Improve the documentation of corenetwork interfaces

corenet_tcp_sendrecv_generic_if()
corenet_udp_sendrecv_generic_if()
corenet_tcp_sendrecv_generic_node()
corenet_udp_sendrecv_generic_node()
corenet_tcp_bind_generic_node()
corenet_udp_bind_generic_node()
corenet_tcp_sendrecv_all_ports()
corenet_udp_sendrecv_all_ports()
corenet_all_recvfrom_unlabeled()
corenet_all_recvfrom_netlabel()

policy/modules/kernel/corenetwork.if.in

@@ -140,11 +140,23 @@ interface(`corenet_server_packet',`
 
 ########################################
 ## <summary>
-##	Send and receive TCP network traffic on the generic interfaces.
+##	Send and receive TCP network traffic on generic interfaces.
 ## </summary>
+## <desc>
+##	<p>
+##	Allow the specified domain to send and receive TCP network
+##	traffic on generic network interfaces.
+##	</p>
+##	<p>
+##	Related interface:
+##	</p>
+##	<ul>
+##		<li>corenet_tcp_sendrecv_generic_node()</li>
+##	</ul>
+## </desc>
 ## <param name="domain">
 ##	<summary>
-##	The type of the process performing this action.
+##	Domain allowed access.
 ##	</summary>
 ## </param>
 ## <infoflow type="both" weight="10"/>
@@ -233,13 +245,26 @@ interface(`corenet_dontaudit_udp_receive_generic_if',`
 
 ########################################
 ## <summary>
-##	Send and Receive UDP network traffic on generic interfaces.
+##	Send and receive UDP network traffic on generic interfaces.
 ## </summary>
+## <desc>
+##	<p>
+##	Allow the specified domain to send and receive UDP network
+##	traffic on generic network interfaces.
+##	</p>
+##	<p>
+##	Related interface:
+##	</p>
+##	<ul>
+##		<li>corenet_udp_sendrecv_generic_node()</li>
+##	</ul>
+## </desc>
 ## <param name="domain">
 ##	<summary>
-##	The type of the process performing this action.
+##	Domain allowed access.
 ##	</summary>
 ## </param>
+## <infoflow type="both" weight="10"/>
 #
 interface(`corenet_udp_sendrecv_generic_if',`
 	corenet_udp_send_generic_if($1)
@@ -491,11 +516,24 @@ interface(`corenet_raw_sendrecv_all_if',`
 ## <summary>
 ##	Send and receive TCP network traffic on generic nodes.
 ## </summary>
+## <desc>
+##	<p>
+##	Allow the specified domain to send and receive TCP network
+##	traffic to/from generic network nodes (hostnames/networks).
+##	</p>
+##	<p>
+##	Related interface:
+##	</p>
+##	<ul>
+##		<li>corenet_tcp_sendrecv_generic_if()</li>
+##	</ul>
+## </desc>
 ## <param name="domain">
 ##	<summary>
-##	The type of the process performing this action.
+##	Domain allowed access.
 ##	</summary>
 ## </param>
+## <infoflow type="both" weight="10"/>
 #
 interface(`corenet_tcp_sendrecv_generic_node',`
 	gen_require(`
@@ -545,11 +583,24 @@ interface(`corenet_udp_receive_generic_node',`
 ## <summary>
 ##	Send and receive UDP network traffic on generic nodes.
 ## </summary>
+## <desc>
+##	<p>
+##	Allow the specified domain to send and receive UDP network
+##	traffic to/from generic network nodes (hostnames/networks).
+##	</p>
+##	<p>
+##	Related interface:
+##	</p>
+##	<ul>
+##		<li>corenet_udp_sendrecv_generic_if()</li>
+##	</ul>
+## </desc>
 ## <param name="domain">
 ##	<summary>
-##	The type of the process performing this action.
+##	Domain allowed access.
 ##	</summary>
 ## </param>
+## <infoflow type="both" weight="10"/>
 #
 interface(`corenet_udp_sendrecv_generic_node',`
 	corenet_udp_send_generic_node($1)
@@ -611,11 +662,26 @@ interface(`corenet_raw_sendrecv_generic_node',`
 ## <summary>
 ##	Bind TCP sockets to generic nodes.
 ## </summary>
+## <desc>
+##	<p>
+##	Bind TCP sockets to generic nodes.  This is
+##	necessary for binding a socket so it
+##	can be used for servers to listen
+##	for incoming connections.
+##	</p>
+##	<p>
+##	Related interface:
+##	</p>
+##	<ul>
+##		<li>corenet_udp_bind_generic_node()</li>
+##	</ul>
+## </desc>
 ## <param name="domain">
 ##	<summary>
-##	The type of the process performing this action.
+##	Domain allowed access.
 ##	</summary>
 ## </param>
+## <infoflow type="read" weight="1"/>
 #
 interface(`corenet_tcp_bind_generic_node',`
 	gen_require(`
@@ -629,11 +695,26 @@ interface(`corenet_tcp_bind_generic_node',`
 ## <summary>
 ##	Bind UDP sockets to generic nodes.
 ## </summary>
+## <desc>
+##	<p>
+##	Bind UDP sockets to generic nodes.  This is
+##	necessary for binding a socket so it
+##	can be used for servers to listen
+##	for incoming connections.
+##	</p>
+##	<p>
+##	Related interface:
+##	</p>
+##	<ul>
+##		<li>corenet_tcp_bind_generic_node()</li>
+##	</ul>
+## </desc>
 ## <param name="domain">
 ##	<summary>
-##	The type of the process performing this action.
+##	Domain allowed access.
 ##	</summary>
 ## </param>
+## <infoflow type="read" weight="1"/>
 #
 interface(`corenet_udp_bind_generic_node',`
 	gen_require(`
@@ -1112,11 +1193,22 @@ interface(`corenet_tcp_connect_generic_port',`
 ## <summary>
 ##	Send and receive TCP network traffic on all ports.
 ## </summary>
+## <desc>
+##	<p>
+##	Send and receive TCP network traffic on all ports.
+##	Related interfaces:
+##	</p>
+##	<ul>
+##		<li>corenet_tcp_connect_all_ports()</li>
+##		<li>corenet_tcp_bind_all_ports()</li>
+##	</ul>
+## </desc>
 ## <param name="domain">
 ##	<summary>
-##	The type of the process performing this action.
+##	Domain allowed access.
 ##	</summary>
 ## </param>
+## <infoflow type="both" weight="10"/>
 #
 interface(`corenet_tcp_sendrecv_all_ports',`
 	gen_require(`
@@ -1166,11 +1258,21 @@ interface(`corenet_udp_receive_all_ports',`
 ## <summary>
 ##	Send and receive UDP network traffic on all ports.
 ## </summary>
+## <desc>
+##	<p>
+##	Send and receive UDP network traffic on all ports.
+##	Related interfaces:
+##	</p>
+##	<ul>
+##		<li>corenet_udp_bind_all_ports()</li>
+##	</ul>
+## </desc>
 ## <param name="domain">
 ##	<summary>
-##	The type of the process performing this action.
+##	Domain allowed access.
 ##	</summary>
 ## </param>
+## <infoflow type="both" weight="10"/>
 #
 interface(`corenet_udp_sendrecv_all_ports',`
 	corenet_udp_send_all_ports($1)
@@ -2207,11 +2309,23 @@ interface(`corenet_dontaudit_raw_recvfrom_unlabeled',`
 ## <summary>
 ##	Receive packets from an unlabeled connection.
 ## </summary>
+## <desc>
+##	<p>
+##	Allow the specified domain to receive packets from an
+##	unlabeled connection.  On machines that do not utilize
+##	labeled networking, this will be required on all
+##	networking domains.  On machines tha do utilize
+##	labeled networking, this will be required for any
+##	networking domain that is allowed to receive
+##	network traffic that does not have a label.
+##	</p>
+## </desc>
 ## <param name="domain">
 ##	<summary>
 ##	Domain allowed access.
 ##	</summary>
 ## </param>
+## <infoflow type="read" weight="10"/>
 #
 interface(`corenet_all_recvfrom_unlabeled',`
 	kernel_tcp_recvfrom_unlabeled($1)
@@ -2229,11 +2343,22 @@ interface(`corenet_all_recvfrom_unlabeled',`
 ## <summary>
 ##	Receive packets from a NetLabel connection.
 ## </summary>
+## <desc>
+##	<p>
+##	Allow the specified domain to receive NetLabel
+##	network traffic, which utilizes the Commercial IP
+##	Security Option (CIPSO) to set the MLS level
+##	of the network packets.  This is required for
+##	all networking domains that receive NetLabel
+##	network traffic.
+##	</p>
+## </desc>
 ## <param name="domain">
 ##	<summary>
 ##	Domain allowed access.
 ##	</summary>
 ## </param>
+## <infoflow type="read" weight="10"/>
 #
 interface(`corenet_all_recvfrom_netlabel',`
 	gen_require(`