cleanup

refpolicy/policy/modules/kernel/kernel.te

@@ -25,10 +25,7 @@ role system_r;
 role sysadm_r;
 role staff_r;
 role user_r;
-
+role secadm_r;
-ifdef(`enable_mls',`
-	role secadm_r;
-')
 
 #
 # kernel_t is the domain of kernel threads.

refpolicy/policy/modules/system/iptables.if

@@ -5,15 +5,12 @@
 ##	Execute iptables in the iptables domain.
 ## </summary>
 ## <param name="domain">
-##	The type of the process performing this action.
+##	Domain allowed access.
 ## </param>
 #
 interface(`iptables_domtrans',`
 	gen_require(`
 		type iptables_t, iptables_exec_t;
-		class process sigchld;
-		class fd use;
-		class fifo_file rw_file_perms;
 	')
 
 	corecmd_search_sbin($1)
@@ -31,7 +28,7 @@ interface(`iptables_domtrans',`
 ##	allow the specified role the iptables domain.
 ## </summary>
 ## <param name="domain">
-##	The type of the process performing this action.
+##	Domain allowed access.
 ## </param>
 ## <param name="role">
 ##	The role to be allowed the iptables domain.
@@ -43,7 +40,6 @@ interface(`iptables_domtrans',`
 interface(`iptables_run',`
 	gen_require(`
 		type iptables_t;
-		class chr_file rw_term_perms;
 	')
 
 	iptables_domtrans($1)
@@ -56,7 +52,7 @@ interface(`iptables_run',`
 ##	Execute iptables in the caller domain.
 ## </summary>
 ## <param name="domain">
-##	The type of the process performing this action.
+##	Domain allowed access.
 ## </param>
 #
 interface(`iptables_exec',`
@@ -67,4 +63,3 @@ interface(`iptables_exec',`
 	corecmd_search_sbin($1)
 	can_exec($1,iptables_exec_t)
 ')
-