trunk: additional whitespace fixes.

2008-10-17 15:52:39 +00:00 · 2008-10-17 15:52:39 +00:00 · 2a98379a24
commit 2a98379a24
parent 88cf0a9c2b
43 changed files with 106 additions and 121 deletions
--- a/policy/modules/apps/cdrecord.if
+++ b/policy/modules/apps/cdrecord.if
@ -68,7 +68,7 @@ template(`cdrecord_per_role_template', `
 	# allow searching for cdrom-drive
 	dev_list_all_dev_nodes($1_cdrecord_t) 
-	
+
 	domain_interactive_fd($1_cdrecord_t)
 	domain_use_interactive_fds($1_cdrecord_t)
@ -80,7 +80,7 @@ template(`cdrecord_per_role_template', `
 	# allow cdrecord to write the CD
 	storage_raw_write_removable_device($1_cdrecord_t)
 	storage_write_scsi_generic($1_cdrecord_t)
-	
+
 	libs_use_ld_so($1_cdrecord_t)
 	libs_use_shared_libs($1_cdrecord_t)
@ -100,7 +100,7 @@ template(`cdrecord_per_role_template', `
 		files_list_home($1_cdrecord_t)
 		fs_read_nfs_files($1_cdrecord_t)
 		fs_read_nfs_symlinks($1_cdrecord_t)
-	
+
 	',`
 		files_dontaudit_list_home($1_cdrecord_t)
 		fs_dontaudit_list_auto_mountpoints($1_cdrecord_t)
@ -119,7 +119,7 @@ template(`cdrecord_per_role_template', `
 		fs_dontaudit_read_cifs_files($1_cdrecord_t)
 		fs_dontaudit_list_cifs($1_cdrecord_t)
 	')
-	
+
 	# Handle removable media, /tmp, and /home
 	tunable_policy(`cdrecord_read_content',`
 		userdom_list_user_tmp($1, $1_cdrecord_t)
@ -128,7 +128,7 @@ template(`cdrecord_per_role_template', `
 		userdom_search_user_home_dirs($1, $1_cdrecord_t)
 		userdom_read_user_home_content_files($1, $1_cdrecord_t)
 		userdom_read_user_home_content_symlinks($1, $1_cdrecord_t)
-		
+
 		ifdef(`enable_mls',`
 		',`
 			fs_search_removable($1_cdrecord_t)
@ -145,7 +145,7 @@ template(`cdrecord_per_role_template', `
 		userdom_dontaudit_list_user_home_dirs($1, $1_cdrecord_t)
 		userdom_dontaudit_read_user_home_content_files($1, $1_cdrecord_t)
 	')
-	
+
 	# Handle default_t content
 	tunable_policy(`cdrecord_read_content && read_default_t',`
 		files_list_default($1_cdrecord_t)
@ -155,7 +155,7 @@ template(`cdrecord_per_role_template', `
 		files_dontaudit_read_default_files($1_cdrecord_t)
 		files_dontaudit_list_default($1_cdrecord_t)
 	')
-	
+
 	# Handle untrusted content
 	tunable_policy(`cdrecord_read_content && read_untrusted_content',`
 		files_list_tmp($1_cdrecord_t)
@ -183,7 +183,7 @@ template(`cdrecord_per_role_template', `
 		fs_read_nfs_files($1_cdrecord_t)
 		fs_read_nfs_symlinks($1_cdrecord_t)
 	')
-	
+
 	optional_policy(`
 		resmgr_stream_connect($1_cdrecord_t)
 	')
--- a/policy/modules/apps/ethereal.if
+++ b/policy/modules/apps/ethereal.if
@ -114,7 +114,7 @@ template(`ethereal_per_role_template',`
 	corenet_tcp_connect_generic_port($1_ethereal_t)
 	corenet_tcp_sendrecv_generic_if($1_ethereal_t)
-	
+
 	dev_read_urand($1_ethereal_t)
 	files_read_etc_files($1_ethereal_t)
@ -135,7 +135,7 @@ template(`ethereal_per_role_template',`
 	sysnet_read_config($1_ethereal_t)
 	userdom_manage_user_home_content_files($1, $1_ethereal_t)
-	
+
 	tunable_policy(`use_nfs_home_dirs',`
 		fs_manage_nfs_dirs($1_ethereal_t)
 		fs_manage_nfs_files($1_ethereal_t)
@ -162,7 +162,7 @@ template(`ethereal_per_role_template',`
 		xserver_user_x_domain_template($1, $1_ethereal, $1_ethereal_t, $1_ethereal_tmpfs_t)
 		xserver_create_xdm_tmp_sockets($1_ethereal_t)
 	')
-	
+
 	ifdef(`TODO',`
 		# Why does it write this?
 		optional_policy(`
@ -173,7 +173,7 @@ template(`ethereal_per_role_template',`
 		gnome_file_dialog($1_ethereal, $1)
 		# FIXME: policy is incomplete
 	')
-	
+
 ')
 #######################################
@ -204,7 +204,7 @@ template(`ethereal_admin_template',`
 	allow $1_ethereal_t self:packet_socket create_socket_perms;
 	allow $1_ethereal_t self:unix_stream_socket create_stream_socket_perms;
 	allow $1_ethereal_t self:tcp_socket create_socket_perms;
-	
+
 	userdom_use_user_terminals($1, $1_ethereal_t)
 	# Ethereal tries to write to user terminal
 	userdom_dontaudit_use_user_terminals($1, $1_ethereal_t)
--- a/policy/modules/apps/evolution.if
+++ b/policy/modules/apps/evolution.if
@ -53,7 +53,7 @@ template(`evolution_per_role_template',`
 	type $1_evolution_orbit_tmp_t;
 	files_tmp_file($1_evolution_orbit_tmp_t)
-	
+
 	type $1_evolution_alarm_t;
 	application_domain($1_evolution_alarm_t, evolution_alarm_exec_t)
 	role $3 types $1_evolution_alarm_t;
@ -153,7 +153,7 @@ template(`evolution_per_role_template',`
 	allow $1_evolution_t $2:file read;
 	domain_auto_trans($2, evolution_exec_t, $1_evolution_t)
-	
+
 	allow $2 $1_evolution_t:unix_stream_socket connectto;
 	allow $2 $1_evolution_t:process noatsecure;
 	allow $2 $1_evolution_t:process signal_perms;
@ -267,7 +267,7 @@ template(`evolution_per_role_template',`
 		files_list_home($1_evolution_t)
 		fs_read_nfs_files($1_evolution_t)
 		fs_read_nfs_symlinks($1_evolution_t)
-	
+
 	',`
 		files_dontaudit_list_home($1_evolution_t)
 		fs_dontaudit_list_auto_mountpoints($1_evolution_t)
@ -294,7 +294,7 @@ template(`evolution_per_role_template',`
 		userdom_search_user_home_dirs($1, $1_evolution_t)
 		userdom_read_user_home_content_files($1, $1_evolution_t)
 		userdom_read_user_home_content_symlinks($1, $1_evolution_t)
-		
+
 		ifndef(`enable_mls',`
 			fs_search_removable($1_evolution_t)
 			fs_read_removable_files($1_evolution_t)
@ -324,7 +324,7 @@ template(`evolution_per_role_template',`
 		files_list_tmp($1_evolution_t)
 		files_list_home($1_evolution_t)
 		userdom_search_user_home_dirs($1,$1_evolution_t)
-	
+
 		userdom_list_user_untrusted_content($1, $1_evolution_t)
 		userdom_read_user_untrusted_content_files($1, $1_evolution_t)
 		userdom_read_user_untrusted_content_symlinks($1, $1_evolution_t)
@ -343,7 +343,7 @@ template(`evolution_per_role_template',`
 	tunable_policy(`write_untrusted_content && use_nfs_home_dirs',`
 		files_search_home($1_evolution_t)
-	
+
 		fs_search_auto_mountpoints($1_evolution_t)
 		fs_manage_nfs_dirs($1_evolution_t)
 		fs_manage_nfs_files($1_evolution_t)
@ -356,7 +356,7 @@ template(`evolution_per_role_template',`
 	tunable_policy(`write_untrusted_content && use_samba_home_dirs',`
 		files_search_home($1_evolution_t)
-	
+
 		fs_search_auto_mountpoints($1_evolution_t)
 		fs_manage_cifs_dirs($1_evolution_t)
 		fs_manage_cifs_files($1_evolution_t)
@ -369,7 +369,7 @@ template(`evolution_per_role_template',`
 	tunable_policy(`write_untrusted_content',`
 		files_search_home($1_evolution_t)
-	
+
 		userdom_manage_user_untrusted_content_files($1, $1_evolution_t)
 		userdom_user_home_dir_filetrans($1, $1_evolution_t, $1_untrusted_content_tmp_t, { file dir })
 		userdom_user_home_content_filetrans($1, $1_evolution_t, $1_untrusted_content_tmp_t, { file dir })
@ -377,7 +377,7 @@ template(`evolution_per_role_template',`
 	',`
 		files_dontaudit_list_home($1_evolution_t)
 		files_dontaudit_list_tmp($1_evolution_t)
-	
+
 		userdom_dontaudit_list_user_home_dirs($1, $1_evolution_t)
 		#userdom_dontaudit_manage_user_tmp($1,$1_evolution_t)
 		#userdom_dontaudit_manage_user_tmp_files($1,$1_evolution_t)
@ -449,12 +449,12 @@ template(`evolution_per_role_template',`
 		# (different from home, not directly accessible from ROLE_t)
 		type $1_evolutioin_secret_t;
 		userdom_user_home_content($1,$1_evolutioin_secret_t)
-	
+
 		# Put secret files in .gnome2_private
 		allow $1_evolution_t $1_gnome_secret_t:dir rw_dir_perms;
 		allow $1_evolution_t $1_evolutioin_secret_t:file manage_file_perms;
 		type_transition $1_evolution_t $1_gnome_secret_t:file $1_evolutioin_secret_t;
-	
+
 		allow $2 $1_evolution_secret_t:file unlink;
 		ifdef(`TODO',`
@ -503,7 +503,7 @@ template(`evolution_per_role_template',`
 	libs_use_ld_so($1_evolution_alarm_t)
 	libs_use_shared_libs($1_evolution_alarm_t)
-	
+
 	miscfiles_read_localization($1_evolution_alarm_t)
 	# Access evolution home
@ -588,7 +588,7 @@ template(`evolution_per_role_template',`
 	# Transition from user domain
 	domain_auto_trans($2, evolution_exchange_exec_t, $1_evolution_exchange_t)
-	
+
 	kernel_read_network_state($1_evolution_exchange_t)
 	kernel_read_net_sysctls($1_evolution_exchange_t)
@ -607,7 +607,7 @@ template(`evolution_per_role_template',`
 	libs_use_shared_libs($1_evolution_exchange_t)
 	miscfiles_read_localization($1_evolution_exchange_t)
-	 
+
 	# Access evolution home
 	userdom_search_user_home_dirs($1, $1_evolution_exchange_t)
 	# FIXME: suppress access to .local/.icons/.themes until properly implemented
@ -629,7 +629,7 @@ template(`evolution_per_role_template',`
 	optional_policy(`
 		gnome_stream_connect_gconf_template($1, $1_evolution_exchange_t)
 	')
-	
+
 	optional_policy(`
 		nscd_socket_use($1_evolution_exchange_t)
 	')
@ -740,7 +740,7 @@ template(`evolution_per_role_template',`
 	#
 	allow $1_evolution_webcal_t self:tcp_socket create_socket_perms;
-	
+
 	# X/evolution common stuff
 	allow $1_evolution_webcal_t $1_evolution_webcal_tmpfs_t:dir rw_dir_perms;
 	allow $1_evolution_webcal_t $1_evolution_webcal_tmpfs_t:file manage_file_perms;
--- a/policy/modules/apps/games.if
+++ b/policy/modules/apps/games.if
@ -55,7 +55,7 @@ template(`games_per_role_template',`
 	type $1_games_tmp_t;
 	files_tmp_file($1_games_tmp_t)
-	
+
 	########################################
 	#
 	# Local policy
@ -136,7 +136,7 @@ template(`games_per_role_template',`
 	userdom_manage_user_tmp_sockets($1,$1_games_t)
 	# Suppress .icons denial until properly implemented
 	userdom_dontaudit_read_user_home_content_files($1,$1_games_t)
-	
+
 	tunable_policy(`allow_execmem',`
 		allow $1_games_t self:process execmem;
 	')
--- a/policy/modules/apps/gnome.if
+++ b/policy/modules/apps/gnome.if
@ -108,7 +108,7 @@ template(`gnome_per_role_template',`
 		xserver_rw_xdm_pipes($1_gconfd_t)
 	')
 ')
-	
+
 ########################################
 ## <summary>
 ##	gconf connection template.
--- a/policy/modules/apps/irc.if
+++ b/policy/modules/apps/irc.if
@ -55,7 +55,7 @@ template(`irc_per_role_template',`
 	type $1_irc_tmp_t;
 	userdom_user_home_content($1, $1_irc_tmp_t)
-	
+
 	########################################
 	#
 	# Local policy
@ -80,13 +80,13 @@ template(`irc_per_role_template',`
 	# Transition from the user domain to the derived domain.
 	domtrans_pattern($2, irc_exec_t, $1_irc_t)
-	
+
 	allow $2 $1_irc_exec_t:file { relabelfrom relabelto manage_file_perms };
 	# allow ps to show irc
 	ps_process_pattern($2, $1_irc_t)
 	allow $2 $1_irc_t:process signal;
-	
+
 	kernel_read_proc_symlinks($1_irc_t)
 	corenet_all_recvfrom_unlabeled($1_irc_t)
--- a/policy/modules/apps/java.if
+++ b/policy/modules/apps/java.if
@ -36,7 +36,7 @@ template(`java_per_role_template',`
 	gen_require(`
 		type java_exec_t;
 	')
-	
+
 	########################################
 	#
 	# Declarations
@ -45,13 +45,13 @@ template(`java_per_role_template',`
 	type $1_javaplugin_t;
 	application_domain($1_javaplugin_t, java_exec_t)
 	role $3 types $1_javaplugin_t;
-	
+
 	type $1_javaplugin_tmp_t;
 	files_tmp_file($1_javaplugin_tmp_t)
 	type $1_javaplugin_tmpfs_t;
 	files_tmpfs_file($1_javaplugin_tmpfs_t)
-	
+
 	########################################
 	#
 	# Local policy
@ -61,7 +61,7 @@ template(`java_per_role_template',`
 	allow $1_javaplugin_t self:fifo_file rw_fifo_file_perms;
 	allow $1_javaplugin_t self:tcp_socket create_socket_perms;
 	allow $1_javaplugin_t self:udp_socket create_socket_perms;
-	
+
 	allow $1_javaplugin_t $2:unix_stream_socket connectto;
 	allow $1_javaplugin_t $2:unix_stream_socket { read write };
 	userdom_write_user_tmp_sockets($1, $1_javaplugin_t)
@ -80,14 +80,14 @@ template(`java_per_role_template',`
 	read_files_pattern($1_javaplugin_t, $1_home_t, $1_home_t)
 	can_exec($1_javaplugin_t, java_exec_t)
-	
+
 	# The user role is authorized for this domain.
 	domain_auto_trans($1_t, java_exec_t, $1_javaplugin_t)
 	allow $1_javaplugin_t $2:fd use;
 	# Unrestricted inheritance from the caller.
 	allow $2 $1_javaplugin_t:process { noatsecure siginh rlimitinh };
 	allow $1_javaplugin_t $2:process signull;
-	
+
 	kernel_read_all_sysctls($1_javaplugin_t)
 	kernel_search_vm_sysctl($1_javaplugin_t)
 	kernel_read_network_state($1_javaplugin_t)
--- a/policy/modules/apps/lockdev.if
+++ b/policy/modules/apps/lockdev.if
@ -68,14 +68,14 @@ template(`lockdev_per_role_template',`
 	files_read_all_locks($1_lockdev_t)
 	fs_getattr_xattr_fs($1_lockdev_t)
-	
+
 	libs_use_ld_so($1_lockdev_t)
 	libs_use_shared_libs($1_lockdev_t)
 	logging_send_syslog_msg($1_lockdev_t)
 	userdom_use_user_terminals($1, $1_lockdev_t)
-	
+
 	optional_policy(`
 		logging_send_syslog_msg($1_t)
 	')
--- a/policy/modules/apps/mozilla.if
+++ b/policy/modules/apps/mozilla.if
@ -111,7 +111,7 @@ template(`mozilla_per_role_template',`
 	# Allow the user domain to signal/ps.
 	ps_process_pattern($2, $1_mozilla_t)
 	allow $2 $1_mozilla_t:process signal_perms;
-	
+
 	kernel_read_kernel_sysctls($1_mozilla_t)
 	kernel_read_network_state($1_mozilla_t)
 	# Access /proc, sysctl
@ -171,7 +171,7 @@ template(`mozilla_per_role_template',`
 	fs_rw_tmpfs_files($1_mozilla_t)
 	term_dontaudit_getattr_pty_dirs($1_mozilla_t)
-	
+
 	libs_use_ld_so($1_mozilla_t)
 	libs_use_shared_libs($1_mozilla_t)
@ -183,14 +183,14 @@ template(`mozilla_per_role_template',`
 	# Browse the web, connect to printer
 	sysnet_dns_name_resolve($1_mozilla_t)
 	sysnet_read_config($1_mozilla_t)
-	
+
 	userdom_manage_user_home_content_dirs($1, $1_mozilla_t)
 	userdom_manage_user_home_content_files($1, $1_mozilla_t)
 	userdom_manage_user_home_content_symlinks($1, $1_mozilla_t)
 	userdom_manage_user_tmp_dirs($1, $1_mozilla_t)
 	userdom_manage_user_tmp_files($1, $1_mozilla_t)
 	userdom_manage_user_tmp_sockets($1, $1_mozilla_t)
-	
+
 	xserver_user_x_domain_template($1, $1_mozilla, $1_mozilla_t, $1_mozilla_tmpfs_t)
 	xserver_dontaudit_read_xdm_tmp_files($1_mozilla_t)
 	xserver_dontaudit_getattr_xdm_tmp_sockets($1_mozilla_t)
@ -217,7 +217,7 @@ template(`mozilla_per_role_template',`
 		files_list_home($1_mozilla_t)
 		fs_read_nfs_files($1_mozilla_t)
 		fs_read_nfs_symlinks($1_mozilla_t)
-	
+
 	',`
 		files_dontaudit_list_home($1_mozilla_t)
 		fs_dontaudit_list_auto_mountpoints($1_mozilla_t)
@ -244,7 +244,7 @@ template(`mozilla_per_role_template',`
 		userdom_search_user_home_dirs($1, $1_mozilla_t)
 		userdom_read_user_home_content_files($1, $1_mozilla_t)
 		userdom_read_user_home_content_symlinks($1, $1_mozilla_t)
-		
+
 		ifdef(`enable_mls',`',`
 			fs_search_removable($1_mozilla_t)
 			fs_read_removable_files($1_mozilla_t)
@ -274,7 +274,7 @@ template(`mozilla_per_role_template',`
 		files_list_tmp($1_mozilla_t)
 		files_list_home($1_mozilla_t)
 		userdom_search_user_home_dirs($1, $1_mozilla_t)
-	
+
 		userdom_list_user_untrusted_content($1, $1_mozilla_t)
 		userdom_read_user_untrusted_content_files($1, $1_mozilla_t)
 		userdom_read_user_untrusted_content_symlinks($1, $1_mozilla_t)
@ -389,7 +389,7 @@ template(`mozilla_per_role_template',`
 		#domain_auto_trans($1_mozilla_t, evolution_exec_t, $1_evolution_t)
 		#domain_auto_trans($1_mozilla_t, evolution_webcal_exec_t, $1_evolution_webcal_t)
 		#')
-	
+
 		# Macros for mozilla/mozilla (or other browser) domains.
 		# FIXME: Rules were removed to centralize policy in a gnome_app macro
 		# A similar thing might be necessary for mozilla compiled without GNOME
--- a/policy/modules/apps/mplayer.if
+++ b/policy/modules/apps/mplayer.if
@ -70,7 +70,7 @@ template(`mplayer_per_role_template',`
 	allow $1_mencoder_t mplayer_etc_t:dir list_dir_perms;
 	read_files_pattern($1_mencoder_t, mplayer_etc_t, mplayer_etc_t)
 	read_lnk_files_pattern($1_mencoder_t, mplayer_etc_t, mplayer_etc_t)
-	
+
 	# domain transition
 	domtrans_pattern($2, mencoder_exec_t, $1_mencoder_t)
@ -150,7 +150,7 @@ template(`mplayer_per_role_template',`
 		files_list_home($1_mencoder_t)
 		fs_read_nfs_files($1_mencoder_t)
 		fs_read_nfs_symlinks($1_mencoder_t)
-	
+
 	',`
 		files_dontaudit_list_home($1_mencoder_t)
 		fs_dontaudit_list_auto_mountpoints($1_mencoder_t)
@ -182,7 +182,7 @@ template(`mplayer_per_role_template',`
 	tunable_policy(`read_untrusted_content',`
 		files_list_tmp($1_mencoder_t)
 		files_list_home($1_mencoder_t)
-	
+
 		userdom_list_user_untrusted_content($1, $1_mencoder_t)
 		userdom_read_user_untrusted_content_files($1, $1_mencoder_t)
 		userdom_read_user_untrusted_content_symlinks($1, $1_mencoder_t)
@ -342,7 +342,7 @@ template(`mplayer_per_role_template',`
 	userdom_read_user_home_content_symlinks($1, $1_mplayer_t)
 	xserver_user_x_domain_template($1, $1_mplayer, $1_mplayer_t, $1_mplayer_tmpfs_t)
-	
+
 	# Read songs
 	ifdef(`enable_mls',`',`
 		fs_search_removable($1_mplayer_t)
@ -384,7 +384,7 @@ template(`mplayer_per_role_template',`
 		files_list_home($1_mplayer_t)
 		fs_read_nfs_files($1_mplayer_t)
 		fs_read_nfs_symlinks($1_mplayer_t)
-	
+
 	',`
 		files_dontaudit_list_home($1_mplayer_t)
 		fs_dontaudit_list_auto_mountpoints($1_mplayer_t)
@ -416,7 +416,7 @@ template(`mplayer_per_role_template',`
 	tunable_policy(`read_untrusted_content',`
 		files_list_tmp($1_mplayer_t)
 		files_list_home($1_mplayer_t)
-	
+
 		userdom_list_user_untrusted_content($1, $1_mplayer_t)
 		userdom_read_user_untrusted_content_files($1, $1_mplayer_t)
 		userdom_read_user_untrusted_content_symlinks($1, $1_mplayer_t)
--- a/policy/modules/apps/screen.if
+++ b/policy/modules/apps/screen.if
@ -55,7 +55,7 @@ template(`screen_per_role_template',`
 	type $1_screen_var_run_t;
 	files_pid_file($1_screen_var_run_t)
-	
+
 	########################################
 	#
 	# Local policy
@ -97,7 +97,7 @@ template(`screen_per_role_template',`
 	relabel_dirs_pattern($2, $1_screen_ro_home_t, $1_screen_ro_home_t)
 	relabel_files_pattern($2, $1_screen_ro_home_t, $1_screen_ro_home_t)
 	relabel_lnk_files_pattern($2, $1_screen_ro_home_t, $1_screen_ro_home_t)
-	
+
 	kernel_read_system_state($1_screen_t)
 	kernel_read_kernel_sysctls($1_screen_t)
--- a/policy/modules/apps/thunderbird.if
+++ b/policy/modules/apps/thunderbird.if
@ -49,7 +49,7 @@ template(`thunderbird_per_role_template',`
 	type $1_thunderbird_tmpfs_t;
 	files_tmpfs_file($1_thunderbird_tmpfs_t)
-	
+
 	########################################
 	#
 	# Local policy
@ -94,12 +94,12 @@ template(`thunderbird_per_role_template',`
 	relabel_dirs_pattern($2, $1_thunderbird_home_t, $1_thunderbird_home_t)
 	relabel_files_pattern($2, $1_thunderbird_home_t, $1_thunderbird_home_t)
 	relabel_lnk_files_pattern($2, $1_thunderbird_home_t, $1_thunderbird_home_t)
-	
+
 	# Allow netstat
 	kernel_read_network_state($1_thunderbird_t)
 	kernel_read_net_sysctls($1_thunderbird_t)
 	kernel_read_system_state($1_thunderbird_t)
-	
+
 	# Startup shellscript
 	corecmd_exec_shell($1_thunderbird_t)
@ -144,7 +144,7 @@ template(`thunderbird_per_role_template',`
 	fs_list_inotifyfs($1_thunderbird_t)
 	# Access ~/.thunderbird
 	fs_search_auto_mountpoints($1_thunderbird_t)
-	
+
 	auth_use_nsswitch($1_thunderbird_t)
 	libs_use_shared_libs($1_thunderbird_t)
@ -204,14 +204,14 @@ template(`thunderbird_per_role_template',`
 		fs_dontaudit_read_cifs_files($1_thunderbird_t)
 		fs_dontaudit_list_cifs($1_thunderbird_t)
 	')
-	
+
 	tunable_policy(`mail_read_content',`
 		userdom_list_user_tmp($1, $1_thunderbird_t)
 		userdom_read_user_tmp_files($1, $1_thunderbird_t)
 		userdom_read_user_tmp_symlinks($1, $1_thunderbird_t)
 		userdom_search_user_home_dirs($1, $1_thunderbird_t)
 		userdom_read_user_home_content_files($1, $1_thunderbird_t)
-		
+
 		ifndef(`enable_mls',`
 			fs_search_removable($1_thunderbird_t)
 			fs_read_removable_files($1_thunderbird_t)
@ -229,7 +229,7 @@ template(`thunderbird_per_role_template',`
 		userdom_dontaudit_list_user_home_dirs($1, $1_thunderbird_t)
 		userdom_dontaudit_read_user_home_content_files($1, $1_thunderbird_t)
 	')
-	
+
 	tunable_policy(`mail_read_content && read_default_t',`
 		files_list_default($1_thunderbird_t)
 		files_read_default_files($1_thunderbird_t)
@ -238,7 +238,7 @@ template(`thunderbird_per_role_template',`
 		files_dontaudit_read_default_files($1_thunderbird_t)
 		files_dontaudit_list_default($1_thunderbird_t)
 	')
-	
+
 	tunable_policy(`mail_read_content && read_untrusted_content',`
 		files_list_tmp($1_thunderbird_t)
 		files_list_home($1_thunderbird_t)
@ -274,7 +274,7 @@ template(`thunderbird_per_role_template',`
 		fs_dontaudit_manage_nfs_dirs($1_thunderbird_t)
 		fs_dontaudit_manage_nfs_files($1_thunderbird_t)
 	')
-	
+
 	# Manage samba homedirs
 	tunable_policy(`write_untrusted_content && use_samba_home_dirs',`
 		files_search_home($1_thunderbird_t)
@ -288,7 +288,7 @@ template(`thunderbird_per_role_template',`
 		fs_dontaudit_manage_cifs_dirs($1_thunderbird_t)
 		fs_dontaudit_manage_cifs_files($1_thunderbird_t)
 	')
-	
+
 	# Manage /tmp and /home
 	tunable_policy(`write_untrusted_content',`
 		files_search_home($1_thunderbird_t)
--- a/policy/modules/apps/tvtime.if
+++ b/policy/modules/apps/tvtime.if
@ -55,7 +55,7 @@ template(`tvtime_per_role_template',`
 	type $1_tvtime_tmpfs_t;
 	files_tmpfs_file($1_tvtime_tmpfs_t)
-	
+
 	########################################
 	#
 	# Local policy
@ -96,7 +96,7 @@ template(`tvtime_per_role_template',`
 	# Allow the user domain to signal/ps.
 	ps_process_pattern($2,$1_tvtime_t)
 	allow $2 $1_tvtime_t:process signal_perms;
-	
+
 	kernel_read_all_sysctls($1_tvtime_t)
 	kernel_get_sysvipc_info($1_tvtime_t)
@ -111,7 +111,7 @@ template(`tvtime_per_role_template',`
 	# X access, Home files
 	fs_search_auto_mountpoints($1_tvtime_t)
-	
+
 	libs_use_ld_so($1_tvtime_t)
 	libs_use_shared_libs($1_tvtime_t)
@ -120,7 +120,7 @@ template(`tvtime_per_role_template',`
 	userdom_use_user_terminals($1, $1_tvtime_t)
 	userdom_read_user_home_content_files($1, $1_tvtime_t)
-	
+
 	# X access, Home files
 	tunable_policy(`use_nfs_home_dirs',`
 		fs_manage_nfs_dirs($1_tvtime_t)
--- a/policy/modules/apps/uml.if
+++ b/policy/modules/apps/uml.if
@ -1,5 +1,5 @@
 ## <summary>Policy for UML</summary>
-	
+
 #######################################
 ## <summary>
 ##	The per role template for the uml module.
@ -142,7 +142,7 @@ template(`uml_per_role_template',`
 	# for mconsole
 	allow { $2 $1_uml_t } $1_uml_t:unix_dgram_socket sendto;
 	allow $1_uml_t $2:unix_dgram_socket sendto;
-	
+
 	kernel_read_system_state($1_uml_t)
 	# for SKAS - need something better
 	kernel_write_proc_files($1_uml_t)
@ -161,7 +161,7 @@ template(`uml_per_role_template',`
 	corenet_tcp_connect_all_ports($1_uml_t)
 	corenet_sendrecv_all_client_packets($1_uml_t)
 	corenet_rw_tun_tap_dev($1_uml_t)
-	
+
 	domain_use_interactive_fds($1_uml_t)
 	# for xterm
--- a/policy/modules/apps/userhelper.if
+++ b/policy/modules/apps/userhelper.if
@ -49,7 +49,7 @@ template(`userhelper_per_role_template',`
 	domain_interactive_fd($1_userhelper_t)
 	domain_subj_id_change_exemption($1_userhelper_t)
 	role $3 types $1_userhelper_t;
-	
+
 	########################################
 	#
 	# Local policy
@ -78,7 +78,7 @@ template(`userhelper_per_role_template',`
 	can_exec($1_userhelper_t, userhelper_exec_t)
 	dontaudit $2 $1_userhelper_t:process signal;
-	
+
 	kernel_read_all_sysctls($1_userhelper_t)
 	kernel_getattr_debugfs($1_userhelper_t)
 	kernel_read_system_state($1_userhelper_t)
@ -164,7 +164,7 @@ template(`userhelper_per_role_template',`
 		sysadm_bin_spec_domtrans($1_userhelper_t)
 		sysadm_entry_spec_domtrans($1_userhelper_t)
 	')
-	
+
 	optional_policy(`
 		ethereal_domtrans_user_ethereal($1, $1_userhelper_t)
 	')
--- a/policy/modules/apps/wireshark.if
+++ b/policy/modules/apps/wireshark.if
@ -114,7 +114,7 @@ template(`wireshark_per_role_template',`
 	corenet_tcp_connect_generic_port($1_wireshark_t)
 	corenet_tcp_sendrecv_generic_if($1_wireshark_t)
-	
+
 	dev_read_urand($1_wireshark_t)
 	files_read_etc_files($1_wireshark_t)
@ -135,7 +135,7 @@ template(`wireshark_per_role_template',`
 	sysnet_read_config($1_wireshark_t)
 	userdom_manage_user_home_content_files($1, $1_wireshark_t)
-	
+
 	tunable_policy(`use_nfs_home_dirs',`
 		fs_manage_nfs_dirs($1_wireshark_t)
 		fs_manage_nfs_files($1_wireshark_t)
@ -162,7 +162,7 @@ template(`wireshark_per_role_template',`
 		xserver_user_client_template($1, $1_wireshark_t, $1_wireshark_tmpfs_t)
 		xserver_create_xdm_tmp_sockets($1_wireshark_t)
 	')
-	
+
 	ifdef(`TODO',`
 		# Why does it write this?
 		optional_policy(`
@ -173,7 +173,7 @@ template(`wireshark_per_role_template',`
 		gnome_file_dialog($1_wireshark, $1)
 		# FIXME: policy is incomplete
 	')
-	
+
 ')
 #######################################
@ -204,7 +204,7 @@ template(`wireshark_admin_template',`
 	allow $1_wireshark_t self:packet_socket create_socket_perms;
 	allow $1_wireshark_t self:unix_stream_socket create_stream_socket_perms;
 	allow $1_wireshark_t self:tcp_socket create_socket_perms;
-	
+
 	userdom_use_user_terminals($1, $1_wireshark_t)
 	# wireshark tries to write to user terminal
 	userdom_dontaudit_use_user_terminals($1, $1_wireshark_t)
--- a/policy/modules/services/aide.if
+++ b/policy/modules/services/aide.if
@ -19,7 +19,6 @@ interface(`aide_domtrans',`
        domtrans_pattern($1, aide_exec_t, aide_t)
 ')
 ########################################
 ## <summary>
 ##	Execute aide programs in the AIDE domain.
--- a/policy/modules/services/apcupsd.if
+++ b/policy/modules/services/apcupsd.if
@ -37,7 +37,6 @@ interface(`apcupsd_read_pid_files',`
 	allow $1 apcupsd_var_run_t:file read_file_perms;
 ')
 ########################################
 ## <summary>
 ##	Allow the specified domain to read apcupsd's log files.
--- a/policy/modules/services/apcupsd.te
+++ b/policy/modules/services/apcupsd.te
@ -110,10 +110,10 @@ optional_policy(`
 optional_policy(`
 	apache_content_template(apcupsd_cgi)
-	
+
 	allow httpd_apcupsd_cgi_script_t self:tcp_socket create_stream_socket_perms;
 	allow httpd_apcupsd_cgi_script_t self:udp_socket create_socket_perms;
-	
+
 	corenet_all_recvfrom_unlabeled(httpd_apcupsd_cgi_script_t)
 	corenet_all_recvfrom_netlabel(httpd_apcupsd_cgi_script_t)
 	corenet_tcp_sendrecv_all_if(httpd_apcupsd_cgi_script_t)
@ -123,6 +123,6 @@ optional_policy(`
 	corenet_udp_sendrecv_all_if(httpd_apcupsd_cgi_script_t)
 	corenet_udp_sendrecv_all_nodes(httpd_apcupsd_cgi_script_t)
 	corenet_udp_sendrecv_all_ports(httpd_apcupsd_cgi_script_t)
-	
+
 	sysnet_dns_name_resolve(httpd_apcupsd_cgi_script_t)
 ')
--- a/policy/modules/services/apm.te
+++ b/policy/modules/services/apm.te
@ -14,7 +14,6 @@ type apm_exec_t;
 application_domain(apm_t, apm_exec_t)
 role system_r types apm_t;
 type apmd_log_t;
 logging_log_file(apmd_log_t)
--- a/policy/modules/services/bind.if
+++ b/policy/modules/services/bind.if
@ -284,9 +284,9 @@ interface(`bind_admin',`
 	allow $1 named_t:process { ptrace signal_perms };
 	ps_process_pattern($1, named_t)
-	        
+
 	allow $1 ndc_t:process { ptrace signal_perms };
 	ps_process_pattern($1, ndc_t)
-	        
+
 	bind_run_ndc($1, $2, $3)
 ')
--- a/policy/modules/services/bluetooth.if
+++ b/policy/modules/services/bluetooth.if
@ -41,7 +41,7 @@ template(`bluetooth_per_role_template',`
 	type $1_bluetooth_t, bluetooth_helper_domain;
 	application_domain($1_bluetooth_t, bluetooth_helper_exec_t)
 	role $3 types $1_bluetooth_t;
-	
+
 	type $1_bluetooth_tmp_t;
 	files_tmp_file($1_bluetooth_tmp_t)
--- a/policy/modules/services/cvs.if
+++ b/policy/modules/services/cvs.if
@ -63,7 +63,7 @@ interface(`cvs_admin',`
 	allow $1 cvs_t:process { ptrace signal_perms };
 	ps_process_pattern($1, cvs_t)
-	        
+
 	# Allow cvs_t to restart the apache service
 	init_labeled_script_domtrans($1, cvs_initrc_exec_t)
 	domain_system_change_exemption($1)
--- a/policy/modules/services/cyrus.if
+++ b/policy/modules/services/cyrus.if
@ -20,7 +20,6 @@ interface(`cyrus_manage_data',`
 	manage_files_pattern($1, cyrus_var_lib_t, cyrus_var_lib_t)
 ')
 ########################################
 ## <summary>
 ##	Connect to Cyrus using a unix domain stream socket.
@ -81,4 +80,3 @@ interface(`cyrus_admin',`
 	admin_pattern($1, cyrus_var_run_t)
 ')
--- a/policy/modules/services/dovecot.fc
+++ b/policy/modules/services/dovecot.fc
@ -34,6 +34,3 @@ ifdef(`distro_redhat', `
 /var/spool/dovecot(/.*)?		gen_context(system_u:object_r:dovecot_spool_t,s0)
--- a/policy/modules/services/hal.if
+++ b/policy/modules/services/hal.if
@ -283,7 +283,6 @@ interface(`hal_read_pid_files',`
 	allow $1 hald_var_run_t:file read_file_perms;
 ')
 ########################################
 ## <summary>
 ##	Read/Write hald PID files.
--- a/policy/modules/services/inn.if
+++ b/policy/modules/services/inn.if
@ -156,7 +156,6 @@ interface(`inn_dgram_send',`
 	allow $1 innd_t:unix_dgram_socket sendto;
 ')
 ########################################
 ## <summary>
 ##	Execute inn in the inn domain.
--- a/policy/modules/services/ldap.if
+++ b/policy/modules/services/ldap.if
@ -53,7 +53,6 @@ interface(`ldap_use',`
 	refpolicywarn(`$0($*) has been deprecated.')
 ')
 ########################################
 ## <summary>
 ##	Connect to slapd over an unix stream socket.
--- a/policy/modules/services/lpd.if
+++ b/policy/modules/services/lpd.if
@ -62,7 +62,7 @@ template(`lpd_per_role_template',`
 	allow $1_lpr_t self:tcp_socket create_socket_perms;
 	allow $1_lpr_t self:udp_socket create_socket_perms;
 	allow $1_lpr_t self:netlink_route_socket r_netlink_socket_perms;
-	
+
 	can_exec($1_lpr_t,lpr_exec_t)
 	tunable_policy(`use_lpd_server',`
@ -133,7 +133,7 @@ template(`lpd_per_role_template',`
 	# Access the terminal.
 	term_use_controlling_term($1_lpr_t)
 	term_use_generic_ptys($1_lpr_t)
-	
+
 	libs_use_ld_so($1_lpr_t)
 	libs_use_shared_libs($1_lpr_t)
--- a/policy/modules/services/oident.fc
+++ b/policy/modules/services/oident.fc
@ -7,4 +7,3 @@ HOME_DIR/\.oidentd.conf			gen_context(system_u:object_r:ROLE_oidentd_home_t, s0)
 /usr/sbin/oidentd		--	gen_context(system_u:object_r:oidentd_exec_t, s0)
--- a/policy/modules/services/ppp.if
+++ b/policy/modules/services/ppp.if
@ -331,7 +331,7 @@ interface(`ppp_admin',`
 	allow $1 pppd_t:process { ptrace signal_perms getattr };
 	ps_process_pattern($1, pppd_t)
-	        
+
 	files_list_tmp($1)
 	manage_files_pattern($1, pppd_tmp_t, pppd_tmp_t)
--- a/policy/modules/services/rpcbind.if
+++ b/policy/modules/services/rpcbind.if
@ -37,7 +37,6 @@ interface(`rpcbind_read_pid_files',`
 	allow $1 rpcbind_var_run_t:file read_file_perms;
 ')
 ########################################
 ## <summary>
 ##	Search rpcbind lib directories.
@ -121,7 +120,7 @@ interface(`rpcbind_admin',`
 	allow $1 rpcbind_t:process { ptrace signal_perms };
 	ps_process_pattern($1, rpcbind_t)
-	        
+
 	init_labeled_script_domtrans($1, rbcbind_initrc_exec_t)
 	domain_system_change_exemption($1)
 	role_transition $2 rpcbind_initrc_exec_t system_r;
--- a/policy/modules/services/rwho.if
+++ b/policy/modules/services/rwho.if
@ -57,7 +57,6 @@ interface(`rwho_read_log_files',`
 	logging_search_logs($1)
 ')
 ########################################
 ## <summary>
 ##	Search rwho spool directories.
--- a/policy/modules/services/samba.if
+++ b/policy/modules/services/samba.if
@ -491,7 +491,7 @@ interface(`samba_stream_connect_winbind',`
 	files_search_pids($1)
 	allow $1 samba_var_t:dir search_dir_perms;
 	stream_connect_pattern($1, winbind_var_run_t, winbind_var_run_t, winbind_t)
-	
+
 	ifndef(`distro_redhat',`
 		gen_require(`
 		    type winbind_tmp_t;
--- a/policy/modules/services/samba.te
+++ b/policy/modules/services/samba.te
@ -650,7 +650,6 @@ optional_policy(`
 # Winbind local policy
 #
 allow winbind_t self:capability { dac_override ipc_lock setuid };
 dontaudit winbind_t self:capability sys_tty_config;
 allow winbind_t self:process signal_perms;
--- a/policy/modules/services/snmp.if
+++ b/policy/modules/services/snmp.if
@ -105,7 +105,7 @@ interface(`snmp_admin',`
 	allow $1 snmpd_t:process { ptrace signal_perms getattr };
 	ps_process_pattern($1, snmpd_t)
-	        
+
 	logging_list_logs($1)
 	manage_files_pattern($1, snmpd_log_t, snmpd_log_t)
--- a/policy/modules/services/squid.if
+++ b/policy/modules/services/squid.if
@ -195,7 +195,7 @@ interface(`squid_admin',`
 	allow $1 squid_t:process { ptrace signal_perms };
 	ps_process_pattern($1, squid_t)
-		
+
 	init_labeled_script_domtrans($1, squid_initrc_exec_t)
 	domain_system_change_exemption($1)
 	role_transition $2 squid_initrc_exec_t system_r;
--- a/policy/modules/services/tftp.if
+++ b/policy/modules/services/tftp.if
@ -19,7 +19,7 @@ interface(`tftp_admin',`
 	allow $1 tftpd_t:process { ptrace signal_perms getattr };
 	ps_process_pattern($1, tftpd_t)
-	        
+
 	admin_pattern($1, tftpdir_rw_t)
 	admin_pattern($1, tftpdir_t)
--- a/policy/modules/services/uucp.if
+++ b/policy/modules/services/uucp.if
@ -82,7 +82,7 @@ interface(`uucp_admin',`
 	allow $1 uucpd_t:process { ptrace signal_perms getattr };
 	ps_process_pattern($1, uucpd_t)
-	        
+
 	logging_list_logs($1)
 	admin_pattern($1, uucpd_log_t)
--- a/policy/modules/services/zabbix.if
+++ b/policy/modules/services/zabbix.if
@ -102,12 +102,12 @@ interface(`zabbix_admin',`
 	allow $1 zabbix_t:process { ptrace signal_perms };
 	ps_process_pattern($1, zabbix_t)
-		
+
 	init_labeled_script_domtrans($1, zabbix_initrc_exec_t)
 	domain_system_change_exemption($1)
 	role_transition $2 zabbix_initrc_exec_t system_r;
 	allow $2 system_r;
-	        
+
 	logging_list_logs($1)
 	admin_pattern($1, zabbix_log_t)
--- a/policy/modules/services/zebra.if
+++ b/policy/modules/services/zebra.if
@ -48,7 +48,7 @@ interface(`zebra_admin',`
 	allow $1 zebra_t:process { ptrace signal_perms };
 	ps_process_pattern($1, zebra_t)
-		
+
 	init_labeled_script_domtrans($1, zebra_initrc_exec_t)
 	domain_system_change_exemption($1)
 	role_transition $2 zebra_initrc_exec_t system_r;
@ -56,7 +56,7 @@ interface(`zebra_admin',`
 	files_list_etc($1)
 	admin_pattern($1, zebra_conf_t)
-	        
+
 	logging_list_logs($1)
 	admin_pattern($1, zebra_log_t)
--- a/policy/modules/system/sysnetwork.te
+++ b/policy/modules/system/sysnetwork.te
@ -307,7 +307,7 @@ ifdef(`distro_ubuntu',`
 		unconfined_domain(ifconfig_t)
 	')
 ')
-  
+
 ifdef(`hide_broken_symptoms',`
 	optional_policy(`
 		dev_dontaudit_rw_cardmgr(ifconfig_t)
--- a/policy/modules/system/userdomain.if
+++ b/policy/modules/system/userdomain.if
@ -1272,7 +1272,7 @@ template(`userdom_admin_user_template',`
 	ifdef(`direct_sysadm_daemon',`
 		domain_system_change_exemption($1_t)
 	')
-	
+
 	typeattribute $1_devpts_t admin_terminal;
 	typeattribute $1_tty_device_t admin_terminal;
@ -34,6 +34,3 @@ ifdef(`distro_redhat', `

	`/var/spool/dovecot(/.*)? gen_context(system_u:object_r:dovecot_spool_t,s0)`	`/var/spool/dovecot(/.*)? gen_context(system_u:object_r:dovecot_spool_t,s0)`
`@ -7,4 +7,3 @@ HOME_DIR/\.oidentd.conf gen_context(system_u:object_r:ROLE_oidentd_home_t, s0)`

	`/usr/sbin/oidentd -- gen_context(system_u:object_r:oidentd_exec_t, s0)`	`/usr/sbin/oidentd -- gen_context(system_u:object_r:oidentd_exec_t, s0)`