From 888d9e4652391f10cb6b764a25ecef86f4ae7af2 Mon Sep 17 00:00:00 2001
From: Chris PeBenito <cpebenito@tresys.com>
Date: Tue, 2 Mar 2010 11:28:44 -0500
Subject: [PATCH] Improve the documentation of ubac_constrained().

---
 policy/modules/kernel/ubac.if | 15 ++++++++++++++-
 1 file changed, 14 insertions(+), 1 deletion(-)

diff --git a/policy/modules/kernel/ubac.if b/policy/modules/kernel/ubac.if
index 74777508..464f759e 100644
--- a/policy/modules/kernel/ubac.if
+++ b/policy/modules/kernel/ubac.if
@@ -5,13 +5,26 @@
 
 ########################################
 ## <summary>
-##	Constrain by user-based access control.
+##	Constrain by user-based access control (UBAC).
 ## </summary>
+## <desc>
+##	<p>
+##	Constrain the specified type by user-based
+##	access control (UBAC).  Typically, these are
+##	user processes or user files that need to be
+##	differentiated by SELinux user.  Normally this
+##	does not include administrative or privileged
+##	programs. For the UBAC rules to be enforced,
+##	both the subject (source) type and the object
+##	(target) types must be UBAC constrained.
+##	</p>
+## </desc>
 ## <param name="type">
 ##	<summary>
 ##	Type to be constrained by UBAC.
 ##	</summary>
 ## </param>
+## <infoflow type="none"/>
 #
 interface(`ubac_constrained',`
 	gen_require(`