[gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/kernel/, policy/modules/admin/, policy/modules/system/

Jason Zaman Sat, 30 Jan 2016 09:21:59 -0800

commit:     0a8aa1bfe479e36ab9fa014dccccbec5b3c59b0b
Author:     Nicolas Iooss <nicolas.iooss <AT> m4x <DOT> org>
AuthorDate: Mon Jan 18 23:01:10 2016 +0000
Commit:     Jason Zaman <perfinion <AT> gentoo <DOT> org>
CommitDate: Sat Jan 30 17:16:57 2016 +0000
URL:        
https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=0a8aa1bf


Fix interface descriptions when duplicate ones are found

Distinct interfaces should have different comments

 policy/modules/admin/bootloader.if      |  4 ++--
 policy/modules/kernel/corecommands.if   |  4 ++--
 policy/modules/kernel/corenetwork.if.in |  6 +++---
 policy/modules/kernel/devices.if        |  4 ++--
 policy/modules/kernel/domain.if         |  2 +-
 policy/modules/kernel/files.if          |  2 +-
 policy/modules/kernel/filesystem.if     |  9 +++++----
 policy/modules/kernel/kernel.if         |  2 +-
 policy/modules/kernel/storage.if        |  4 ++--
 policy/modules/system/iptables.if       |  3 ++-
 policy/modules/system/locallogin.if     |  2 +-
 policy/modules/system/miscfiles.if      |  3 ++-
 policy/modules/system/modutils.if       |  2 +-
 policy/modules/system/selinuxutil.if    |  2 +-
 policy/modules/system/userdomain.if     | 13 +++++++------
 15 files changed, 33 insertions(+), 29 deletions(-)

diff --git a/policy/modules/admin/bootloader.if 
b/policy/modules/admin/bootloader.if
index cc8df9d..185f749 100644
--- a/policy/modules/admin/bootloader.if
+++ b/policy/modules/admin/bootloader.if
@@ -124,8 +124,8 @@ interface(`bootloader_rw_tmp_files',`
 
 ########################################
 ## <summary>
-##     Read and write the bootloader
-##     temporary data in /tmp.
+##     Create, read and write the bootloader
+##     runtime data.
 ## </summary>
 ## <param name="domain">
 ##     <summary>

diff --git a/policy/modules/kernel/corecommands.if 
b/policy/modules/kernel/corecommands.if
index 917b160..60c1feb 100644
--- a/policy/modules/kernel/corecommands.if
+++ b/policy/modules/kernel/corecommands.if
@@ -199,11 +199,11 @@ interface(`corecmd_getattr_bin_files',`
 
 ########################################
 ## <summary>
-##     Get the attributes of files in bin directories.
+##     Do not audit attempts to get the attributes of files in bin directories.
 ## </summary>
 ## <param name="domain">
 ##     <summary>
-##     Domain allowed access.
+##     Domain to not audit.
 ##     </summary>
 ## </param>
 #

diff --git a/policy/modules/kernel/corenetwork.if.in 
b/policy/modules/kernel/corenetwork.if.in
index 6e0bb9f..4babd24 100644
--- a/policy/modules/kernel/corenetwork.if.in
+++ b/policy/modules/kernel/corenetwork.if.in
@@ -2753,12 +2753,12 @@ interface(`corenet_all_recvfrom_labeled',`
 
 ########################################
 ## <summary>
-##     Make the specified type usable
-##     for labeled ipsec.
+##     Allow specified type to set the context of
+##     a SPD entry for labeled ipsec associations.
 ## </summary>
 ## <param name="domain">
 ##     <summary>
-##     Type to be used for labeled ipsec.
+##     Domain allowed access.
 ##     </summary>
 ## </param>
 #

diff --git a/policy/modules/kernel/devices.if b/policy/modules/kernel/devices.if
index 591b932..9615efd 100644
--- a/policy/modules/kernel/devices.if
+++ b/policy/modules/kernel/devices.if
@@ -227,7 +227,7 @@ interface(`dev_add_entry_generic_dirs',`
 
 ########################################
 ## <summary>
-##     Add entries to directories in /dev.
+##     Remove entries from directories in /dev.
 ## </summary>
 ## <param name="domain">
 ##     <summary>
@@ -2023,7 +2023,7 @@ interface(`dev_read_input',`
 
 ########################################
 ## <summary>
-##     Read input event devices (/dev/input).
+##     Read and write input event devices (/dev/input).
 ## </summary>
 ## <param name="domain">
 ##     <summary>

diff --git a/policy/modules/kernel/domain.if b/policy/modules/kernel/domain.if
index 3420b3a..92cc408 100644
--- a/policy/modules/kernel/domain.if
+++ b/policy/modules/kernel/domain.if
@@ -1155,7 +1155,7 @@ interface(`domain_getattr_all_stream_sockets',`
 ########################################
 ## <summary>
 ##     Do not audit attempts to get the attributes
-##     of all domains unix datagram sockets.
+##     of all domains unix stream sockets.
 ## </summary>
 ## <param name="domain">
 ##     <summary>

diff --git a/policy/modules/kernel/files.if b/policy/modules/kernel/files.if
index 20acc0e..dc13e31 100644
--- a/policy/modules/kernel/files.if
+++ b/policy/modules/kernel/files.if
@@ -1317,7 +1317,7 @@ interface(`files_relabelto_all_file_type_fs',`
 
 ########################################
 ## <summary>
-##     Relabel a filesystem to the type of a file.
+##     Relabel a filesystem to and from the type of a file.
 ## </summary>
 ## <param name="domain">
 ##     <summary>

diff --git a/policy/modules/kernel/filesystem.if 
b/policy/modules/kernel/filesystem.if
index b9b30da..c5a1ad1 100644
--- a/policy/modules/kernel/filesystem.if
+++ b/policy/modules/kernel/filesystem.if
@@ -1399,7 +1399,7 @@ interface(`fs_read_cifs_named_pipes',`
 
 ########################################
 ## <summary>
-##     Read named pipes
+##     Read named sockets
 ##     on a CIFS or SMB network filesystem.
 ## </summary>
 ## <param name="domain">
@@ -2360,8 +2360,8 @@ interface(`fs_getattr_iso9660_fs',`
 
 ########################################
 ## <summary>
-##     Read files on an iso9660 filesystem, which
-##     is usually used on CDs.
+##     Get the attributes of files on an iso9660
+##     filesystem, which is usually used on CDs.
 ## </summary>
 ## <param name="domain">
 ##     <summary>
@@ -2759,7 +2759,8 @@ interface(`fs_read_nfs_named_pipes',`
 
 ########################################
 ## <summary>
-##     Read directories of RPC file system pipes.
+##     Get the attributes of directories of RPC
+##     file system pipes.
 ## </summary>
 ## <param name="domain">
 ##     <summary>

diff --git a/policy/modules/kernel/kernel.if b/policy/modules/kernel/kernel.if
index 5f2f78e..5af202c 100644
--- a/policy/modules/kernel/kernel.if
+++ b/policy/modules/kernel/kernel.if
@@ -1087,7 +1087,7 @@ interface(`kernel_dontaudit_read_system_state',`
 ########################################
 ## <summary>
 ##     Do not audit attempts by caller to
-##     read system state information in proc.
+##     read symbolic links in proc.
 ## </summary>
 ## <param name="domain">
 ##     <summary>

diff --git a/policy/modules/kernel/storage.if b/policy/modules/kernel/storage.if
index 5c1be6b..0292eee 100644
--- a/policy/modules/kernel/storage.if
+++ b/policy/modules/kernel/storage.if
@@ -210,7 +210,7 @@ interface(`storage_create_fixed_disk_dev',`
 
 ########################################
 ## <summary>
-##     Allow the caller to create fixed disk device nodes.
+##     Allow the caller to delete fixed disk device nodes.
 ## </summary>
 ## <param name="domain">
 ##     <summary>
@@ -738,7 +738,7 @@ interface(`storage_read_tape',`
 
 ########################################
 ## <summary>
-##     Allow the caller to directly read
+##     Allow the caller to directly write
 ##     a tape device.
 ## </summary>
 ## <param name="domain">

diff --git a/policy/modules/system/iptables.if 
b/policy/modules/system/iptables.if
index 5d2b406..00c49c6 100644
--- a/policy/modules/system/iptables.if
+++ b/policy/modules/system/iptables.if
@@ -70,7 +70,8 @@ interface(`iptables_exec',`
 
 #####################################
 ## <summary>
-##     Execute iptables in the iptables domain.
+##     Execute iptables init scripts in
+##     the init script domain.
 ## </summary>
 ## <param name="domain">
 ##     <summary>

diff --git a/policy/modules/system/locallogin.if 
b/policy/modules/system/locallogin.if
index 4305a86..d99475c 100644
--- a/policy/modules/system/locallogin.if
+++ b/policy/modules/system/locallogin.if
@@ -135,7 +135,7 @@ interface(`locallogin_link_keys',`
 
 ########################################
 ## <summary>
-##     Execute local logins in the local login domain.
+##     Execute single-user logins in the single-user login domain.
 ## </summary>
 ## <param name="domain">
 ##     <summary>

diff --git a/policy/modules/system/miscfiles.if 
b/policy/modules/system/miscfiles.if
index d9220f7..63ed47f 100644
--- a/policy/modules/system/miscfiles.if
+++ b/policy/modules/system/miscfiles.if
@@ -823,7 +823,8 @@ interface(`miscfiles_read_test_files',`
 
 ########################################
 ## <summary>
-##     Execute test files.
+##     Create files in etc directories
+##     with localization file type.
 ## </summary>
 ## <param name="domain">
 ##     <summary>

diff --git a/policy/modules/system/modutils.if 
b/policy/modules/system/modutils.if
index c1b049c..a5222e2 100644
--- a/policy/modules/system/modutils.if
+++ b/policy/modules/system/modutils.if
@@ -253,7 +253,7 @@ interface(`modutils_domtrans_depmod',`
 
 ########################################
 ## <summary>
-##     Execute depmod in the depmod domain.
+##     Execute update_modules in the update_modules domain.
 ## </summary>
 ## <param name="domain">
 ##     <summary>

diff --git a/policy/modules/system/selinuxutil.if 
b/policy/modules/system/selinuxutil.if
index bcb4330..55d2429 100644
--- a/policy/modules/system/selinuxutil.if
+++ b/policy/modules/system/selinuxutil.if
@@ -762,7 +762,7 @@ interface(`seutil_manage_config',`
 #######################################
 ## <summary>
 ##     Create, read, write, and delete
-##     the general selinux configuration files.
+##     the general selinux configuration directories.
 ## </summary>
 ## <param name="domain">
 ##     <summary>

diff --git a/policy/modules/system/userdomain.if 
b/policy/modules/system/userdomain.if
index ea03e86..e341a1c 100644
--- a/policy/modules/system/userdomain.if
+++ b/policy/modules/system/userdomain.if
@@ -1625,7 +1625,7 @@ interface(`userdom_dontaudit_list_user_home_dirs',`
 
 ########################################
 ## <summary>
-##     Create user home directories.
+##     Manage user home directories.
 ## </summary>
 ## <param name="domain">
 ##     <summary>
@@ -1968,7 +1968,7 @@ 
interface(`userdom_dontaudit_append_user_home_content_files',`
 
 ########################################
 ## <summary>
-##     Do not audit attempts to write user home files.
+##     Do not audit attempts to relabel user home files.
 ## </summary>
 ## <param name="domain">
 ##     <summary>
@@ -2248,8 +2248,9 @@ interface(`userdom_manage_user_home_content_sockets',`
 
 ########################################
 ## <summary>
-##     Create objects in a user home directory
-##     with an automatic type transition to
+##     Create objects in a directory located
+##     in a user home directory with an
+##     automatic type transition to
 ##     a specified private type.
 ## </summary>
 ## <param name="domain">
@@ -2711,7 +2712,7 @@ interface(`userdom_tmp_filetrans_user_tmp',`
 
 ########################################
 ## <summary>
-##     Read user tmpfs files.
+##     Read and write user tmpfs files.
 ## </summary>
 ## <param name="domain">
 ##     <summary>
@@ -2978,7 +2979,7 @@ interface(`userdom_spec_domtrans_all_users',`
 
 ########################################
 ## <summary>
-##     Execute an Xserver session in all unprivileged user domains.  This
+##     Execute an Xserver session in all user domains.  This
 ##     is an explicit transition, requiring the
 ##     caller to use setexeccon().
 ## </summary>

[gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/kernel/, policy/modules/admin/, policy/modules/system/

Reply via email to