From 57869a681efec72791ab94c446447c7dbcfa6d9f Mon Sep 17 00:00:00 2001
From: Chris PeBenito <cpebenito@tresys.com>
Date: Mon, 20 Jun 2005 18:40:44 +0000
Subject: [PATCH] XML: encapsulate modules in layers, rather then layer being
 an attribute of module tag

---
 refpolicy/Makefile                            | 13 +++++---
 refpolicy/doc/policy.dtd                      | 12 +++++---
 refpolicy/policy/modules/admin/dmesg.if       |  2 +-
 refpolicy/policy/modules/admin/rpm.if         |  2 +-
 refpolicy/policy/modules/admin/usermanage.if  |  2 +-
 refpolicy/policy/modules/apps/gpg.if          | 30 ++++++++++++++++---
 refpolicy/policy/modules/kernel/bootloader.if |  2 +-
 .../policy/modules/kernel/corenetwork.if.in   |  2 +-
 refpolicy/policy/modules/kernel/devices.if    |  2 +-
 refpolicy/policy/modules/kernel/filesystem.if |  2 +-
 refpolicy/policy/modules/kernel/kernel.if     |  2 +-
 refpolicy/policy/modules/kernel/selinux.if    |  2 +-
 refpolicy/policy/modules/kernel/storage.if    |  2 +-
 refpolicy/policy/modules/kernel/terminal.if   |  2 +-
 refpolicy/policy/modules/services/mta.if      |  2 +-
 .../policy/modules/services/remotelogin.if    |  2 +-
 refpolicy/policy/modules/services/sendmail.if |  2 +-
 refpolicy/policy/modules/system/authlogin.if  |  2 +-
 refpolicy/policy/modules/system/clock.if      |  2 +-
 .../policy/modules/system/corecommands.if     |  2 +-
 refpolicy/policy/modules/system/domain.if     |  2 +-
 refpolicy/policy/modules/system/files.if      |  2 +-
 refpolicy/policy/modules/system/getty.if      |  2 +-
 refpolicy/policy/modules/system/hostname.if   |  2 +-
 refpolicy/policy/modules/system/hotplug.if    |  2 +-
 refpolicy/policy/modules/system/init.if       |  2 +-
 refpolicy/policy/modules/system/iptables.if   |  2 +-
 refpolicy/policy/modules/system/libraries.if  |  2 +-
 refpolicy/policy/modules/system/locallogin.if |  2 +-
 refpolicy/policy/modules/system/logging.if    |  2 +-
 refpolicy/policy/modules/system/lvm.if        |  2 +-
 refpolicy/policy/modules/system/miscfiles.if  |  2 +-
 refpolicy/policy/modules/system/modutils.if   |  2 +-
 refpolicy/policy/modules/system/mount.if      |  2 +-
 .../policy/modules/system/selinuxutil.if      |  2 +-
 refpolicy/policy/modules/system/sysnetwork.if |  2 +-
 refpolicy/policy/modules/system/udev.if       |  2 +-
 refpolicy/policy/modules/system/userdomain.if |  2 +-
 38 files changed, 78 insertions(+), 47 deletions(-)

diff --git a/refpolicy/Makefile b/refpolicy/Makefile
index ca26e5ea..4beb2724 100644
--- a/refpolicy/Makefile
+++ b/refpolicy/Makefile
@@ -129,7 +129,7 @@ CONTEXTFILES += $(wildcard $(APPCONF)/*_context*) $(APPCONF)/media
 USER_FILES := $(POLDIR)/users 
 
 DISABLEMOD := $(foreach mod,$(shell egrep -v '^[[:blank:]]*\#' $(MOD_DISABLE)),$(subst ./,,$(shell find -iname $(mod).te)))
-ALL_LAYERS := $(shell find $(wildcard policy/modules/*) -maxdepth 0 -type d)
+ALL_LAYERS := $(filter-out $(MODDIR)/CVS,$(shell find $(wildcard $(MODDIR)/*) -maxdepth 0 -type d))
 
 GENERATED_TE := $(basename $(foreach dir,$(ALL_LAYERS),$(wildcard $(dir)/*.te.in)))
 GENERATED_IF := $(basename $(foreach dir,$(ALL_LAYERS),$(wildcard $(dir)/*.if.in)))
@@ -153,6 +153,7 @@ POLICY_SECTIONS := tmp/pre_te_files.conf tmp/generated_definitions.conf tmp/all_
 DOCS = doc
 POLXML = $(DOCS)/policy.xml
 XMLDTD = $(DOCS)/policy.dtd
+LAYERXML = metadata.xml
 HTMLDIR = $(DOCS)/html
 DOCTEMPLATE = $(DOCS)/templates
 
@@ -364,9 +365,13 @@ $(POLXML): $(ALL_INTERFACES)
 	$(QUIET) echo '<?xml version="1.0" encoding="ISO-8859-1" standalone="no"?>' > $@
 	$(QUIET) echo '<!DOCTYPE policy SYSTEM "policy.dtd">' >> $@
 	$(QUIET) echo "<policy>" >> $@
-# process this through m4 to eliminate the generated definitions templates.
-# currently these are only in corenetwork.if
-	$(QUIET) m4 $(ALL_INTERFACES) $(GLOBALTUN) | egrep -h "^##[[:blank:]]" | sed -e 's/^##[[:blank:]]//g' >> $@
+# do all modules, even disabled ones:
+	$(QUIET) for i in $(ALL_LAYERS); do \
+		cat $$i/$(LAYERXML) >> $@ ;\
+		egrep -h "^##[[:blank:]]" $$i/*.if | sed -e 's/^##[[:blank:]]//g' >> $@ ;\
+		echo "</layer>" >> $@;\
+	done
+	$(QUIET) egrep -h "^##[[:blank:]]" $(GLOBALTUN) | sed -e 's/^##[[:blank:]]//g' >> $@
 	$(QUIET) echo "</policy>" >> $@
 	$(QUIET) if test -x $(XMLLINT) && test -f $(XMLDTD); then \
 		$(XMLLINT) --noout --dtdvalid $(XMLDTD) $@ ;\
diff --git a/refpolicy/doc/policy.dtd b/refpolicy/doc/policy.dtd
index 3afb7e3f..a5ccae75 100644
--- a/refpolicy/doc/policy.dtd
+++ b/refpolicy/doc/policy.dtd
@@ -1,10 +1,12 @@
 <!ENTITY  % inline.class  "pre|p|ul|li">
 
-<!ELEMENT policy (module+,tunable*)>
-<!ELEMENT module (summary,description?,interface+)>
+<!ELEMENT policy (layer+,tunable*)>
+<!ELEMENT layer (module+)>
+<!ATTLIST layer
+      name CDATA #REQUIRED>
+<!ELEMENT module (summary,description?,(interface|template)*)>
 <!ATTLIST module 
-      name CDATA #REQUIRED
-      layer CDATA #REQUIRED>
+      name CDATA #REQUIRED>
 <!ELEMENT tunable (#PCDATA)>
 <!ATTLIST tunable
       name CDATA #REQUIRED
@@ -12,6 +14,8 @@
 <!ELEMENT summary (#PCDATA)>
 <!ELEMENT interface (summary?,description?,securitydesc?,parameter+,infoflow?)>
 <!ATTLIST interface name CDATA #REQUIRED>
+<!ELEMENT template (summary,description?,securitydesc?,parameter+)>
+<!ATTLIST template name CDATA #REQUIRED>
 <!ELEMENT description (#PCDATA|%inline.class;)*>
 <!ELEMENT securitydesc (#PCDATA|%inline.class;)*>
 <!ELEMENT parameter (#PCDATA)>
diff --git a/refpolicy/policy/modules/admin/dmesg.if b/refpolicy/policy/modules/admin/dmesg.if
index 0c6f5b7e..3e55cac5 100644
--- a/refpolicy/policy/modules/admin/dmesg.if
+++ b/refpolicy/policy/modules/admin/dmesg.if
@@ -1,4 +1,4 @@
-## <module name="dmesg" layer="admin">
+## <module name="dmesg">
 ## <summary>Policy for dmesg.</summary>
 
 ########################################
diff --git a/refpolicy/policy/modules/admin/rpm.if b/refpolicy/policy/modules/admin/rpm.if
index c4c3bde9..c0d2e305 100644
--- a/refpolicy/policy/modules/admin/rpm.if
+++ b/refpolicy/policy/modules/admin/rpm.if
@@ -1,4 +1,4 @@
-## <module name="rpm" layer="admin">
+## <module name="rpm">
 ## <summary>Policy for the RPM package manager.</summary>
 
 ########################################
diff --git a/refpolicy/policy/modules/admin/usermanage.if b/refpolicy/policy/modules/admin/usermanage.if
index 194411fc..625aaff3 100644
--- a/refpolicy/policy/modules/admin/usermanage.if
+++ b/refpolicy/policy/modules/admin/usermanage.if
@@ -1,4 +1,4 @@
-## <module name="usermanage" layer="admin">
+## <module name="usermanage">
 ## <summary>Policy for managing user accounts.</summary>
 
 ########################################
diff --git a/refpolicy/policy/modules/apps/gpg.if b/refpolicy/policy/modules/apps/gpg.if
index 903524b3..9f425216 100644
--- a/refpolicy/policy/modules/apps/gpg.if
+++ b/refpolicy/policy/modules/apps/gpg.if
@@ -1,9 +1,28 @@
+## <module name="gpg">
+## <summary>Policy for GNU Privacy Guard and related programs.</summary>
 
 #######################################
-#
-# Per user domain template for this module
-#
-# gpg_per_userdomain_template(userdomain_prefix)
+## <template name="gpg_per_userdomain_template">
+##	<summary>
+##		The per-userdomain template for the gpg module.
+##	</summary>
+##	<description>
+##		<p>
+##		This template creates the types and rules for GPG,
+##		GPG-agent, and GPG helper programs.  This protects
+##		the user keys and secrets, and runs the programs
+##		in domains specific to the user type.
+##		</p>
+##		<p>
+##		This is invoked	automatically for each user, and
+##		generally does not need to be statically invoked 
+##		directly by policy writers.
+##		</p>
+##	</description>
+##	<parameter name="userdomain_prefix">
+##		The prefix of the user domain (e.g., user
+##		is the prefix for user_t).
+##	</parameter>
 #
 define(`gpg_per_userdomain_template',`
 	gen_require(`$0'_depend)
@@ -349,3 +368,6 @@ define(`gpg_per_userdomain_template',`
 	') dnl end TODO
 ')
 
+## </template>
+
+## </module>
diff --git a/refpolicy/policy/modules/kernel/bootloader.if b/refpolicy/policy/modules/kernel/bootloader.if
index 753d0395..5a64873c 100644
--- a/refpolicy/policy/modules/kernel/bootloader.if
+++ b/refpolicy/policy/modules/kernel/bootloader.if
@@ -1,4 +1,4 @@
-## <module name="bootloader" layer="kernel">
+## <module name="bootloader">
 ## <summary>Policy for the kernel modules, kernel image, and bootloader.</summary>
 
 ########################################
diff --git a/refpolicy/policy/modules/kernel/corenetwork.if.in b/refpolicy/policy/modules/kernel/corenetwork.if.in
index f1189cf3..94308368 100644
--- a/refpolicy/policy/modules/kernel/corenetwork.if.in
+++ b/refpolicy/policy/modules/kernel/corenetwork.if.in
@@ -1,4 +1,4 @@
-## <module name="corenetwork" layer="kernel">
+## <module name="corenetwork">
 ## <summary>Policy controlling access to network objects</summary>
 
 ########################################
diff --git a/refpolicy/policy/modules/kernel/devices.if b/refpolicy/policy/modules/kernel/devices.if
index aa87733a..4611ab99 100644
--- a/refpolicy/policy/modules/kernel/devices.if
+++ b/refpolicy/policy/modules/kernel/devices.if
@@ -1,4 +1,4 @@
-## <module name="devices" layer="kernel">
+## <module name="devices">
 ## <summary>
 ##	Device nodes and interfaces for many basic system devices.
 ## </summary>
diff --git a/refpolicy/policy/modules/kernel/filesystem.if b/refpolicy/policy/modules/kernel/filesystem.if
index 6d7b9f69..4528dc48 100644
--- a/refpolicy/policy/modules/kernel/filesystem.if
+++ b/refpolicy/policy/modules/kernel/filesystem.if
@@ -1,4 +1,4 @@
-## <module name="filesystem" layer="kernel">
+## <module name="filesystem">
 ## <summary>Policy for filesystems.</summary>
 
 ########################################
diff --git a/refpolicy/policy/modules/kernel/kernel.if b/refpolicy/policy/modules/kernel/kernel.if
index d6deee89..df67d3e9 100644
--- a/refpolicy/policy/modules/kernel/kernel.if
+++ b/refpolicy/policy/modules/kernel/kernel.if
@@ -1,4 +1,4 @@
-## <module name="kernel" layer="kernel">
+## <module name="kernel">
 ## <summary>
 ##	Policy for kernel threads, proc filesystem, 
 ##	and unlabeled processes and objects.
diff --git a/refpolicy/policy/modules/kernel/selinux.if b/refpolicy/policy/modules/kernel/selinux.if
index 4f36172f..307e28a3 100644
--- a/refpolicy/policy/modules/kernel/selinux.if
+++ b/refpolicy/policy/modules/kernel/selinux.if
@@ -1,4 +1,4 @@
-## <module name="selinux" layer="kernel">
+## <module name="selinux">
 ## <summary>
 ##	Policy for kernel security interface, in particular, selinuxfs.
 ## </summary>
diff --git a/refpolicy/policy/modules/kernel/storage.if b/refpolicy/policy/modules/kernel/storage.if
index 233326f9..854ce59e 100644
--- a/refpolicy/policy/modules/kernel/storage.if
+++ b/refpolicy/policy/modules/kernel/storage.if
@@ -1,4 +1,4 @@
-## <module name="storage" layer="kernel">
+## <module name="storage">
 ## <summary>Policy controlling access to storage devices</summary>
 
 ########################################
diff --git a/refpolicy/policy/modules/kernel/terminal.if b/refpolicy/policy/modules/kernel/terminal.if
index db943ba8..90ea8a16 100644
--- a/refpolicy/policy/modules/kernel/terminal.if
+++ b/refpolicy/policy/modules/kernel/terminal.if
@@ -1,4 +1,4 @@
-## <module name="terminal" layer="kernel">
+## <module name="terminal">
 ## <summary>Policy for terminals.</summary>
 
 ########################################
diff --git a/refpolicy/policy/modules/services/mta.if b/refpolicy/policy/modules/services/mta.if
index c28b2a7b..6726287e 100644
--- a/refpolicy/policy/modules/services/mta.if
+++ b/refpolicy/policy/modules/services/mta.if
@@ -1,4 +1,4 @@
-## <module name="mta" layer="services">
+## <module name="mta">
 ## <summary>Policy common to all email tranfer agents.</summary>
 
 #######################################
diff --git a/refpolicy/policy/modules/services/remotelogin.if b/refpolicy/policy/modules/services/remotelogin.if
index e4e26d56..5fbe4ca9 100644
--- a/refpolicy/policy/modules/services/remotelogin.if
+++ b/refpolicy/policy/modules/services/remotelogin.if
@@ -1,4 +1,4 @@
-## <module name="remotelogin" layer="services">
+## <module name="remotelogin">
 ## <summary>Policy for rshd, rlogind, and telnetd.</summary>
 
 ########################################
diff --git a/refpolicy/policy/modules/services/sendmail.if b/refpolicy/policy/modules/services/sendmail.if
index cc202c58..99ba0081 100644
--- a/refpolicy/policy/modules/services/sendmail.if
+++ b/refpolicy/policy/modules/services/sendmail.if
@@ -1,4 +1,4 @@
-## <module name="sendmail" layer="services">
+## <module name="sendmail">
 ## <summary>Policy for sendmail.</summary>
 
 ########################################
diff --git a/refpolicy/policy/modules/system/authlogin.if b/refpolicy/policy/modules/system/authlogin.if
index 88f96d92..740a2b1a 100644
--- a/refpolicy/policy/modules/system/authlogin.if
+++ b/refpolicy/policy/modules/system/authlogin.if
@@ -1,4 +1,4 @@
-## <module name="authlogin" layer="system">
+## <module name="authlogin">
 ## <summary>Common policy for authentication and user login.</summary>
 
 #######################################
diff --git a/refpolicy/policy/modules/system/clock.if b/refpolicy/policy/modules/system/clock.if
index 45a22452..42449ca9 100644
--- a/refpolicy/policy/modules/system/clock.if
+++ b/refpolicy/policy/modules/system/clock.if
@@ -1,4 +1,4 @@
-## <module name="clock" layer="system">
+## <module name="clock">
 ## <summary>Policy for reading and setting the hardware clock.</summary>
 
 ########################################
diff --git a/refpolicy/policy/modules/system/corecommands.if b/refpolicy/policy/modules/system/corecommands.if
index ac9b624a..fb32f237 100644
--- a/refpolicy/policy/modules/system/corecommands.if
+++ b/refpolicy/policy/modules/system/corecommands.if
@@ -1,4 +1,4 @@
-## <module name="corecommands" layer="system">
+## <module name="corecommands">
 ## <summary>
 ##	Core policy for shells, and generic programs
 ##	in /bin, /sbin, /usr/bin, and /usr/sbin.
diff --git a/refpolicy/policy/modules/system/domain.if b/refpolicy/policy/modules/system/domain.if
index aa14bbba..018375e1 100644
--- a/refpolicy/policy/modules/system/domain.if
+++ b/refpolicy/policy/modules/system/domain.if
@@ -1,4 +1,4 @@
-## <module name="domain" layer="system">
+## <module name="domain">
 ## <summary>Core policy for domains.</summary>
 
 ########################################
diff --git a/refpolicy/policy/modules/system/files.if b/refpolicy/policy/modules/system/files.if
index 2f78d9ab..e91e72c0 100644
--- a/refpolicy/policy/modules/system/files.if
+++ b/refpolicy/policy/modules/system/files.if
@@ -1,4 +1,4 @@
-## <module name="files" layer="system">
+## <module name="files">
 ## <summary>
 ##	Basic filesystem types and interfaces.
 ## </summary>
diff --git a/refpolicy/policy/modules/system/getty.if b/refpolicy/policy/modules/system/getty.if
index 51ce7a5a..41850c1d 100644
--- a/refpolicy/policy/modules/system/getty.if
+++ b/refpolicy/policy/modules/system/getty.if
@@ -1,4 +1,4 @@
-## <module name="getty" layer="system">
+## <module name="getty">
 ## <summary>Policy for getty.</summary>
 
 ########################################
diff --git a/refpolicy/policy/modules/system/hostname.if b/refpolicy/policy/modules/system/hostname.if
index 3a37ecb1..28b679d5 100644
--- a/refpolicy/policy/modules/system/hostname.if
+++ b/refpolicy/policy/modules/system/hostname.if
@@ -1,4 +1,4 @@
-## <module name="hostname" layer="system">
+## <module name="hostname">
 ## <summary>Policy for changing the system host name.</summary>
 
 ########################################
diff --git a/refpolicy/policy/modules/system/hotplug.if b/refpolicy/policy/modules/system/hotplug.if
index 4007f50c..9f6dd58f 100644
--- a/refpolicy/policy/modules/system/hotplug.if
+++ b/refpolicy/policy/modules/system/hotplug.if
@@ -1,4 +1,4 @@
-## <module name="hotplug" layer="system">
+## <module name="hotplug">
 ## <summary>
 ##	Policy for hotplug system, for supporting the
 ##	connection and disconnection of devices at runtime.
diff --git a/refpolicy/policy/modules/system/init.if b/refpolicy/policy/modules/system/init.if
index 9d3013aa..ce8b55ea 100644
--- a/refpolicy/policy/modules/system/init.if
+++ b/refpolicy/policy/modules/system/init.if
@@ -1,4 +1,4 @@
-## <module name="init" layer="system">
+## <module name="init">
 ## <summary>System initialization programs (init and init scripts).</summary>
 
 ########################################
diff --git a/refpolicy/policy/modules/system/iptables.if b/refpolicy/policy/modules/system/iptables.if
index b46ea3c9..c41a5c03 100644
--- a/refpolicy/policy/modules/system/iptables.if
+++ b/refpolicy/policy/modules/system/iptables.if
@@ -1,4 +1,4 @@
-## <module name="iptables" layer="system">
+## <module name="iptables">
 ## <summary>Policy for iptables.</summary>
 
 ########################################
diff --git a/refpolicy/policy/modules/system/libraries.if b/refpolicy/policy/modules/system/libraries.if
index 2f7514ee..f187806c 100644
--- a/refpolicy/policy/modules/system/libraries.if
+++ b/refpolicy/policy/modules/system/libraries.if
@@ -1,4 +1,4 @@
-## <module name="libraries" layer="system">
+## <module name="libraries">
 ## <summary>Policy for system libraries.</summary>
 
 ########################################
diff --git a/refpolicy/policy/modules/system/locallogin.if b/refpolicy/policy/modules/system/locallogin.if
index ef30cb7d..281da201 100644
--- a/refpolicy/policy/modules/system/locallogin.if
+++ b/refpolicy/policy/modules/system/locallogin.if
@@ -1,4 +1,4 @@
-## <module name="locallogin" layer="system">
+## <module name="locallogin">
 ## <summary>Policy for local logins.</summary>
 
 ########################################
diff --git a/refpolicy/policy/modules/system/logging.if b/refpolicy/policy/modules/system/logging.if
index e7e4c4e3..df1b2c51 100644
--- a/refpolicy/policy/modules/system/logging.if
+++ b/refpolicy/policy/modules/system/logging.if
@@ -1,4 +1,4 @@
-## <module name="logging" layer="system">
+## <module name="logging">
 ## <summary>Policy for the kernel message logger and system logging daemon.</summary>
 
 #######################################
diff --git a/refpolicy/policy/modules/system/lvm.if b/refpolicy/policy/modules/system/lvm.if
index fb0c1631..adc7b50a 100644
--- a/refpolicy/policy/modules/system/lvm.if
+++ b/refpolicy/policy/modules/system/lvm.if
@@ -1,4 +1,4 @@
-## <module name="lvm" layer="system">
+## <module name="lvm">
 ## <summary>Policy for logical volume management programs.</summary>
 
 ########################################
diff --git a/refpolicy/policy/modules/system/miscfiles.if b/refpolicy/policy/modules/system/miscfiles.if
index d8d8c607..cef50ffd 100644
--- a/refpolicy/policy/modules/system/miscfiles.if
+++ b/refpolicy/policy/modules/system/miscfiles.if
@@ -1,4 +1,4 @@
-## <module name="miscfiles" layer="system">
+## <module name="miscfiles">
 ## <summary>Miscelaneous files.</summary>
 
 ########################################
diff --git a/refpolicy/policy/modules/system/modutils.if b/refpolicy/policy/modules/system/modutils.if
index c4cefedb..2c310cf0 100644
--- a/refpolicy/policy/modules/system/modutils.if
+++ b/refpolicy/policy/modules/system/modutils.if
@@ -1,4 +1,4 @@
-## <module name="modutils" layer="system">
+## <module name="modutils">
 ## <summary>Policy for kernel module utilities</summary>
 
 ########################################
diff --git a/refpolicy/policy/modules/system/mount.if b/refpolicy/policy/modules/system/mount.if
index ac8cd49f..e7cbdc1b 100644
--- a/refpolicy/policy/modules/system/mount.if
+++ b/refpolicy/policy/modules/system/mount.if
@@ -1,4 +1,4 @@
-## <module name="mount" layer="system">
+## <module name="mount">
 ## <summary>Policy for mount.</summary>
 
 ########################################
diff --git a/refpolicy/policy/modules/system/selinuxutil.if b/refpolicy/policy/modules/system/selinuxutil.if
index 6183f14c..a4108b04 100644
--- a/refpolicy/policy/modules/system/selinuxutil.if
+++ b/refpolicy/policy/modules/system/selinuxutil.if
@@ -1,4 +1,4 @@
-## <module name="selinuxutil" layer="system">
+## <module name="selinuxutil">
 ## <summary>Policy for SELinux policy and userland applications.</summary>
 
 #######################################
diff --git a/refpolicy/policy/modules/system/sysnetwork.if b/refpolicy/policy/modules/system/sysnetwork.if
index 08ee0219..ce884dc9 100644
--- a/refpolicy/policy/modules/system/sysnetwork.if
+++ b/refpolicy/policy/modules/system/sysnetwork.if
@@ -1,4 +1,4 @@
-## <module name="sysnetwork" layer="system">
+## <module name="sysnetwork">
 ## <summary>Policy for network configuration: ifconfig and dhcp client.</summary>
 
 #######################################
diff --git a/refpolicy/policy/modules/system/udev.if b/refpolicy/policy/modules/system/udev.if
index c1eccd0d..4b986f52 100644
--- a/refpolicy/policy/modules/system/udev.if
+++ b/refpolicy/policy/modules/system/udev.if
@@ -1,4 +1,4 @@
-## <module name="udev" layer="system">
+## <module name="udev">
 ## <summary>Policy for udev.</summary>
 
 ########################################
diff --git a/refpolicy/policy/modules/system/userdomain.if b/refpolicy/policy/modules/system/userdomain.if
index db11429e..229bd812 100644
--- a/refpolicy/policy/modules/system/userdomain.if
+++ b/refpolicy/policy/modules/system/userdomain.if
@@ -1,4 +1,4 @@
-## <module name="userdomain" layer="system">
+## <module name="userdomain">
 ## <summary>Policy for user domains</summary>
 
 ########################################