From 2e77b29e67dae574622b6255d3aabcf9873ed467 Mon Sep 17 00:00:00 2001
From: Chris PeBenito <cpebenito@tresys.com>
Date: Wed, 18 May 2005 21:00:00 +0000
Subject: [PATCH] add xml

---
 refpolicy/policy/modules/system/files.if | 30 ++++++++++++++++++++----
 1 file changed, 25 insertions(+), 5 deletions(-)

diff --git a/refpolicy/policy/modules/system/files.if b/refpolicy/policy/modules/system/files.if
index 7746e358..0bbddef0 100644
--- a/refpolicy/policy/modules/system/files.if
+++ b/refpolicy/policy/modules/system/files.if
@@ -1,4 +1,6 @@
 # Copyright (C) 2005 Tresys Technology, LLC
+## <module name="files" layer="system">
+## <summary>Policy controlling access to general files</summary>
 
 ########################################
 #
@@ -73,7 +75,7 @@ attribute tmpfile;
 
 ########################################
 #
-# files_get_all_file_attributes(type)
+# files_get_all_file_attributes(domain)
 #
 define(`files_get_all_file_attributes',`
 requires_block_template(`$0'_depend)
@@ -163,7 +165,7 @@ class dir search;
 
 ########################################
 #
-# files_read_all_directories(type)
+# files_read_all_directories(domain)
 #
 define(`files_read_all_directories',`
 requires_block_template(`$0'_depend)
@@ -177,7 +179,7 @@ class dir { getattr search read };
 
 ########################################
 #
-# files_mount_on_all_mountpoints(type)
+# files_mount_on_all_mountpoints(domain)
 #
 define(`files_mount_on_all_mountpoints',`
 requires_block_template(`$0'_depend)
@@ -261,10 +263,26 @@ type root_t;
 class chr_file { read write };
 ')
 
-########################################
 #
-# files_create_private_root_dir_entry(domain,privatetype,[class(es)])
+## <interface name="files_create_private_root_dir_entry">
+##	<description>
+##		Create an object in the root directory, with a private
+##		type.  If no object class is specified, the
+##		default is file.
+##	</description>
+##	<parameter name="domain">
+##		The type of the process performing this action.
+##	</parameter>
+##	<parameter name="private type">
+##		The type of the object to be created.
+##	</parameter>
+##	<parameter name="object" optional="true">
+##		The type of the process performing this action.
+##	</parameter>
+##	<infoflow type="write" weight="10"/>
+## </interface>
 #
+
 define(`files_create_private_root_dir_entry',`
 requires_block_template(`$0'_depend)
 allow $1 root_t:dir { getattr search read write add_name remove_name };
@@ -799,3 +817,5 @@ define(`files_read_system_spool_directory_depend',`
 type var_t, var_spool_t;
 class dir { getattr search read };
 ')
+
+## </module>