clean up formatting

refpolicy/policy/mcs

@@ -136,35 +136,26 @@ level s0:c0.c255;
 #
 # Only files are constrained by MCS at this stage.
 #
-mlsconstrain file { write setattr append unlink link rename
+mlsconstrain file { write setattr append unlink link rename ioctl lock execute relabelfrom }
-		    ioctl lock execute relabelfrom } (h1 dom h2);
+	( h1 dom h2 );
 
-mlsconstrain file { create relabelto } ((h1 dom h2) and (l2 eq h2));
+mlsconstrain file { create relabelto }
+	(( h1 dom h2 ) and ( l2 eq h2 ));
 
-mlsconstrain file { read } ((h1 dom h2) or ( t2 == domain ) or ( t1 == mlsfileread ));
+mlsconstrain file { read }
+	(( h1 dom h2 ) or ( t2 == domain ) or ( t1 == mlsfileread ));
 
 # new file labels must be dominated by the relabeling subject clearance
 mlsconstrain { dir lnk_file chr_file blk_file sock_file fifo_file } { relabelfrom }
 	( h1 dom h2 );
+
 mlsconstrain { dir lnk_file chr_file blk_file sock_file fifo_file } { create relabelto }
 	(( h1 dom h2 ) and ( l2 eq h2 ));
 
-mlsconstrain process { ptrace } ( h1 dom h2 );
+mlsconstrain process { ptrace }
+	( h1 dom h2 );
 
-mlsconstrain process { sigkill sigstop } ( h1 dom h2 ) or
+mlsconstrain process { sigkill sigstop }
-		( t1 == mcskillall );
+	(( h1 dom h2 ) or ( t1 == mcskillall ));
-
-define(`nogetattr_file_perms', `{ create ioctl read lock write setattr append 
-link unlink rename relabelfrom relabelto }')
-
-define(`nogetattr_dir_perms', `{ create read lock setattr ioctl link unlink 
-rename search add_name remove_name reparent write rmdir relabelfrom 
-relabelto }')
-
-# XXX
-#
-# For some reason, we need to reference the mlsfileread attribute
-# or we get a build error.  Below is a dummy entry to do this.
-mlsconstrain xextension query ( t1 == mlsfileread );
 
 ') dnl end enable_mcs