From 705f70f098efab40dd171ecd68d464ad25f1997d Mon Sep 17 00:00:00 2001 From: Dominick Grift Date: Thu, 5 Aug 2010 14:57:11 +0200 Subject: [PATCH] Kernel layer xml fixes. Signed-off-by: Dominick Grift --- policy/modules/kernel/corecommands.if | 18 +++--- policy/modules/kernel/devices.if | 64 +++++++++---------- policy/modules/kernel/domain.if | 38 +++++------ policy/modules/kernel/files.if | 56 ++++++++--------- policy/modules/kernel/filesystem.if | 34 +++++----- policy/modules/kernel/kernel.if | 90 +++++++++++++-------------- policy/modules/kernel/selinux.if | 20 +++--- policy/modules/kernel/storage.if | 2 +- policy/modules/kernel/terminal.if | 24 +++---- 9 files changed, 173 insertions(+), 173 deletions(-) diff --git a/policy/modules/kernel/corecommands.if b/policy/modules/kernel/corecommands.if index 314731b4..ef1d72a7 100644 --- a/policy/modules/kernel/corecommands.if +++ b/policy/modules/kernel/corecommands.if @@ -131,7 +131,7 @@ interface(`corecmd_search_bin',` ## ## ## -## Domain allowed access. +## Domain to not audit. ## ## # @@ -167,7 +167,7 @@ interface(`corecmd_list_bin',` ## ## ## -## Domain allowed access. +## Domain to not audit. ## ## # @@ -410,7 +410,7 @@ interface(`corecmd_mmap_bin_files',` ## ## ## -## Domain allowed access. +## Domain allowed to transition. ## ## ## @@ -453,7 +453,7 @@ interface(`corecmd_bin_spec_domtrans',` ## ## ## -## Domain allowed access. +## Domain allowed to transition. ## ## ## @@ -713,7 +713,7 @@ interface(`corecmd_mmap_sbin_files',` ## ## ## -## Domain allowed access. +## Domain allowed to transition. ## ## ## @@ -754,7 +754,7 @@ interface(`corecmd_sbin_domtrans',` ## ## ## -## Domain allowed access. +## Domain allowed to transition. ## ## ## @@ -861,7 +861,7 @@ interface(`corecmd_exec_ls',` ## ## ## -## Domain allowed access. +## Domain allowed to transition. ## ## ## @@ -896,7 +896,7 @@ interface(`corecmd_shell_spec_domtrans',` ## ## ## -## Domain allowed access. +## Domain allowed to transition. ## ## ## @@ -1001,7 +1001,7 @@ interface(`corecmd_exec_all_executables',` ## ## ## -## Domain allowed access. +## Domain allowed to not audit. ## ## # diff --git a/policy/modules/kernel/devices.if b/policy/modules/kernel/devices.if index f13a505f..cac0c64e 100644 --- a/policy/modules/kernel/devices.if +++ b/policy/modules/kernel/devices.if @@ -77,7 +77,7 @@ interface(`dev_node',` ## ## ## -## Domain allowed to relabel. +## Domain allowed access. ## ## ## @@ -103,7 +103,7 @@ interface(`dev_relabel_all_dev_nodes',` ## ## ## -## Domain allowed to list device nodes. +## Domain allowed access. ## ## # @@ -140,7 +140,7 @@ interface(`dev_setattr_generic_dirs',` ## ## ## -## Domain to dontaudit listing of device nodes. +## Domain to not audit. ## ## # @@ -158,7 +158,7 @@ interface(`dev_dontaudit_list_all_dev_nodes',` ## ## ## -## Domain allowed to add entries. +## Domain allowed access. ## ## # @@ -176,7 +176,7 @@ interface(`dev_add_entry_generic_dirs',` ## ## ## -## Domain allowed to add entries. +## Domain allowed access. ## ## # @@ -194,7 +194,7 @@ interface(`dev_remove_entry_generic_dirs',` ## ## ## -## Domain allowed to create the directory. +## Domain allowed access. ## ## # @@ -213,7 +213,7 @@ interface(`dev_create_generic_dirs',` ## ## ## -## Domain allowed to create the directory. +## Domain allowed access. ## ## # @@ -231,7 +231,7 @@ interface(`dev_delete_generic_dirs',` ## ## ## -## Domain allowed to relabel. +## Domain allowed access. ## ## # @@ -249,7 +249,7 @@ interface(`dev_manage_generic_dirs',` ## ## ## -## Domain allowed to relabel. +## Domain allowed access. ## ## # @@ -321,7 +321,7 @@ interface(`dev_delete_generic_files',` ## ## ## -## Domain allowed to create the files. +## Domain allowed access. ## ## # @@ -339,7 +339,7 @@ interface(`dev_manage_generic_files',` ## ## ## -## Domain to dontaudit. +## Domain to not audit. ## ## # @@ -375,7 +375,7 @@ interface(`dev_getattr_generic_blk_files',` ## ## ## -## Domain to dontaudit access. +## Domain to not audit. ## ## # @@ -393,7 +393,7 @@ interface(`dev_dontaudit_getattr_generic_blk_files',` ## ## ## -## Domain to dontaudit access. +## Domain to not audit. ## ## # @@ -465,7 +465,7 @@ interface(`dev_getattr_generic_chr_files',` ## ## ## -## Domain to dontaudit access. +## Domain to not audit. ## ## # @@ -483,7 +483,7 @@ interface(`dev_dontaudit_getattr_generic_chr_files',` ## ## ## -## Domain to dontaudit access. +## Domain to not audit. ## ## # @@ -682,7 +682,7 @@ interface(`dev_manage_all_dev_nodes',` ## ## ## -## Domain to dontaudit access. +## Domain to not audit. ## ## # @@ -816,7 +816,7 @@ interface(`dev_getattr_all_blk_files',` ## ## ## -## Domain to dontaudit access. +## Domain to not audit. ## ## # @@ -854,7 +854,7 @@ interface(`dev_getattr_all_chr_files',` ## ## ## -## Domain to dontaudit access. +## Domain to not audit. ## ## # @@ -1636,7 +1636,7 @@ interface(`dev_rw_dri',` ## ## ## -## Domain to dontaudit access. +## Domain to not audit. ## ## # @@ -1838,7 +1838,7 @@ interface(`dev_read_framebuffer',` ## ## ## -## Domain allowed access. +## Domain to not audit. ## ## # @@ -2181,7 +2181,7 @@ interface(`dev_rw_lvm_control',` ## ## ## -## Domain allowed access. +## Domain to not audit. ## ## # @@ -2217,7 +2217,7 @@ interface(`dev_delete_lvm_control_dev',` ## ## ## -## Domain allowed access. +## Domain to not audit. ## ## # @@ -2355,7 +2355,7 @@ interface(`dev_getattr_misc_dev',` ## ## ## -## Domain allowed access. +## Domain to not audit. ## ## # @@ -2392,7 +2392,7 @@ interface(`dev_setattr_misc_dev',` ## ## ## -## Domain allowed access. +## Domain to not audit. ## ## # @@ -2870,7 +2870,7 @@ interface(`dev_create_null_dev',` ## ## ## -## Domain allowed access. +## Domain to not audit. ## ## # @@ -3106,7 +3106,7 @@ interface(`dev_read_rand',` ## ## ## -## Domain allowed access. +## Domain to not audit. ## ## # @@ -3125,7 +3125,7 @@ interface(`dev_dontaudit_read_rand',` ## ## ## -## Domain allowed access. +## Domain to not audit. ## ## # @@ -3489,7 +3489,7 @@ interface(`dev_getattr_smartcard_dev',` ## ## ## -## Domain allowed access. +## Domain to not audit. ## ## # @@ -3580,7 +3580,7 @@ interface(`dev_search_sysfs',` ## ## ## -## Domain allowed access. +## Domain to not audit. ## ## # @@ -3665,7 +3665,7 @@ interface(`dev_read_sysfs',` ## ## ## -## The process type modifying hardware state information. +## Domain allowed access. ## ## # @@ -3946,7 +3946,7 @@ interface(`dev_search_usbfs',` ## ## ## -## The process type getting the list. +## Domain allowed access. ## ## # @@ -4007,7 +4007,7 @@ interface(`dev_read_usbfs',` ## ## ## -## The process type modifying the options. +## Domain allowed access. ## ## # diff --git a/policy/modules/kernel/domain.if b/policy/modules/kernel/domain.if index deb03ea5..41f36ede 100644 --- a/policy/modules/kernel/domain.if +++ b/policy/modules/kernel/domain.if @@ -402,7 +402,7 @@ interface(`domain_use_interactive_fds',` ## ## ## -## Domain allowed access. +## Domain to not audit. ## ## # @@ -727,7 +727,7 @@ interface(`domain_ptrace_all_domains',` ## ## ## -## Domain allowed access. +## Domain to not audit. ## ## # @@ -755,7 +755,7 @@ interface(`domain_dontaudit_ptrace_all_domains',` ## ## ## -## Domain allowed access. +## Domain to not audit. ## ## # @@ -774,7 +774,7 @@ interface(`domain_dontaudit_ptrace_confined_domains',` ## ## ## -## Domain allowed access. +## Domain to not audit. ## ## # @@ -799,7 +799,7 @@ interface(`domain_dontaudit_read_all_domains_state',` ## ## ## -## Domain allowed access. +## Domain to not audit. ## ## # @@ -836,7 +836,7 @@ interface(`domain_getsession_all_domains',` ## ## ## -## Domain allowed access. +## Domain to not audit. ## ## # @@ -949,7 +949,7 @@ interface(`domain_dontaudit_getattr_all_sockets',` ## ## ## -## Domain allowed access. +## Domain to not audit. ## ## # @@ -968,7 +968,7 @@ interface(`domain_dontaudit_getattr_all_tcp_sockets',` ## ## ## -## Domain allowed access. +## Domain to not audit. ## ## # @@ -987,7 +987,7 @@ interface(`domain_dontaudit_getattr_all_udp_sockets',` ## ## ## -## Domain allowed access. +## Domain to not audit. ## ## # @@ -1006,7 +1006,7 @@ interface(`domain_dontaudit_rw_all_udp_sockets',` ## ## ## -## Domain allowed access. +## Domain to not audit. ## ## # @@ -1025,7 +1025,7 @@ interface(`domain_dontaudit_getattr_all_key_sockets',` ## ## ## -## Domain allowed access. +## Domain to not audit. ## ## # @@ -1044,7 +1044,7 @@ interface(`domain_dontaudit_getattr_all_packet_sockets',` ## ## ## -## Domain allowed access. +## Domain to not audit. ## ## # @@ -1063,7 +1063,7 @@ interface(`domain_dontaudit_getattr_all_raw_sockets',` ## ## ## -## Domain allowed access. +## Domain to not audit. ## ## # @@ -1082,7 +1082,7 @@ interface(`domain_dontaudit_rw_all_key_sockets',` ## ## ## -## Domain allowed access. +## Domain to not audit. ## ## # @@ -1120,7 +1120,7 @@ interface(`domain_getattr_all_stream_sockets',` ## ## ## -## Domain allowed access. +## Domain to not audit. ## ## # @@ -1168,7 +1168,7 @@ interface(`domain_getattr_all_pipes',` ## ## ## -## Domain allowed access. +## Domain to not audit. ## ## # @@ -1187,7 +1187,7 @@ interface(`domain_dontaudit_getattr_all_pipes',` ## ## ## -## Type of subject to be allowed this. +## Domain allowed access. ## ## # @@ -1341,7 +1341,7 @@ interface(`domain_mmap_all_entry_files',` ## ## ## -## Domain allowed access. +## Domain allowed to transition. ## ## ## @@ -1368,7 +1368,7 @@ interface(`domain_entry_file_spec_domtrans',` ## ## ## -## Domain allowed to mmap low memory. +## Domain allowed access. ## ## # diff --git a/policy/modules/kernel/files.if b/policy/modules/kernel/files.if index 28cb589c..8d3dfad7 100644 --- a/policy/modules/kernel/files.if +++ b/policy/modules/kernel/files.if @@ -511,7 +511,7 @@ interface(`files_mounton_non_security',` ## ## ## -## Domain to allow +## Domain allowed access. ## ## # @@ -529,7 +529,7 @@ interface(`files_write_non_security_dirs',` ## ## ## -## Domain to allow +## Domain allowed access. ## ## # @@ -674,7 +674,7 @@ interface(`files_read_non_security_files',` ## ## ## -## The type of the domain perfoming this action. +## Domain allowed access. ## ## ## @@ -699,7 +699,7 @@ interface(`files_read_all_dirs_except',` ## ## ## -## The type of the domain perfoming this action. +## Domain allowed access. ## ## ## @@ -724,7 +724,7 @@ interface(`files_read_all_files_except',` ## ## ## -## The type of the domain perfoming this action. +## Domain allowed access. ## ## ## @@ -1031,7 +1031,7 @@ interface(`files_read_all_chr_files',` ## ## ## -## The type of the domain perfoming this action. +## Domain allowed access. ## ## ## @@ -1069,7 +1069,7 @@ interface(`files_relabel_all_files',` ## ## ## -## The type of the domain perfoming this action. +## Domain allowed access. ## ## ## @@ -1095,7 +1095,7 @@ interface(`files_rw_all_files',` ## ## ## -## The type of the domain perfoming this action. +## Domain allowed access. ## ## ## @@ -1168,7 +1168,7 @@ interface(`files_list_all',` ## ## ## -## Domain allowed access. +## Domain to not audit. ## ## # @@ -1281,7 +1281,7 @@ interface(`files_unmount_all_file_type_fs',` ## ## ## -## The type of domain performing this action +## Domain allowed access. ## ## ## @@ -1300,7 +1300,7 @@ interface(`files_manage_config_dirs',` ## ## ## -## Type of domain performing this action +## Domain allowed access. ## ## ## @@ -1339,7 +1339,7 @@ interface(`files_read_config_files',` ## ## ## -## The type of domain performing this action +## Domain allowed access. ## ## ## @@ -1358,7 +1358,7 @@ interface(`files_manage_config_files',` ## ## ## -## Type of domain performing this action +## Domain allowed access. ## ## ## @@ -1470,7 +1470,7 @@ interface(`files_list_root',` ## ## ## -## Domain allowed access. +## Domain to not audit. ## ## # @@ -1537,7 +1537,7 @@ interface(`files_dontaudit_read_root_files',` ## ## ## -## Domain allowed access. +## Domain to not audit. ## ## # @@ -1556,7 +1556,7 @@ interface(`files_dontaudit_rw_root_files',` ## ## ## -## Domain allowed access. +## Domain to not audit. ## ## # @@ -1683,7 +1683,7 @@ interface(`files_search_boot',` ## ## ## -## Domain allowed access. +## Domain to not audit. ## ## # @@ -2715,7 +2715,7 @@ interface(`files_getattr_isid_type_dirs',` ## ## ## -## Domain allowed access. +## Domain to not audit. ## ## # @@ -2943,7 +2943,7 @@ interface(`files_delete_isid_type_blk_files',` ## ## ## -## Domain allowed access. +## Domain to not audit. ## ## # @@ -3792,7 +3792,7 @@ interface(`files_search_tmp',` ## ## ## -## Domain allowed access. +## Domain to not audit. ## ## # @@ -4010,7 +4010,7 @@ interface(`files_dontaudit_getattr_all_tmp_files',` ## ## ## -## Domain not to audit. +## Domain allowed access. ## ## # @@ -4209,7 +4209,7 @@ interface(`files_rw_usr_dirs',` ## ## ## -## Domain allowed access. +## Domain to not audit. ## ## # @@ -4339,7 +4339,7 @@ interface(`files_exec_usr_files',` ## ## ## -## Domain allowed access. +## Domain to not audit. ## ## # @@ -4630,7 +4630,7 @@ interface(`files_dontaudit_write_var_dirs',` ## ## ## -## Domain to not audit. +## Domain allowed access. ## ## # @@ -4741,7 +4741,7 @@ interface(`files_rw_var_files',` ## ## ## -## Domain allowed access. +## Domain to not audit. ## ## # @@ -5455,7 +5455,7 @@ interface(`files_rw_generic_pids',` ## ## ## -## Domain allowed access. +## Domain to not audit. ## ## # @@ -5473,7 +5473,7 @@ interface(`files_dontaudit_getattr_all_pids',` ## ## ## -## Domain allowed access. +## Domain to not audit. ## ## # @@ -5491,7 +5491,7 @@ interface(`files_dontaudit_write_all_pids',` ## ## ## -## Domain allowed access. +## Domain to not audit. ## ## # diff --git a/policy/modules/kernel/filesystem.if b/policy/modules/kernel/filesystem.if index 9b79f4a5..e3e17bad 100644 --- a/policy/modules/kernel/filesystem.if +++ b/policy/modules/kernel/filesystem.if @@ -330,7 +330,7 @@ interface(`fs_rw_anon_inodefs_files',` ## ## ## -## Domain allowed access. +## Domain to not audit. ## ## # @@ -1084,7 +1084,7 @@ interface(`fs_read_noxattr_fs_files',` ## ## ## -## Domain allowed access. +## Domain to not audit. ## ## # @@ -1204,7 +1204,7 @@ interface(`fs_append_cifs_files',` ## ## ## -## Domain allowed access. +## Domain to not audit. ## ## ## @@ -1343,7 +1343,7 @@ interface(`fs_manage_cifs_dirs',` ## ## ## -## Domain allowed access. +## Domain to not audit. ## ## # @@ -1478,7 +1478,7 @@ interface(`fs_manage_cifs_named_sockets',` ## ## ## -## Domain allowed access. +## Domain allowed to transition. ## ## ## @@ -1999,7 +1999,7 @@ interface(`fs_list_inotifyfs',` ## ## ## -## Domain allowed access. +## Domain to not audit. ## ## # @@ -2412,7 +2412,7 @@ interface(`fs_append_nfs_files',` ## ## ## -## Domain allowed access. +## Domain to not audit. ## ## ## @@ -2469,7 +2469,7 @@ interface(`fs_read_nfs_symlinks',` ## ## ## -## Domain allowed access. +## Domain to not audit. ## ## # @@ -2918,7 +2918,7 @@ interface(`fs_manage_nfs_named_sockets',` ## ## ## -## Domain allowed access. +## Domain allowed to transition. ## ## ## @@ -3197,7 +3197,7 @@ interface(`fs_search_ramfs',` ## ## ## -## Domain allowed access. +## Domain to not audit. ## ## # @@ -3234,7 +3234,7 @@ interface(`fs_manage_ramfs_dirs',` ## ## ## -## Domain allowed access. +## Domain to not audit. ## ## # @@ -3252,7 +3252,7 @@ interface(`fs_dontaudit_read_ramfs_files',` ## ## ## -## Domain allowed access. +## Domain to not audit. ## ## # @@ -3308,7 +3308,7 @@ interface(`fs_write_ramfs_pipes',` ## ## ## -## Domain allowed access. +## Domain to not audit. ## ## # @@ -3677,7 +3677,7 @@ interface(`fs_getattr_tmpfs_dirs',` ## ## ## -## Domain allowed access. +## Domain to not audit. ## ## # @@ -3947,7 +3947,7 @@ interface(`fs_rw_tmpfs_chr_files',` ## ## ## -## Domain allowed access. +## Domain to not audit. ## ## # @@ -4341,7 +4341,7 @@ interface(`fs_dontaudit_getattr_all_fs',` ## ## ## -## The type of the domain getting quotas. +## Domain allowed access. ## ## ## @@ -4360,7 +4360,7 @@ interface(`fs_get_all_fs_quotas',` ## ## ## -## The type of the domain setting quotas. +## Domain allowed access. ## ## ## diff --git a/policy/modules/kernel/kernel.if b/policy/modules/kernel/kernel.if index b46db366..ed7667a5 100644 --- a/policy/modules/kernel/kernel.if +++ b/policy/modules/kernel/kernel.if @@ -130,7 +130,7 @@ interface(`kernel_setsched',` ## ## ## -## The type of the process sending the signal. +## Domain allowed access. ## ## # @@ -148,7 +148,7 @@ interface(`kernel_sigchld',` ## ## ## -## The type of the process sending the signal. +## Domain allowed access. ## ## # @@ -166,7 +166,7 @@ interface(`kernel_kill',` ## ## ## -## The type of the process sending the signal. +## Domain allowed access. ## ## # @@ -203,7 +203,7 @@ interface(`kernel_share_state',` ## ## ## -## The type of the process using the descriptors. +## Domain allowed access. ## ## # @@ -336,7 +336,7 @@ interface(`kernel_udp_recvfrom',` ## ## ## -## The process type to allow to load kernel modules. +## Domain allowed access. ## ## # @@ -378,7 +378,7 @@ interface(`kernel_search_key',` ## ## ## -## Domain allowed access. +## Domain to not audit. ## ## # @@ -414,7 +414,7 @@ interface(`kernel_link_key',` ## ## ## -## Domain allowed access. +## Domain to not audit. ## ## # @@ -432,7 +432,7 @@ interface(`kernel_dontaudit_link_key',` ## ## ## -## The process type allowed to read the ring buffer. +## Domain allowed access. ## ## ## @@ -451,7 +451,7 @@ interface(`kernel_read_ring_buffer',` ## ## ## -## The domain to not audit. +## Domain to not audit. ## ## # @@ -488,7 +488,7 @@ interface(`kernel_change_ring_buffer_level',` ## ## ## -## The process type clearing the buffer. +## Domain allowed access. ## ## ## @@ -592,7 +592,7 @@ interface(`kernel_getattr_debugfs',` ## ## ## -## The type of the domain mounting the filesystem. +## Domain allowed access. ## ## # @@ -610,7 +610,7 @@ interface(`kernel_mount_debugfs',` ## ## ## -## The type of the domain unmounting the filesystem. +## Domain allowed access. ## ## # @@ -628,7 +628,7 @@ interface(`kernel_unmount_debugfs',` ## ## ## -## The type of the domain remounting the filesystem. +## Domain allowed access. ## ## # @@ -664,7 +664,7 @@ interface(`kernel_search_debugfs',` ## ## ## -## Domain allowed access. +## Domain to not audit. ## ## # @@ -702,7 +702,7 @@ interface(`kernel_read_debugfs',` ## ## ## -## The type of the domain mounting the filesystem. +## Domain allowed access. ## ## # @@ -720,7 +720,7 @@ interface(`kernel_mount_kvmfs',` ## ## ## -## The type of the domain unmounting the filesystem. +## Domain allowed access. ## ## # @@ -922,7 +922,7 @@ interface(`kernel_write_proc_files',` ## ## ## -## The process type not to audit. +## Domain to not audit. ## ## # @@ -941,7 +941,7 @@ interface(`kernel_dontaudit_read_system_state',` ## ## ## -## The process type not to audit. +## Domain to not audit. ## ## # @@ -979,7 +979,7 @@ interface(`kernel_rw_afs_state',` ## ## ## -## The process type reading software raid state. +## Domain allowed access. ## ## ## @@ -1000,7 +1000,7 @@ interface(`kernel_read_software_raid_state',` ## ## ## -## The process type reading software raid state. +## Domain allowed access. ## ## # @@ -1020,7 +1020,7 @@ interface(`kernel_rw_software_raid_state',` ## ## ## -## The process type getting the attibutes. +## Domain allowed access. ## ## # @@ -1041,7 +1041,7 @@ interface(`kernel_getattr_core_if',` ## ## ## -## The process type to not audit. +## Domain to not audit. ## ## # @@ -1083,7 +1083,7 @@ interface(`kernel_read_core_if',` ## ## ## -## The process type reading the messages. +## Domain allowed access. ## ## # @@ -1105,7 +1105,7 @@ interface(`kernel_read_messages',` ## ## ## -## The process type getting the attributes. +## Domain allowed access. ## ## # @@ -1124,7 +1124,7 @@ interface(`kernel_getattr_message_if',` ## ## ## -## The process type not to audit. +## Domain to not audit. ## ## # @@ -1143,7 +1143,7 @@ interface(`kernel_dontaudit_getattr_message_if',` ## ## ## -## The process type reading the state. +## Domain to not audit. ## ## ## @@ -1162,7 +1162,7 @@ interface(`kernel_dontaudit_search_network_state',` ## ## ## -## The process type reading the state. +## Domain allowed access. ## ## ## @@ -1214,7 +1214,7 @@ interface(`kernel_read_network_state',` ## ## ## -## The process type reading the state. +## Domain allowed access. ## ## # @@ -1234,7 +1234,7 @@ interface(`kernel_read_network_state_symlinks',` ## ## ## -## The process type reading the state. +## Domain allowed access. ## ## ## @@ -1254,7 +1254,7 @@ interface(`kernel_search_xen_state',` ## ## ## -## The process type reading the state. +## Domain to not audit. ## ## ## @@ -1273,7 +1273,7 @@ interface(`kernel_dontaudit_search_xen_state',` ## ## ## -## The process type reading the state. +## Domain allowed access. ## ## ## @@ -1295,7 +1295,7 @@ interface(`kernel_read_xen_state',` ## ## ## -## The process type reading the state. +## Domain allowed access. ## ## ## @@ -1316,7 +1316,7 @@ interface(`kernel_read_xen_state_symlinks',` ## ## ## -## The process type writing the state. +## Domain allowed access. ## ## ## @@ -1335,7 +1335,7 @@ interface(`kernel_write_xen_state',` ## ## ## -## Domain to not audit. +## Domain allowed access. ## ## # @@ -1374,7 +1374,7 @@ interface(`kernel_dontaudit_list_all_proc',` ## ## ## -## The process type not to audit. +## Domain to not audit. ## ## ## @@ -1393,7 +1393,7 @@ interface(`kernel_dontaudit_search_sysctl',` ## ## ## -## The process type to allow to read sysctl directories. +## Domain allowed access. ## ## ## @@ -1413,7 +1413,7 @@ interface(`kernel_read_sysctl',` ## ## ## -## The process type to allow to read the device sysctls. +## Domain allowed access. ## ## ## @@ -1535,7 +1535,7 @@ interface(`kernel_search_network_sysctl',` ## ## ## -## The process type not to audit. +## Domain to not audit. ## ## # @@ -2052,7 +2052,7 @@ interface(`kernel_kill_unlabeled',` ## ## ## -## The type of the domain mounting the filesystem. +## Domain allowed access. ## ## # @@ -2253,7 +2253,7 @@ interface(`kernel_rw_unlabeled_files',` ## ## ## -## The process type not to audit. +## Domain to not audit. ## ## # @@ -2291,7 +2291,7 @@ interface(`kernel_dontaudit_read_unlabeled_files',` ## ## ## -## The process type not to audit. +## Domain to not audit. ## ## # @@ -2310,7 +2310,7 @@ interface(`kernel_dontaudit_getattr_unlabeled_symlinks',` ## ## ## -## The process type not to audit. +## Domain to not audit. ## ## # @@ -2329,7 +2329,7 @@ interface(`kernel_dontaudit_getattr_unlabeled_pipes',` ## ## ## -## The process type not to audit. +## Domain to not audit. ## ## # @@ -2348,7 +2348,7 @@ interface(`kernel_dontaudit_getattr_unlabeled_sockets',` ## ## ## -## The process type not to audit. +## Domain to not audit. ## ## # @@ -2385,7 +2385,7 @@ interface(`kernel_rw_unlabeled_blk_files',` ## ## ## -## The process type not to audit. +## Domain to not audit. ## ## # diff --git a/policy/modules/kernel/selinux.if b/policy/modules/kernel/selinux.if index 677f82a3..f8b357c3 100644 --- a/policy/modules/kernel/selinux.if +++ b/policy/modules/kernel/selinux.if @@ -213,7 +213,7 @@ interface(`selinux_dontaudit_read_fs',` ## ## ## -## The process type to allow to get the enforcing mode. +## Domain allowed access. ## ## ## @@ -244,7 +244,7 @@ interface(`selinux_get_enforce_mode',` ## ## ## -## The process type to allow to set the enforcement mode. +## Domain allowed access. ## ## ## @@ -276,7 +276,7 @@ interface(`selinux_set_enforce_mode',` ## ## ## -## The process type that will load the policy. +## Domain allowed access. ## ## # @@ -323,7 +323,7 @@ interface(`selinux_load_policy',` ## ## ## -## The process type allowed to set the Boolean. +## Domain allowed access. ## ## ## @@ -350,7 +350,7 @@ interface(`selinux_set_boolean',` ## ## ## -## The process type allowed to set the Boolean. +## Domain allowed access. ## ## ## @@ -391,7 +391,7 @@ interface(`selinux_set_generic_booleans',` ## ## ## -## The process type allowed to set the Boolean. +## Domain allowed access. ## ## ## @@ -433,7 +433,7 @@ interface(`selinux_set_all_booleans',` ## ## ## -## The process type to allow to set security parameters. +## Domain allowed access. ## ## ## @@ -457,7 +457,7 @@ interface(`selinux_set_parameters',` ## ## ## -## The process type permitted to validate contexts. +## Domain allowed access. ## ## ## @@ -499,7 +499,7 @@ interface(`selinux_dontaudit_validate_context',` ## ## ## -## The process type allowed to compute an access vector. +## Domain allowed access. ## ## ## @@ -591,7 +591,7 @@ interface(`selinux_compute_relabel_context',` ## ## ## -## The process type allowed to compute user contexts. +## Domain allowed access. ## ## # diff --git a/policy/modules/kernel/storage.if b/policy/modules/kernel/storage.if index d7ca7b23..37231503 100644 --- a/policy/modules/kernel/storage.if +++ b/policy/modules/kernel/storage.if @@ -351,7 +351,7 @@ interface(`storage_getattr_fuse_dev',` ## ## ## -## Domain to not audit. +## Domain allowed access. ## ## # diff --git a/policy/modules/kernel/terminal.if b/policy/modules/kernel/terminal.if index 4d9d5920..492bf76c 100644 --- a/policy/modules/kernel/terminal.if +++ b/policy/modules/kernel/terminal.if @@ -245,7 +245,7 @@ interface(`term_read_console',` ## ## ## -## Domain allowed access. +## Domain to not audit. ## ## ## @@ -285,7 +285,7 @@ interface(`term_use_console',` ## ## ## -## Domain allowed access. +## Domain to not audit. ## ## # @@ -420,7 +420,7 @@ interface(`term_search_ptys',` ## ## ## -## Domain allowed access. +## Domain to not audit. ## ## # @@ -557,7 +557,7 @@ interface(`term_setattr_generic_ptys',` ## ## ## -## Domain allowed access. +## Domain to not audit. ## ## # @@ -676,7 +676,7 @@ interface(`term_dontaudit_getattr_ptmx',` ## ## ## -## The type of the process to allow access. +## Domain allowed access. ## ## # @@ -739,7 +739,7 @@ interface(`term_getattr_all_ptys',` ## ## ## -## Domain allowed access. +## Domain to not audit. ## ## # @@ -1028,7 +1028,7 @@ interface(`term_getattr_unallocated_ttys',` ## ## ## -## Domain allowed access. +## Domain to not audit. ## ## # @@ -1068,7 +1068,7 @@ interface(`term_setattr_unallocated_ttys',` ## ## ## -## Domain allowed access. +## Domain to not audit. ## ## # @@ -1087,7 +1087,7 @@ interface(`term_dontaudit_setattr_unallocated_ttys',` ## ## ## -## Domain allowed access. +## Domain to not audit. ## ## # @@ -1245,7 +1245,7 @@ interface(`term_getattr_all_ttys',` ## ## ## -## Domain allowed access. +## Domain to not audit. ## ## # @@ -1343,7 +1343,7 @@ interface(`term_use_all_ttys',` ## ## ## -## Domain allowed access. +## Domain to not audit. ## ## # @@ -1380,7 +1380,7 @@ interface(`term_getattr_all_user_ttys',` ## ## ## -## Domain allowed access. +## Domain to not audit. ## ## #