execute iptables in the iptables domain. |
| 217 |
+## Execute iptables init scripts in |
| 218 |
+## the init script domain. |
| 219 |
## </summary> |
| 220 |
## <param name="domain"> |
| 221 |
## <summary> |
| 222 |
|
| 223 |
diff --git a/policy/modules/system/locallogin.if b/policy/modules/system/locallogin.if |
| 224 |
index 4305a86..d99475c 100644 |
| 225 |
--- a/policy/modules/system/locallogin.if |
| 226 |
+++ b/policy/modules/system/locallogin.if |
| 227 |
@@ -135,7 +135,7 @@ interface(`locallogin_link_keys',` |
| 228 |
|
| 229 |
######################################## |
| 230 |
## <summary> |
| 231 |
-## Execute local logins in the local login domain. |
| 232 |
+## Execute single-user logins in the single-user login domain. |
| 233 |
## </summary> |
| 234 |
## <param name="domain"> |
| 235 |
## <summary> |
| 236 |
|
| 237 |
diff --git a/policy/modules/system/miscfiles.if b/policy/modules/system/miscfiles.if |
| 238 |
index d9220f7..63ed47f 100644 |
| 239 |
--- a/policy/modules/system/miscfiles.if |
| 240 |
+++ b/policy/modules/system/miscfiles.if |
| 241 |
@@ -823,7 +823,8 @@ interface(`miscfiles_read_test_files',` |
| 242 |
|
| 243 |
######################################## |
| 244 |
## <summary> |
| 245 |
-## Execute test files. |
| 246 |
+## Create files in etc directories |
| 247 |
+## with localization file type. |
| 248 |
## </summary> |
| 249 |
## <param name="domain"> |
| 250 |
## <summary> |
| 251 |
|
| 252 |
diff --git a/policy/modules/system/modutils.if b/policy/modules/system/modutils.if |
| 253 |
index c1b049c..a5222e2 100644 |
| 254 |
--- a/policy/modules/system/modutils.if |
| 255 |
+++ b/policy/modules/system/modutils.if |
| 256 |
@@ -253,7 +253,7 @@ interface(`modutils_domtrans_depmod',` |
| 257 |
|
| 258 |
######################################## |
| 259 |
## <summary> |
| 260 |
-## Execute depmod in the depmod domain. |
| 261 |
+## Execute update_modules in the update_modules domain. |
| 262 |
## </summary> |
| 263 |
## <param name="domain"> |
| 264 |
## <summary> |
| 265 |
|
| 266 |
diff --git a/policy/modules/system/selinuxutil.if b/policy/modules/system/selinuxutil.if |
| 267 |
index bcb4330..55d2429 100644 |
| 268 |
--- a/policy/modules/system/selinuxutil.if |
| 269 |
+++ b/policy/modules/system/selinuxutil.if |
| 270 |
@@ -762,7 +762,7 @@ interface(`seutil_manage_config',` |
| 271 |
####################################### |
| 272 |
## <summary> |
| 273 |
## Create, read, write, and delete |
| 274 |
-## the general selinux configuration files. |
| 275 |
+## the general selinux configuration directories. |
| 276 |
## </summary> |
| 277 |
## <param name="domain"> |
| 278 |
## <summary> |
| 279 |
|
| 280 |
diff --git a/policy/modules/system/userdomain.if b/policy/modules/system/userdomain.if |
| 281 |
index ea03e86..e341a1c 100644 |
| 282 |
--- a/policy/modules/system/userdomain.if |
| 283 |
+++ b/policy/modules/system/userdomain.if |
| 284 |
@@ -1625,7 +1625,7 @@ interface(`userdom_dontaudit_list_user_home_dirs',` |
| 285 |
|
| 286 |
######################################## |
| 287 |
## <summary> |
| 288 |
-## Create user home directories. |
| 289 |
+## Manage user home directories. |
| 290 |
## </summary> |
| 291 |
## <param name="domain"> |
| 292 |
## <summary> |
| 293 |
@@ -1968,7 +1968,7 @@ interface(`userdom_dontaudit_append_user_home_content_files',` |
| 294 |
|
| 295 |
######################################## |
| 296 |
## <summary> |
| 297 |
-## Do not audit attempts to write user home files. |
| 298 |
+## Do not audit attempts to relabel user home files. |
| 299 |
## </summary> |
| 300 |
## <param name="domain"> |
| 301 |
## <summary> |
| 302 |
@@ -2248,8 +2248,9 @@ interface(`userdom_manage_user_home_content_sockets',` |
| 303 |
|
| 304 |
######################################## |
| 305 |
## <summary> |
| 306 |
-## Create objects in a user home directory |
| 307 |
-## with an automatic type transition to |
| 308 |
+## Create objects in a directory located |
| 309 |
+## in a user home directory with an |
| 310 |
+## automatic type transition to |
| 311 |
## a specified private type. |
| 312 |
## </summary> |
| 313 |
## <param name="domain"> |
| 314 |
@@ -2711,7 +2712,7 @@ interface(`userdom_tmp_filetrans_user_tmp',` |
| 315 |
|
| 316 |
######################################## |
| 317 |
## <summary> |
| 318 |
-## Read user tmpfs files. |
| 319 |
+## Read and write user tmpfs files. |
| 320 |
## </summary> |
| 321 |
## <param name="domain"> |
| 322 |
## <summary> |
| 323 |
@@ -2978,7 +2979,7 @@ interface(`userdom_spec_domtrans_all_users',` |
| 324 |
|
| 325 |
######################################## |
| 326 |
## <summary> |
| 327 |
-## Execute an Xserver session in all unprivileged user domains. This |
| 328 |
+## Execute an Xserver session in all user domains. This |
| 329 |
## is an explicit transition, requiring the |
| 330 |
## caller to use setexeccon(). |
| 331 |
## </summary> |
Archives