Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

policy/modules/services/cachefilesd.te

@@ -100,7 +100,7 @@ allow cachefilesd_t cachefiles_dev_t:chr_file rw_file_perms;
 
 # Allow access to cache superstructure
 allow cachefilesd_t cachefiles_var_t:dir { rw_dir_perms delete_dir_perms };
-allow cachefilesd_t cachefiles_var_t:file { rename delete_file_perms};
+allow cachefilesd_t cachefiles_var_t:file { rename delete_file_perms };
 
 # Permit statfs on the backing filesystem
 fs_getattr_xattr_fs(cachefilesd_t)

policy/modules/services/ccs.te

@@ -107,7 +107,7 @@ sysnet_dns_name_resolve(ccs_t)
 userdom_manage_unpriv_user_shared_mem(ccs_t)
 userdom_manage_unpriv_user_semaphores(ccs_t)
 
-ifdef(`hide_broken_symptoms', `
+ifdef(`hide_broken_symptoms',`
 	corecmd_dontaudit_write_bin_dirs(ccs_t)
 	files_manage_isid_type_files(ccs_t)
 ')

policy/modules/services/certmaster.te

@@ -43,12 +43,12 @@ files_var_lib_filetrans(certmaster_t, certmaster_var_lib_t, { file dir })
 
 # log files
 manage_files_pattern(certmaster_t, certmaster_var_log_t, certmaster_var_log_t)
-logging_log_filetrans(certmaster_t, certmaster_var_log_t, file )
+logging_log_filetrans(certmaster_t, certmaster_var_log_t, file)
 
 # pid file
 manage_files_pattern(certmaster_t, certmaster_var_run_t, certmaster_var_run_t)
 manage_sock_files_pattern(certmaster_t, certmaster_var_run_t, certmaster_var_run_t)
-files_pid_filetrans(certmaster_t ,certmaster_var_run_t, { file sock_file })
+files_pid_filetrans(certmaster_t, certmaster_var_run_t, { file sock_file })
 
 # read meminfo
 kernel_read_system_state(certmaster_t)

policy/modules/services/certmonger.te

@@ -32,7 +32,7 @@ allow certmonger_t self:netlink_route_socket r_netlink_socket_perms;
 
 manage_dirs_pattern(certmonger_t, certmonger_var_lib_t, certmonger_var_lib_t)
 manage_files_pattern(certmonger_t, certmonger_var_lib_t, certmonger_var_lib_t)
-files_var_lib_filetrans(certmonger_t, certmonger_var_lib_t, { file dir } )
+files_var_lib_filetrans(certmonger_t, certmonger_var_lib_t, { file dir })
 
 manage_dirs_pattern(certmonger_t, certmonger_var_run_t, certmonger_var_run_t)
 manage_files_pattern(certmonger_t, certmonger_var_run_t, certmonger_var_run_t)

policy/modules/services/clamav.te

@@ -1,9 +1,9 @@
 policy_module(clamav, 1.8.1)
 
 ## <desc>
-## <p>
+##	<p>
-## Allow clamd to use JIT compiler
+##	Allow clamd to use JIT compiler
-## </p>
+##	</p>
 ## </desc>
 gen_tunable(clamd_use_jit, false)
 
@@ -150,7 +150,7 @@ optional_policy(`
 tunable_policy(`clamd_use_jit',`
 	allow clamd_t self:process execmem;
 	allow clamscan_t self:process execmem;
-', `
+',`
 	dontaudit clamd_t self:process execmem;
 	dontaudit clamscan_t self:process execmem;
 ')
@@ -226,7 +226,7 @@ optional_policy(`
 
 tunable_policy(`clamd_use_jit',`
 	allow freshclam_t self:process execmem;
-', `
+',`
 	dontaudit freshclam_t self:process execmem;
 ')
 

policy/modules/services/clogd.te

@@ -23,7 +23,6 @@ files_pid_file(clogd_var_run_t)
 
 allow clogd_t self:capability { net_admin mknod };
 allow clogd_t self:process signal;
-
 allow clogd_t self:sem create_sem_perms;
 allow clogd_t self:shm create_shm_perms;
 allow clogd_t self:netlink_socket create_socket_perms;

policy/modules/services/cmirrord.te

@@ -1,4 +1,4 @@
-policy_module(cmirrord,1.0.0)
+policy_module(cmirrord, 1.0.0)
 
 ########################################
 #
@@ -26,9 +26,7 @@ files_pid_file(cmirrord_var_run_t)
 allow cmirrord_t self:capability { net_admin kill };
 dontaudit cmirrord_t self:capability sys_tty_config;
 allow cmirrord_t self:process signal;
-
 allow cmirrord_t self:fifo_file rw_fifo_file_perms;
-
 allow cmirrord_t self:sem create_sem_perms;
 allow cmirrord_t self:shm create_shm_perms;
 allow cmirrord_t self:netlink_socket create_socket_perms;
@@ -51,5 +49,5 @@ logging_send_syslog_msg(cmirrord_t)
 miscfiles_read_localization(cmirrord_t)
 
 optional_policy(`
-        corosync_stream_connect(cmirrord_t)
+	corosync_stream_connect(cmirrord_t)
 ')

policy/modules/services/cobbler.te

@@ -6,32 +6,32 @@ policy_module(cobbler, 1.1.0)
 #
 
 ## <desc>
-## <p>
+##	<p>
-## Allow Cobbler to modify public files
+##	Allow Cobbler to modify public files
-## used for public file transfer services.
+##	used for public file transfer services.
-## </p>
+##	</p>
 ## </desc>
 gen_tunable(cobbler_anon_write, false)
-  
+
 ## <desc>
-## <p>
+##	<p>
-##     Allow Cobbler to connect to the
+##	Allow Cobbler to connect to the
-##     network using TCP.
+##	network using TCP.
-## </p>
+##	</p>
 ## </desc>
 gen_tunable(cobbler_can_network_connect, false)
 
 ## <desc>
-## <p>
+##	<p>
-##     Allow Cobbler to access cifs file systems.
+##	Allow Cobbler to access cifs file systems.
-## </p>
+##	</p>
 ## </desc>
 gen_tunable(cobbler_use_cifs, false)
 
 ## <desc>
-## <p>
+##	<p>
-##     Allow Cobbler to access nfs file systems.
+##	Allow Cobbler to access nfs file systems.
-## </p>
+##	</p>
 ## </desc>
 gen_tunable(cobbler_use_nfs, false)
 

policy/modules/services/consolekit.te

@@ -113,7 +113,7 @@ optional_policy(`
 ')
 
 optional_policy(`
-        policykit_dbus_chat(consolekit_t)
+	policykit_dbus_chat(consolekit_t)
 	policykit_domtrans_auth(consolekit_t)
 	policykit_read_lib(consolekit_t)
 	policykit_read_reload(consolekit_t)

policy/modules/services/cron.te

@@ -10,18 +10,18 @@ gen_require(`
 #
 
 ## <desc>
-## <p>
+##	<p>
-## Allow system cron jobs to relabel filesystem
+##	Allow system cron jobs to relabel filesystem
-## for restoring file contexts.
+##	for restoring file contexts.
-## </p>
+##	</p>
 ## </desc>
 gen_tunable(cron_can_relabel, false)
 
 ## <desc>
-## <p>
+##	<p>
-## Enable extra rules in the cron domain
+##	Enable extra rules in the cron domain
-## to support fcron.
+##	to support fcron.
-## </p>
+##	</p>
 ## </desc>
 gen_tunable(fcron_crond, false)
 
@@ -138,7 +138,7 @@ selinux_compute_create_context(admin_crontab_t)
 selinux_compute_relabel_context(admin_crontab_t)
 selinux_compute_user_contexts(admin_crontab_t)
 
-tunable_policy(`fcron_crond', `
+tunable_policy(`fcron_crond',`
 	# fcron wants an instant update of a crontab change for the administrator
 	# also crontab does a security check for crontab -u
 	allow admin_crontab_t self:process setfscreate;
@@ -251,7 +251,7 @@ ifdef(`distro_debian',`
 	')
 ')
 
-ifdef(`distro_redhat', `
+ifdef(`distro_redhat',`
 	# Run the rpm program in the rpm_t domain. Allow creation of RPM log files
 	# via redirection of standard out.
 	optional_policy(`
@@ -268,8 +268,8 @@ optional_policy(`
 ')
 
 optional_policy(`
-    djbdns_search_tinydns_keys(crond_t)
+	djbdns_search_tinydns_keys(crond_t)
-    djbdns_link_tinydns_keys(crond_t)
+	djbdns_link_tinydns_keys(crond_t)
 ')
 
 optional_policy(`
@@ -287,7 +287,7 @@ optional_policy(`
 	mono_domtrans(crond_t)
 ')
 
-tunable_policy(`fcron_crond', `
+tunable_policy(`fcron_crond',`
 	allow crond_t system_cron_spool_t:file manage_file_perms;
 ')
 
@@ -472,7 +472,7 @@ miscfiles_manage_man_pages(system_cronjob_t)
 
 seutil_read_config(system_cronjob_t)
 
-ifdef(`distro_redhat', `
+ifdef(`distro_redhat',`
 	# Run the rpm program in the rpm_t domain. Allow creation of RPM log files
 	allow crond_t system_cron_spool_t:file manage_file_perms;
 
@@ -687,7 +687,7 @@ read_files_pattern(crond_t, user_cron_spool_t, user_cron_spool_t)
 read_lnk_files_pattern(crond_t, user_cron_spool_t, user_cron_spool_t)
 allow crond_t user_cron_spool_t:file manage_lnk_file_perms;
 
-tunable_policy(`fcron_crond', `
+tunable_policy(`fcron_crond',`
 	allow crond_t user_cron_spool_t:file manage_file_perms;
 ')
 

policy/modules/services/cups.te

@@ -163,7 +163,7 @@ read_files_pattern(cupsd_t, hplip_etc_t, hplip_etc_t)
 allow cupsd_t hplip_var_run_t:file read_file_perms;
 
 stream_connect_pattern(cupsd_t, ptal_var_run_t, ptal_var_run_t, ptal_t)
-allow cupsd_t ptal_var_run_t : sock_file setattr_sock_file_perms;
+allow cupsd_t ptal_var_run_t:sock_file setattr_sock_file_perms;
 
 kernel_read_system_state(cupsd_t)
 kernel_read_network_state(cupsd_t)
@@ -657,7 +657,7 @@ manage_files_pattern(hplip_t, hplip_var_lib_t, hplip_var_lib_t)
 manage_lnk_files_pattern(hplip_t, hplip_var_lib_t, hplip_var_lib_t)
 
 manage_fifo_files_pattern(hplip_t, hplip_tmp_t, hplip_tmp_t)
-files_tmp_filetrans(hplip_t, hplip_tmp_t, fifo_file )
+files_tmp_filetrans(hplip_t, hplip_tmp_t, fifo_file)
 
 manage_files_pattern(hplip_t, hplip_var_run_t, hplip_var_run_t)
 files_pid_filetrans(hplip_t, hplip_var_run_t, file)

policy/modules/services/cvs.te

@@ -6,9 +6,9 @@ policy_module(cvs, 1.9.0)
 #
 
 ## <desc>
-## <p>
+##	<p>
-## Allow cvs daemon to read shadow
+##	Allow cvs daemon to read shadow
-## </p>
+##	</p>
 ## </desc>
 gen_tunable(allow_cvs_read_shadow, false)
 

policy/modules/services/dbus.te

@@ -152,7 +152,7 @@ optional_policy(`
 ')
 
 optional_policy(`
-        policykit_dbus_chat(system_dbusd_t)
+	policykit_dbus_chat(system_dbusd_t)
 	policykit_domtrans_auth(system_dbusd_t)
 	policykit_search_lib(system_dbusd_t)
 ')

policy/modules/services/denyhosts.te

@@ -77,5 +77,5 @@ optional_policy(`
 ')
 
 optional_policy(`
-    gnome_dontaudit_search_config(denyhosts_t)
+	gnome_dontaudit_search_config(denyhosts_t)
 ')

policy/modules/services/devicekit.te

@@ -309,4 +309,3 @@ optional_policy(`
 optional_policy(`
 	vbetool_domtrans(devicekit_power_t)
 ')
-

policy/modules/services/dovecot.te

@@ -164,8 +164,8 @@ optional_policy(`
 ')
 
 optional_policy(`
-    postfix_manage_private_sockets(dovecot_t)
+	postfix_manage_private_sockets(dovecot_t)
-    postfix_search_spool(dovecot_t)
+	postfix_search_spool(dovecot_t)
 ')
 
 optional_policy(`

policy/modules/services/exim.te

@@ -6,24 +6,24 @@ policy_module(exim, 1.5.0)
 #
 
 ## <desc>
-## <p>
+##	<p>
-## Allow exim to connect to databases (postgres, mysql)
+##	Allow exim to connect to databases (postgres, mysql)
-## </p>
+##	</p>
 ## </desc>
 gen_tunable(exim_can_connect_db, false)
 
 ## <desc>
-## <p>
+##	<p>
-## Allow exim to read unprivileged user files.
+##	Allow exim to read unprivileged user files.
-## </p>
+##	</p>
 ## </desc>
 gen_tunable(exim_read_user_files, false)
 
 ## <desc>
-## <p>
+##	<p>
-## Allow exim to create, read, write, and delete
+##	Allow exim to create, read, write, and delete
-## unprivileged user files.
+##	unprivileged user files.
-## </p>
+##	</p>
 ## </desc>
 gen_tunable(exim_manage_user_files, false)
 
@@ -174,7 +174,7 @@ optional_policy(`
 ')
 
 optional_policy(`
-    nagios_search_spool(exim_t)
+	nagios_search_spool(exim_t)
 ')
 
 optional_policy(`

policy/modules/services/fail2ban.te

@@ -94,7 +94,7 @@ optional_policy(`
 ')
 
 optional_policy(`
-    gnome_dontaudit_search_config(fail2ban_t)
+	gnome_dontaudit_search_config(fail2ban_t)
 ')
 
 optional_policy(`

policy/modules/services/ftp.te

@@ -6,82 +6,82 @@ policy_module(ftp, 1.12.0)
 #
 
 ## <desc>
-## <p>
+##	<p>
-## Allow ftp servers to upload files,  used for public file
+##	Allow ftp servers to upload files,  used for public file
-## transfer services. Directories must be labeled
+##	transfer services. Directories must be labeled
-## public_content_rw_t.
+##	public_content_rw_t.
-## </p>
+##	</p>
 ## </desc>
 gen_tunable(allow_ftpd_anon_write, false)
 
 ## <desc>
-## <p>
+##	<p>
-## Allow ftp servers to login to local users and
+##	Allow ftp servers to login to local users and
-## read/write all files on the system, governed by DAC.
+##	read/write all files on the system, governed by DAC.
-## </p>
+##	</p>
 ## </desc>
 gen_tunable(allow_ftpd_full_access, false)
 
 ## <desc>
-## <p>
+##	<p>
-## Allow ftp servers to use cifs
+##	Allow ftp servers to use cifs
-## used for public file transfer services.
+##	used for public file transfer services.
-## </p>
+##	</p>
 ## </desc>
 gen_tunable(allow_ftpd_use_cifs, false)
 
 ## <desc>
-## <p>
+##	<p>
-## Allow ftp servers to use nfs
+##	Allow ftp servers to use nfs
-## used for public file transfer services.
+##	used for public file transfer services.
-## </p>
+##	</p>
 ## </desc>
 gen_tunable(allow_ftpd_use_nfs, false)
 
 ## <desc>
-## <p>
+##	<p>
-## Allow ftp servers to use connect to mysql database
+##	Allow ftp servers to use connect to mysql database
-## </p>
+##	</p>
 ## </desc>
 gen_tunable(ftpd_connect_db, false)
 
 ## <desc>
-## <p>
+##	<p>
-## Allow ftp to read and write files in the user home directories
+##	Allow ftp to read and write files in the user home directories
-## </p>
+##	</p>
 ## </desc>
 gen_tunable(ftp_home_dir, false)
 
 ## <desc>
-## <p>
+##	<p>
-## Allow anon internal-sftp to upload files, used for
+##	Allow anon internal-sftp to upload files, used for
-## public file transfer services. Directories must be labeled
+##	public file transfer services. Directories must be labeled
-## public_content_rw_t.
+##	public_content_rw_t.
-## </p>
+##	</p>
 ## </desc>
 gen_tunable(sftpd_anon_write, false)
 
 ## <desc>
-## <p>
+##	<p>
-## Allow sftp-internal to read and write files
+##	Allow sftp-internal to read and write files
-## in the user home directories
+##	in the user home directories
-## </p>
+##	</p>
 ## </desc>
 gen_tunable(sftpd_enable_homedirs, false)
 
 ## <desc>
-## <p>
+##	<p>
-## Allow sftp-internal to login to local users and
+##	Allow sftp-internal to login to local users and
-## read/write all files on the system, governed by DAC.
+##	read/write all files on the system, governed by DAC.
-## </p>
+##	</p>
 ## </desc>
 gen_tunable(sftpd_full_access, false)
 
 ## <desc>
-## <p>
+##	<p>
-## Allow interlnal-sftp to read and write files 
+##	Allow interlnal-sftp to read and write files 
-## in the user ssh home directories.
+##	in the user ssh home directories.
-## </p>
+##	</p>
 ## </desc>
 gen_tunable(sftpd_write_ssh_home, false)
 
@@ -181,7 +181,7 @@ fs_tmpfs_filetrans(ftpd_t, ftpd_tmpfs_t, { dir file lnk_file sock_file fifo_file
 manage_dirs_pattern(ftpd_t, ftpd_var_run_t, ftpd_var_run_t)
 manage_files_pattern(ftpd_t, ftpd_var_run_t, ftpd_var_run_t)
 manage_sock_files_pattern(ftpd_t, ftpd_var_run_t, ftpd_var_run_t)
-files_pid_filetrans(ftpd_t, ftpd_var_run_t, { file dir} )
+files_pid_filetrans(ftpd_t, ftpd_var_run_t, { file dir })
 
 # proftpd requires the client side to bind a socket so that
 # it can stat the socket to perform access control decisions,
@@ -291,10 +291,10 @@ tunable_policy(`ftp_home_dir',`
 	userdom_manage_user_home_content(ftpd_t)
 	userdom_manage_user_tmp_files(ftpd_t)
 	userdom_tmp_filetrans_user_tmp(ftpd_t, file)
-', `
+',`
-   # Needed for permissive mode, to make sure everything gets labeled correctly
+	# Needed for permissive mode, to make sure everything gets labeled correctly
-   userdom_user_home_dir_filetrans_pattern(ftpd_t, { dir file lnk_file })
+	userdom_user_home_dir_filetrans_pattern(ftpd_t, { dir file lnk_file })
-   files_tmp_filetrans(ftpd_t, ftpd_tmp_t, { file dir })
+	files_tmp_filetrans(ftpd_t, ftpd_tmp_t, { file dir })
 ')
 
 tunable_policy(`ftp_home_dir && use_nfs_home_dirs',`
@@ -400,6 +400,7 @@ userdom_use_user_terminals(ftpdctl_t)
 #
 # sftpd local policy
 #
+
 files_read_etc_files(sftpd_t)
 
 # allow read access to /home by default
@@ -408,13 +409,13 @@ userdom_read_user_home_content_symlinks(sftpd_t)
 userdom_dontaudit_list_admin_dir(sftpd_t)
 
 tunable_policy(`sftpd_full_access',`
-    allow sftpd_t self:capability { dac_override dac_read_search };
+	allow sftpd_t self:capability { dac_override dac_read_search };
-    fs_read_noxattr_fs_files(sftpd_t)
+	fs_read_noxattr_fs_files(sftpd_t)
-    auth_manage_all_files_except_shadow(sftpd_t)
+	auth_manage_all_files_except_shadow(sftpd_t)
 ')
 
 tunable_policy(`sftpd_write_ssh_home',`
-    ssh_manage_home_files(sftpd_t)
+	ssh_manage_home_files(sftpd_t)
 ')
 
 tunable_policy(`sftpd_enable_homedirs',`
@@ -424,9 +425,9 @@ tunable_policy(`sftpd_enable_homedirs',`
 	files_list_home(sftpd_t)
 	userdom_read_user_home_content_files(sftpd_t)
 	userdom_manage_user_home_content(sftpd_t)
-', `
+',`
-   # Needed for permissive mode, to make sure everything gets labeled correctly
+	# Needed for permissive mode, to make sure everything gets labeled correctly
-   userdom_user_home_dir_filetrans_pattern(sftpd_t, { dir file lnk_file })
+	userdom_user_home_dir_filetrans_pattern(sftpd_t, { dir file lnk_file })
 ')
 
 tunable_policy(`sftpd_enable_homedirs && use_nfs_home_dirs',`

policy/modules/services/git.te

@@ -1,23 +1,23 @@
 policy_module(git, 1.0.3)
 
 ## <desc>
-## <p>
+##	<p>
-## Allow Git daemon system to search home directories.
+##	Allow Git daemon system to search home directories.
-## </p>
+##	</p>
 ## </desc>
 gen_tunable(git_system_enable_homedirs, false)
 
 ## <desc>
-## <p>
+##	<p>
-## Allow Git daemon system to access cifs file systems.
+##	Allow Git daemon system to access cifs file systems.
-## </p>
+##	</p>
 ## </desc>
 gen_tunable(git_system_use_cifs, false)
 
 ## <desc>
-## <p>
+##	<p>
-## Allow Git daemon system to access nfs file systems.
+##	Allow Git daemon system to access nfs file systems.
-## </p>
+##	</p>
 ## </desc>
 gen_tunable(git_system_use_nfs, false)
 
@@ -51,10 +51,10 @@ typealias git_system_content_t alias git_data_t;
 #
 
 ## <desc>
-## <p>
+##	<p>
-## Allow Git daemon session to bind
+##	Allow Git daemon session to bind
-## tcp sockets to all unreserved ports.
+##	tcp sockets to all unreserved ports.
-## </p>
+##	</p>
 ## </desc>
 gen_tunable(git_session_bind_all_unreserved_ports, false)
 
@@ -119,26 +119,26 @@ list_dirs_pattern(git_system_t, git_content, git_content)
 read_files_pattern(git_system_t, git_content, git_content)
 files_search_var_lib(git_system_t)
 
-tunable_policy(`git_system_enable_homedirs', `
+tunable_policy(`git_system_enable_homedirs',`
 	userdom_search_user_home_dirs(git_system_t)
 ')
 
-tunable_policy(`git_system_enable_homedirs && use_nfs_home_dirs', `
+tunable_policy(`git_system_enable_homedirs && use_nfs_home_dirs',`
 	fs_list_nfs(git_system_t)
 	fs_read_nfs_files(git_system_t)
 ')
 
-tunable_policy(`git_system_enable_homedirs && use_samba_home_dirs', `
+tunable_policy(`git_system_enable_homedirs && use_samba_home_dirs',`
 	fs_list_cifs(git_system_t)
 	fs_read_cifs_files(git_system_t)
 ')
 
-tunable_policy(`git_system_use_cifs', `
+tunable_policy(`git_system_use_cifs',`
 	fs_list_cifs(git_system_t)
 	fs_read_cifs_files(git_system_t)
 ')
 
-tunable_policy(`git_system_use_nfs', `
+tunable_policy(`git_system_use_nfs',`
 	fs_list_nfs(git_system_t)
 	fs_read_nfs_files(git_system_t)
 ')
@@ -156,17 +156,17 @@ userdom_search_user_home_dirs(git_session_t)
 
 userdom_use_user_terminals(git_session_t)
 
-tunable_policy(`git_session_bind_all_unreserved_ports', `
+tunable_policy(`git_session_bind_all_unreserved_ports',`
 	corenet_tcp_bind_all_unreserved_ports(git_session_t)
 	corenet_sendrecv_generic_server_packets(git_session_t)
 ')
 
-tunable_policy(`use_nfs_home_dirs', `
+tunable_policy(`use_nfs_home_dirs',`
 	fs_list_nfs(git_session_t)
 	fs_read_nfs_files(git_session_t)
 ')
 
-tunable_policy(`use_samba_home_dirs', `
+tunable_policy(`use_samba_home_dirs',`
 	fs_list_cifs(git_session_t)
 	fs_read_cifs_files(git_session_t)
 ')
@@ -189,4 +189,3 @@ optional_policy(`
 
 git_role_template(git_shell)
 gen_user(git_shell_u, user, git_shell_r, s0, s0)
-

policy/modules/services/hal.te

@@ -316,7 +316,7 @@ optional_policy(`
 ')
 
 optional_policy(`
-        policykit_dbus_chat(hald_t)
+	policykit_dbus_chat(hald_t)
 	policykit_domtrans_auth(hald_t)
 	policykit_domtrans_resolve(hald_t)
 	policykit_read_lib(hald_t)
@@ -333,7 +333,7 @@ optional_policy(`
 
 optional_policy(`
 	shutdown_domtrans(hald_t)
-')    
+')
 
 optional_policy(`
 	udev_domtrans(hald_t)
@@ -411,7 +411,7 @@ logging_send_syslog_msg(hald_acl_t)
 miscfiles_read_localization(hald_acl_t)
 
 optional_policy(`
-        policykit_dbus_chat(hald_acl_t)
+	policykit_dbus_chat(hald_acl_t)
 	policykit_domtrans_auth(hald_acl_t)
 	policykit_read_lib(hald_acl_t)
 	policykit_read_reload(hald_acl_t)
@@ -493,7 +493,7 @@ files_read_usr_files(hald_keymap_t)
 
 miscfiles_read_localization(hald_keymap_t)
 
-# This is caused by a bug in hald and PolicyKit.  
+# This is caused by a bug in hald and PolicyKit.
 # Should be removed when this is fixed
 cron_read_system_job_lib_files(hald_t)
 

policy/modules/services/hddtemp.te

@@ -46,4 +46,3 @@ storage_raw_read_fixed_disk(hddtemp_t)
 logging_send_syslog_msg(hddtemp_t)
 
 miscfiles_read_localization(hddtemp_t)
-

policy/modules/services/icecast.te

@@ -6,10 +6,10 @@ policy_module(icecast, 1.0.1)
 #
 
 ## <desc>
-## <p>
+##	<p>
-## Allow icecast to connect to all ports, not just
+##	Allow icecast to connect to all ports, not just
-## sound ports.
+##	sound ports.
-## </p>
+##	</p>
 ## </desc>
 gen_tunable(icecast_connect_any, false)
 
@@ -39,7 +39,7 @@ allow icecast_t self:tcp_socket create_stream_socket_perms;
 
 manage_dirs_pattern(icecast_t, icecast_log_t, icecast_log_t)
 manage_files_pattern(icecast_t, icecast_log_t, icecast_log_t)
-logging_log_filetrans(icecast_t, icecast_log_t, { file dir } )
+logging_log_filetrans(icecast_t, icecast_log_t, { file dir })
 
 manage_dirs_pattern(icecast_t, icecast_var_run_t, icecast_var_run_t)
 manage_files_pattern(icecast_t, icecast_var_run_t, icecast_var_run_t)

policy/modules/services/inn.te

@@ -4,6 +4,7 @@ policy_module(inn, 1.9.0)
 #
 # Declarations
 #
+
 type innd_t;
 type innd_exec_t;
 init_daemon_domain(innd_t, innd_exec_t)
@@ -30,6 +31,7 @@ files_mountpoint(news_spool_t)
 #
 # Local policy
 #
+
 allow innd_t self:capability { dac_override kill setgid setuid };
 dontaudit innd_t self:capability sys_tty_config;
 allow innd_t self:process { setsched signal_perms };

policy/modules/services/jabber.te

@@ -1,4 +1,3 @@
-
 policy_module(jabber, 1.8.0)
 
 ########################################
@@ -84,7 +83,7 @@ corenet_tcp_bind_jabber_router_port(jabberd_router_t)
 corenet_sendrecv_jabber_router_server_packets(jabberd_router_t)
 
 optional_policy(`
-        kerberos_use(jabberd_router_t)
+	kerberos_use(jabberd_router_t)
 ')
 
 ########################################

policy/modules/services/kerberos.te

@@ -6,9 +6,9 @@ policy_module(kerberos, 1.11.0)
 #
 
 ## <desc>
-## <p>
+##	<p>
-## Allow confined applications to run with kerberos.
+##	Allow confined applications to run with kerberos.
-## </p>
+##	</p>
 ## </desc>
 gen_tunable(allow_kerberos, false)
 

policy/modules/services/ksmtuned.te

@@ -49,4 +49,3 @@ mls_file_read_to_clearance(ksmtuned_t)
 term_use_all_terms(ksmtuned_t)
 
 miscfiles_read_localization(ksmtuned_t)
-

policy/modules/services/ldap.te

@@ -82,7 +82,7 @@ manage_files_pattern(slapd_t, slapd_tmp_t, slapd_tmp_t)
 files_tmp_filetrans(slapd_t, slapd_tmp_t, { file dir })
 
 manage_files_pattern(slapd_t, slapd_tmpfs_t, slapd_tmpfs_t)
-fs_tmpfs_filetrans(slapd_t, slapd_tmpfs_t,file)
+fs_tmpfs_filetrans(slapd_t, slapd_tmpfs_t, file)
 
 manage_dirs_pattern(slapd_t, slapd_var_run_t, slapd_var_run_t)
 manage_files_pattern(slapd_t, slapd_var_run_t, slapd_var_run_t)

policy/modules/services/lpd.te

@@ -6,9 +6,9 @@ policy_module(lpd, 1.12.0)
 #
 
 ## <desc>
-## <p>
+##	<p>
-## Use lpd server instead of cups
+##	Use lpd server instead of cups
-## </p>
+##	</p>
 ## </desc>
 gen_tunable(use_lpd_server, false)
 

policy/modules/services/milter.te

@@ -33,7 +33,6 @@ files_type(spamass_milter_state_t)
 #
 
 allow dkim_milter_t self:capability { kill setgid setuid };
-
 allow dkim_milter_t self:unix_stream_socket create_stream_socket_perms;
 
 read_files_pattern(dkim_milter_t, dkim_milter_private_key_t, dkim_milter_private_key_t)
@@ -47,8 +46,8 @@ mta_read_config(dkim_milter_t)
 ########################################
 #
 # milter-greylist local policy
-#   ensure smtp clients retry mail like real MTAs and not spamware
+#	ensure smtp clients retry mail like real MTAs and not spamware
-#   http://hcpnet.free.fr/milter-greylist/
+#	http://hcpnet.free.fr/milter-greylist/
 #
 
 # It removes any existing socket (not owned by root) whilst running as root,
@@ -76,8 +75,8 @@ mta_read_config(greylist_milter_t)
 ########################################
 #
 # milter-regex local policy
-#   filter emails using regular expressions
+#	filter emails using regular expressions
-#   http://www.benzedrine.cx/milter-regex.html
+#	http://www.benzedrine.cx/milter-regex.html
 #
 
 # It removes any existing socket (not owned by root) whilst running as root
@@ -96,8 +95,8 @@ mta_read_config(regex_milter_t)
 ########################################
 #
 # spamass-milter local policy
-#   pipe emails through SpamAssassin
+#	pipe emails through SpamAssassin
-#   http://savannah.nongnu.org/projects/spamass-milt/
+#	http://savannah.nongnu.org/projects/spamass-milt/
 #
 
 # The milter runs from /var/lib/spamass-milter

policy/modules/services/mock.te

@@ -27,6 +27,7 @@ files_type(mock_var_lib_t)
 #
 # mock local policy
 #
+
 allow mock_t self:capability { sys_admin setfcap setuid sys_ptrace sys_chroot chown audit_write dac_override sys_nice mknod fsetid setgid fowner };
 allow mock_t self:process { siginh noatsecure signull transition rlimitinh setsched setpgid sigkill };
 dontaudit mock_t self:process { siginh noatsecure rlimitinh };
@@ -40,14 +41,14 @@ files_var_filetrans(mock_t, mock_cache_t, { dir file } )
 
 manage_dirs_pattern(mock_t, mock_tmp_t, mock_tmp_t)
 manage_files_pattern(mock_t, mock_tmp_t, mock_tmp_t)
-files_tmp_filetrans(mock_t, mock_tmp_t, { dir file } )
+files_tmp_filetrans(mock_t, mock_tmp_t, { dir file })
 can_exec(mock_t, mock_tmp_t)
 
 manage_dirs_pattern(mock_t, mock_var_lib_t, mock_var_lib_t)
 manage_files_pattern(mock_t, mock_var_lib_t, mock_var_lib_t)
 manage_lnk_files_pattern(mock_t, mock_var_lib_t, mock_var_lib_t)
 manage_chr_files_pattern(mock_t, mock_var_lib_t, mock_var_lib_t)
-files_var_lib_filetrans(mock_t, mock_var_lib_t, { dir file } )
+files_var_lib_filetrans(mock_t, mock_var_lib_t, { dir file })
 can_exec(mock_t, mock_var_lib_t)
 allow mock_t mock_var_lib_t:dir mounton;
 

policy/modules/services/mpd.te

@@ -1,4 +1,4 @@
-policy_module(mpd,1.0.0)
+policy_module(mpd, 1.0.0)
 
 ########################################
 #
@@ -41,7 +41,6 @@ files_type(mpd_var_lib_t)
 #cjp: dac_override bug in mpd relating to mpd.log file
 allow mpd_t self:capability { dac_override kill setgid setuid };
 allow mpd_t self:process { getsched setsched setrlimit signal signull };
-
 allow mpd_t self:fifo_file rw_fifo_file_perms;
 allow mpd_t self:unix_stream_socket { connectto create_stream_socket_perms };
 allow mpd_t self:tcp_socket create_stream_socket_perms;
@@ -102,10 +101,10 @@ optional_policy(`
 
 optional_policy(`
 	pulseaudio_exec(mpd_t)
-    	pulseaudio_stream_connect(mpd_t)
+	pulseaudio_stream_connect(mpd_t)
-    	pulseaudio_signull(mpd_t)
+	pulseaudio_signull(mpd_t)
 ')
 
 optional_policy(`
-        udev_read_db(mpd_t)
+	udev_read_db(mpd_t)
 ')

policy/modules/services/mta.te

@@ -93,7 +93,7 @@ optional_policy(`
 optional_policy(`
 	arpwatch_manage_tmp_files(system_mail_t)
 
-	ifdef(`hide_broken_symptoms', `
+	ifdef(`hide_broken_symptoms',`
 		arpwatch_dontaudit_rw_packet_sockets(system_mail_t)
 	')
 ')
@@ -194,7 +194,7 @@ optional_policy(`
 	arpwatch_search_data(mailserver_delivery)
 	arpwatch_manage_tmp_files(mta_user_agent)
 
-	ifdef(`hide_broken_symptoms', `
+	ifdef(`hide_broken_symptoms',`
 		arpwatch_dontaudit_rw_packet_sockets(mta_user_agent)
 	')
 
@@ -314,8 +314,6 @@ kernel_read_system_state(user_mail_domain)
 kernel_read_network_state(user_mail_domain)
 kernel_request_load_module(user_mail_domain)
 
-
-
 optional_policy(`
 	# postfix needs this for newaliases
 	files_getattr_tmp_dirs(user_mail_domain)

policy/modules/services/munin.te

@@ -193,7 +193,7 @@ optional_policy(`
 # local policy for disk plugins
 #
 
-allow munin_disk_plugin_t self:capability { sys_admin sys_rawio };    
+allow munin_disk_plugin_t self:capability { sys_admin sys_rawio };
 allow disk_munin_plugin_t self:tcp_socket create_stream_socket_perms;
 
 rw_files_pattern(disk_munin_plugin_t, munin_var_lib_t, munin_var_lib_t)

policy/modules/services/mysql.te

@@ -6,9 +6,9 @@ policy_module(mysql, 1.12.0)
 #
 
 ## <desc>
-## <p>
+##	<p>
-## Allow mysqld to connect to all ports
+##	Allow mysqld to connect to all ports
-## </p>
+##	</p>
 ## </desc>
 gen_tunable(mysql_connect_any, false)
 

policy/modules/services/nagios.te

@@ -141,6 +141,7 @@ optional_policy(`
 #
 # Nagios CGI local policy
 #
+
 optional_policy(`
 	apache_content_template(nagios)
 	typealias httpd_nagios_script_t alias nagios_cgi_t;
@@ -268,7 +269,6 @@ files_getattr_all_file_type_fs(nagios_admin_plugin_t)
 #
 
 allow nagios_mail_plugin_t self:capability { setuid setgid dac_override };
-
 allow nagios_mail_plugin_t self:netlink_route_socket r_netlink_socket_perms;
 allow nagios_mail_plugin_t self:tcp_socket create_stream_socket_perms;
 allow nagios_mail_plugin_t self:udp_socket create_socket_perms;
@@ -321,7 +321,6 @@ storage_raw_read_fixed_disk(nagios_checkdisk_plugin_t)
 
 allow nagios_services_plugin_t self:capability { net_bind_service net_raw };
 allow nagios_services_plugin_t self:process { signal sigkill };
-
 allow nagios_services_plugin_t self:tcp_socket create_stream_socket_perms;
 allow nagios_services_plugin_t self:udp_socket create_socket_perms;
 

policy/modules/services/nscd.te

@@ -5,9 +5,9 @@ gen_require(`
 ')
 
 ## <desc>
-## <p>
+##	<p>
-## Allow confined applications to use nscd shared memory.
+##	Allow confined applications to use nscd shared memory.
-## </p>
+##	</p>
 ## </desc>
 gen_tunable(nscd_use_shm, false)
 
@@ -146,6 +146,7 @@ optional_policy(`
 		samba_append_log(nscd_t)
 		samba_dontaudit_use_fds(nscd_t)
 	')
+
 	samba_read_config(nscd_t)
 	samba_read_var_files(nscd_t)
 ')