another round of renaming, for consistency

refpolicy/policy/modules/admin/dmesg.te

@@ -59,7 +59,7 @@ ifdef(`targeted_policy', `
 ')
 
 optional_policy(`selinux.te',`
-	seutil_newrole_sigchld(dmesg_t)
+	seutil_sigchld_newrole(dmesg_t)
 ')
 
 optional_policy(`udev.te', `

refpolicy/policy/modules/admin/logrotate.te

@@ -12,13 +12,13 @@ domain_obj_id_change_exempt(logrotate_t)
 role system_r types logrotate_t;
 
 type logrotate_exec_t;
-files_file_type(logrotate_exec_t)
+files_type(logrotate_exec_t)
 
 type logrotate_tmp_t;
 files_tmp_file(logrotate_tmp_t)
 
 type logrotate_var_lib_t;
-files_file_type(logrotate_var_lib_t)
+files_type(logrotate_var_lib_t)
 
 ########################################
 #
@@ -76,13 +76,13 @@ domain_signal_all_domains(logrotate_t)
 domain_use_wide_inherit_fd(logrotate_t)
 
 files_read_usr_files(logrotate_t)
-files_read_generic_etc_files(logrotate_t)
+files_read_etc_files(logrotate_t)
 files_read_etc_runtime_files(logrotate_t)
-files_manage_generic_lock_files(logrotate_t)
+files_manage_generic_locks(logrotate_t)
 files_read_all_pids(logrotate_t)
 # Write to /var/spool/slrnpull - should be moved into its own type.
-files_manage_spools(logrotate_t)
-files_manage_spool_dirs(logrotate_t)
+files_manage_generic_spools(logrotate_t)
+files_manage_generic_spool_dirs(logrotate_t)
 
 hostname_exec(logrotate_t)
 

refpolicy/policy/modules/admin/netutils.te

@@ -56,7 +56,7 @@ fs_getattr_xattr_fs(netutils_t)
 
 domain_use_wide_inherit_fd(netutils_t)
 
-files_read_generic_etc_files(netutils_t)
+files_read_etc_files(netutils_t)
 # for nscd
 files_dontaudit_search_var(netutils_t)
 
@@ -110,7 +110,7 @@ fs_dontaudit_getattr_xattr_fs(ping_t)
 
 domain_use_wide_inherit_fd(ping_t)
 
-files_read_generic_etc_files(ping_t)
+files_read_etc_files(ping_t)
 files_dontaudit_search_var(ping_t)
 
 libs_use_ld_so(ping_t)
@@ -166,7 +166,7 @@ fs_dontaudit_getattr_xattr_fs(traceroute_t)
 
 domain_use_wide_inherit_fd(traceroute_t)
 
-files_read_generic_etc_files(traceroute_t)
+files_read_etc_files(traceroute_t)
 files_dontaudit_search_var(traceroute_t)
 
 libs_use_ld_so(traceroute_t)

refpolicy/policy/modules/admin/rpm.te

@@ -14,7 +14,7 @@ domain_wide_inherit_fd(rpm_t)
 role system_r types rpm_t;
 
 type rpm_file_t;
-files_file_type(rpm_file_t)
+files_type(rpm_file_t)
 
 type rpm_tmp_t;
 files_tmp_file(rpm_tmp_t)
@@ -26,7 +26,7 @@ type rpm_log_t;
 logging_log_file(rpm_log_t)
 
 type rpm_var_lib_t;
-files_file_type(rpm_var_lib_t)
+files_type(rpm_var_lib_t)
 typealias rpm_var_lib_t alias var_lib_rpm_t;
 
 type rpm_script_t; #, admin, privmem, priv_system_role;
@@ -138,7 +138,7 @@ domain_exec_all_entry_files(rpm_t)
 domain_read_all_domains_state(rpm_t)
 domain_use_wide_inherit_fd(rpm_t)
 
-files_exec_generic_etc_files(rpm_t)
+files_exec_etc_files(rpm_t)
 
 init_domtrans_script(rpm_t)
 
@@ -287,7 +287,7 @@ domain_exec_all_entry_files(rpm_script_t)
 domain_signal_all_domains(rpm_script_t)
 domain_signull_all_domains(rpm_script_t)
 
-files_exec_generic_etc_files(rpm_script_t)
+files_exec_etc_files(rpm_script_t)
 files_read_etc_runtime_files(rpm_script_t)
 
 init_domtrans_script(rpm_script_t)

refpolicy/policy/modules/admin/usermanage.te

@@ -7,7 +7,7 @@ policy_module(usermanage,1.0)
 #
 
 type admin_passwd_exec_t;
-files_file_type(admin_passwd_exec_t)
+files_type(admin_passwd_exec_t)
 
 type chfn_t;
 domain_obj_id_change_exempt(chfn_t)
@@ -24,7 +24,7 @@ type crack_exec_t;
 domain_entry_file(crack_t,crack_exec_t)
 
 type crack_db_t; #, usercanread;
-files_file_type(crack_db_t)
+files_type(crack_db_t)
 
 type crack_tmp_t;
 files_tmp_file(crack_tmp_t)
@@ -49,7 +49,7 @@ domain_type(sysadm_passwd_t)
 domain_entry_file(sysadm_passwd_t,admin_passwd_exec_t)
 
 type sysadm_passwd_tmp_t;
-files_file_type(sysadm_passwd_tmp_t)
+files_type(sysadm_passwd_tmp_t)
 
 type useradd_t; # nscd_client_domain;
 type useradd_exec_t;
@@ -95,7 +95,7 @@ dev_read_urand(chfn_t)
 
 domain_use_wide_inherit_fd(chfn_t)
 
-files_manage_generic_etc_files(chfn_t)
+files_manage_etc_files(chfn_t)
 files_read_etc_runtime_files(chfn_t)
 files_dontaudit_search_var(chfn_t)
 
@@ -165,7 +165,7 @@ dev_read_urand(crack_t)
 
 fs_getattr_xattr_fs(crack_t)
 
-files_read_generic_etc_files(crack_t)
+files_read_etc_files(crack_t)
 files_read_etc_runtime_files(crack_t)
 # for dictionaries
 files_read_usr_files(crack_t)
@@ -228,7 +228,7 @@ init_dontaudit_write_script_pid(groupadd_t)
 
 domain_use_wide_inherit_fd(groupadd_t)
 
-files_manage_generic_etc_files(groupadd_t)
+files_manage_etc_files(groupadd_t)
 
 libs_use_ld_so(groupadd_t)
 libs_use_shared_libs(groupadd_t)
@@ -306,7 +306,7 @@ init_dontaudit_rw_script_pid(passwd_t)
 domain_use_wide_inherit_fd(passwd_t)
 
 files_read_etc_runtime_files(passwd_t)
-files_manage_generic_etc_files(passwd_t)
+files_manage_etc_files(passwd_t)
 files_search_var(passwd_t)
 
 libs_use_ld_so(passwd_t)
@@ -405,7 +405,7 @@ files_read_usr_files(sysadm_passwd_t)
 
 domain_use_wide_inherit_fd(sysadm_passwd_t)
 
-files_manage_generic_etc_files(sysadm_passwd_t)
+files_manage_etc_files(sysadm_passwd_t)
 files_read_etc_runtime_files(sysadm_passwd_t)
 
 # /usr/bin/passwd asks for w access to utmp, but it will operate
@@ -496,7 +496,7 @@ corecmd_exec_sbin(useradd_t)
 
 domain_use_wide_inherit_fd(useradd_t)
 
-files_manage_generic_etc_files(useradd_t)
+files_manage_etc_files(useradd_t)
 
 init_use_fd(useradd_t)
 init_rw_script_pid(useradd_t)

refpolicy/policy/modules/apps/gpg.if

@@ -44,7 +44,7 @@ template(`gpg_per_userdomain_template',`
 	files_tmp_file($1_gpg_agent_tmp_t)
 
 	type $1_gpg_secret_t; #, $1_file_type;
-	files_file_type($1_gpg_secret_t)
+	files_type($1_gpg_secret_t)
 
 	type $1_gpg_helper_t;
 	domain_type($1_gpg_helper_t)
@@ -95,7 +95,7 @@ template(`gpg_per_userdomain_template',`
 
 	fs_getattr_xattr_fs($1_gpg_t)
 
-	files_read_generic_etc_files($1_gpg_t)
+	files_read_etc_files($1_gpg_t)
 	files_read_usr_files($1_gpg_t)
 
 	libs_use_shared_libs($1_gpg_t)
@@ -210,7 +210,7 @@ template(`gpg_per_userdomain_template',`
 
 	dev_read_urand($1_gpg_helper_t)
 
-	files_read_generic_etc_files($1_gpg_helper_t)
+	files_read_etc_files($1_gpg_helper_t)
 	# for nscd
 	files_dontaudit_search_var($1_gpg_helper_t)
 
@@ -322,7 +322,7 @@ template(`gpg_per_userdomain_template',`
 
 	files_read_usr_files($1_gpg_pinentry_t)
 	# read /etc/X11/qtrc
-	files_read_generic_etc_files($1_gpg_pinentry_t)
+	files_read_etc_files($1_gpg_pinentry_t)
 
 	libs_use_ld_so($1_gpg_pinentry_t)
 	libs_use_shared_libs($1_gpg_pinentry_t)

refpolicy/policy/modules/apps/gpg.te

@@ -9,16 +9,16 @@ policy_module(gpg, 1.0)
 # Type for gpg or pgp executables.
 type gpg_exec_t;
 type gpg_helper_exec_t;
-files_file_type(gpg_exec_t)
-files_file_type(gpg_helper_exec_t)
+files_type(gpg_exec_t)
+files_type(gpg_helper_exec_t)
 
 # Type for the gpg-agent executable.
 type gpg_agent_exec_t;
-files_file_type(gpg_agent_exec_t)
+files_type(gpg_agent_exec_t)
 
 # type for the pinentry executable
 type pinentry_exec_t;
-files_file_type(pinentry_exec_t)
+files_type(pinentry_exec_t)
 
 #allow sysadm_gpg_t { home_root_t user_home_dir_t }:dir search;
 #allow sysadm_gpg_t ptyfile:chr_file rw_file_perms;

refpolicy/policy/modules/kernel/bootloader.if

@@ -59,7 +59,7 @@ interface(`bootloader_run',`
 ##	The type of the process performing this action.
 ## </param>
 #
-interface(`bootloader_search_boot_dir',`
+interface(`bootloader_search_boot',`
 	gen_require(`
 		type boot_t;
 		class dir search;
@@ -362,9 +362,9 @@ interface(`bootloader_manage_kernel_modules',`
 
 ########################################
 #
-# bootloader_create_private_module_dir_entry(domain,privatetype,[class(es)])
+# bootloader_create_modules(domain,privatetype,[class(es)])
 #
-interface(`bootloader_create_private_module_dir_entry',`
+interface(`bootloader_create_modules',`
 	gen_require(`
 		type modules_object_t;
 		class dir rw_dir_perms;

refpolicy/policy/modules/kernel/bootloader.te

@@ -12,7 +12,7 @@ attribute rw_kern_modules;
 # boot_t is the type for files in /boot
 #
 type boot_t;
-files_file_type(boot_t)
+files_type(boot_t)
 files_mountpoint(boot_t)
 
 #
@@ -21,7 +21,7 @@ files_mountpoint(boot_t)
 # only for Red Hat
 #
 type boot_runtime_t;
-files_file_type(boot_runtime_t)
+files_type(boot_runtime_t)
 
 type bootloader_t;
 domain_type(bootloader_t)
@@ -35,7 +35,7 @@ domain_entry_file(bootloader_t,bootloader_exec_t)
 # grub.conf, lilo.conf, etc.
 #
 type bootloader_etc_t alias etc_bootloader_t;
-files_file_type(bootloader_etc_t)
+files_type(bootloader_etc_t)
 
 #
 # The temp file is used for initrd creation;
@@ -47,7 +47,7 @@ dev_node(bootloader_tmp_t)
 
 # kernel modules
 type modules_object_t;
-files_file_type(modules_object_t)
+files_type(modules_object_t)
 
 neverallow ~rw_kern_modules modules_object_t:file { create append write };
 
@@ -55,7 +55,7 @@ neverallow ~rw_kern_modules modules_object_t:file { create append write };
 # system_map_t is for the system.map files in /boot
 #
 type system_map_t;
-files_file_type(system_map_t)
+files_type(system_map_t)
 
 ########################################
 #
@@ -122,11 +122,11 @@ libs_use_ld_so(bootloader_t)
 libs_use_shared_libs(bootloader_t)
 libs_read_lib(bootloader_t)
 
-files_read_generic_etc_files(bootloader_t)
+files_read_etc_files(bootloader_t)
 files_read_etc_runtime_files(bootloader_t)
-files_read_usr_src(bootloader_t)
+files_read_usr_src_files(bootloader_t)
 files_read_usr_files(bootloader_t)
-files_read_var_file(bootloader_t)
+files_read_var_files(bootloader_t)
 # for nscd
 files_dontaudit_search_pids(bootloader_t)
 
@@ -185,7 +185,7 @@ optional_policy(`lvm.te',`
 
 optional_policy(`modutils.te',`
 	modutils_exec_insmod(insmod_t)
-	modutils_read_kernel_module_dependencies(bootloader_t)
+	modutils_read_mods_deps(bootloader_t)
 	modutils_read_module_conf(bootloader_t)
 	modutils_exec_insmod(bootloader_t)
 	modutils_exec_depmod(bootloader_t)

refpolicy/policy/modules/kernel/devices.te

@@ -9,7 +9,7 @@ attribute memory_raw_write;
 # device_t is the type of /dev.
 #
 type device_t;
-files_file_type(device_t)
+files_type(device_t)
 files_mountpoint(device_t)
 fs_associate_tmpfs(device_t)
 

refpolicy/policy/modules/kernel/filesystem.te

@@ -62,7 +62,7 @@ genfscon rpc_pipefs / context_template(system_u:object_r:rpc_pipefs_t,s0)
 # tmpfs_t is the type for tmpfs filesystems
 #
 type tmpfs_t, filesystem_type;
-files_file_type(tmpfs_t)
+files_type(tmpfs_t)
 
 # Use a transition SID based on the allocating task SID and the
 # filesystem SID to label inodes in the following filesystem types,

refpolicy/policy/modules/kernel/storage.if

@@ -128,7 +128,7 @@ interface(`storage_raw_write_fixed_disk',`
 ##	The type of the process performing this action.
 ## </param>
 #
-interface(`storage_create_fixed_disk_dev_entry',`
+interface(`storage_create_fixed_disk',`
 	gen_require(`
 		attribute fixed_disk_raw_read, fixed_disk_raw_write;
 		type fixed_disk_device_t;

refpolicy/policy/modules/services/cron.if

@@ -25,7 +25,7 @@ template(`cron_per_userdomain_template',`
 
 	# Type of user crontabs once moved to cron spool.
 	type $1_cron_spool_t;
-	files_file_type($1_cron_spool_t)
+	files_type($1_cron_spool_t)
 
 	type $1_crond_t; # user_crond_domain;
 	domain_type($1_crond_t);
@@ -92,7 +92,7 @@ template(`cron_per_userdomain_template',`
 	domain_exec_all_entry_files($1_crond_t)
 
 	files_read_usr_files($1_crond_t)
-	files_exec_generic_etc_files($1_crond_t)
+	files_exec_etc_files($1_crond_t)
 	# for nscd:
 	files_dontaudit_search_pids($1_crond_t)
 
@@ -176,7 +176,7 @@ template(`cron_per_userdomain_template',`
 
 	domain_use_wide_inherit_fd($1_crontab_t)
 
-	files_read_generic_etc_files($1_crontab_t)
+	files_read_etc_files($1_crontab_t)
 
 	libs_use_ld_so($1_crontab_t)
 	libs_use_shared_libs($1_crontab_t)

refpolicy/policy/modules/services/cron.te

@@ -7,10 +7,10 @@ policy_module(cron, 1.0)
 #
 
 type anacron_exec_t;
-files_file_type(anacron_exec_t)
+files_type(anacron_exec_t)
 
 type cron_spool_t;
-files_file_type(cron_spool_t)
+files_type(cron_spool_t)
 
 type crond_t; #, privmail, nscd_client_domain
 type crond_exec_t;
@@ -27,7 +27,7 @@ type crond_var_run_t;
 files_pid_file(crond_var_run_t)
 
 type crontab_exec_t;
-files_file_type(crontab_exec_t)
+files_type(crontab_exec_t)
 
 type system_cron_spool_t;
 type system_crond_t; #, privmail, nscd_client_domain;
@@ -99,8 +99,8 @@ corecmd_list_sbin(crond_t)
 
 domain_use_wide_inherit_fd(crond_t)
 
-files_read_generic_etc_files(crond_t)
-files_read_spools(crond_t)
+files_read_etc_files(crond_t)
+files_read_generic_spools(crond_t)
 
 init_use_fd(crond_t)
 init_use_script_pty(crond_t)
@@ -112,7 +112,7 @@ logging_send_syslog_msg(crond_t)
 
 seutil_read_config(crond_t)
 seutil_read_default_contexts(crond_t)
-seutil_newrole_sigchld(crond_t)
+seutil_sigchld_newrole(crond_t)
 
 miscfiles_read_localization(crond_t)
 
@@ -206,7 +206,7 @@ allow system_crond_t crond_t:process sigchld;
 
 # Write /var/lock/makewhatis.lock.
 allow system_crond_t system_crond_lock_t:file create_file_perms;
-files_create_lock_file(system_crond_t,system_crond_lock_t)
+files_create_lock(system_crond_t,system_crond_lock_t)
 
 # write temporary files
 allow system_crond_t system_crond_tmp_t:file create_file_perms;
@@ -254,18 +254,18 @@ corecmd_exec_sbin(system_crond_t)
 
 domain_exec_all_entry_files(system_crond_t)
 
-files_exec_generic_etc_files(system_crond_t)
-files_read_generic_etc_files(system_crond_t)
+files_exec_etc_files(system_crond_t)
+files_read_etc_files(system_crond_t)
 files_read_etc_runtime_files(system_crond_t)
 files_list_all_dirs(system_crond_t)
 files_getattr_all_files(system_crond_t)
 files_read_usr_files(system_crond_t)
-files_read_var_file(system_crond_t)
+files_read_var_files(system_crond_t)
 # for nscd:
 files_dontaudit_search_pids(system_crond_t)
 # Access other spool directories like
 # /var/spool/anacron and /var/spool/slrnpull.
-files_manage_spools(system_crond_t)
+files_manage_generic_spools(system_crond_t)
 
 init_use_fd(system_crond_t)
 init_use_script_fd(system_crond_t)

refpolicy/policy/modules/services/inetd.te

@@ -94,7 +94,7 @@ corecmd_read_sbin_symlink(inetd_t)
 
 domain_use_wide_inherit_fd(inetd_t)
 
-files_read_generic_etc_files(inetd_t)
+files_read_etc_files(inetd_t)
 
 init_use_fd(inetd_t)
 init_use_script_pty(inetd_t)
@@ -121,7 +121,7 @@ optional_policy(`mount.te',`
 ')
 
 optional_policy(`selinux.te',`
-	seutil_newrole_sigchld(inetd_t)
+	seutil_sigchld_newrole(inetd_t)
 ')
 
 optional_policy(`udev.te', `
@@ -199,7 +199,7 @@ dev_read_urand(inetd_child_t)
 
 fs_getattr_xattr_fs(inetd_child_t)
 
-files_read_generic_etc_files(inetd_child_t)
+files_read_etc_files(inetd_child_t)
 
 libs_use_ld_so(inetd_child_t)
 libs_use_shared_libs(inetd_child_t)

refpolicy/policy/modules/services/mta.if

@@ -54,7 +54,7 @@ template(`mta_per_userdomain_template',`
 
 	corecmd_exec_bin($1_mail_t)
 
-	files_read_generic_etc_files($1_mail_t)
+	files_read_etc_files($1_mail_t)
 
 	logging_send_syslog_msg($1_mail_t)
 

refpolicy/policy/modules/services/mta.te

@@ -7,21 +7,21 @@ policy_module(mta,1.0)
 #
 
 type etc_aliases_t;
-files_file_type(etc_aliases_t)
+files_type(etc_aliases_t)
 
 type etc_mail_t;
-files_file_type(etc_mail_t)
+files_type(etc_mail_t)
 
 attribute mailserver_domain;
 
 type mqueue_spool_t;
-files_file_type(mqueue_spool_t)
+files_type(mqueue_spool_t)
 
 type mail_spool_t;
-files_file_type(mail_spool_t)
+files_type(mail_spool_t)
 
 type sendmail_exec_t;
-files_file_type(sendmail_exec_t)
+files_type(sendmail_exec_t)
 
 type system_mail_t; #, user_mail_domain, nscd_client_domain;
 domain_type(system_mail_t)
@@ -67,7 +67,7 @@ fs_getattr_xattr_fs(system_mail_t)
 init_use_script_pty(system_mail_t)
 
 files_read_etc_runtime_files(system_mail_t)
-files_read_generic_etc_files(system_mail_t)
+files_read_etc_files(system_mail_t)
 # It wants to check for nscd
 files_dontaudit_search_pids(system_mail_t)
 
@@ -146,7 +146,7 @@ ifdef(`targeted_policy', `
 
 ifdef(`postfix.te', `', `
 domain_exec_all_entry_files(system_mail_t)
-files_exec_generic_etc_files(system_mail_t)
+files_exec_etc_files(system_mail_t)
 corecmd_exec_bin(system_mail_t)
 corecmd_exec_sbin(system_mail_t)
 libs_use_ld_so(system_mail_t)

refpolicy/policy/modules/services/nis.te

@@ -7,7 +7,7 @@ policy_module(nis,1.0)
 #
 
 type var_yp_t;
-files_file_type(var_yp_t)
+files_type(var_yp_t)
 
 type ypbind_t;
 type ypbind_exec_t;
@@ -24,7 +24,7 @@ type ypserv_exec_t;
 init_daemon_domain(ypserv_t,ypserv_exec_t)
 
 type ypserv_conf_t;
-files_file_type(ypserv_conf_t)
+files_type(ypserv_conf_t)
 
 type ypserv_tmp_t;
 files_tmp_file(ypserv_tmp_t)
@@ -83,7 +83,7 @@ term_dontaudit_use_console(ypbind_t)
 
 domain_use_wide_inherit_fd(ypbind_t)
 
-files_read_generic_etc_files(ypbind_t)
+files_read_etc_files(ypbind_t)
 
 init_use_fd(ypbind_t)
 init_use_script_pty(ypbind_t)
@@ -111,7 +111,7 @@ optional_policy(`mount.te',`
 ')
 
 optional_policy(`selinux.te',`
-	seutil_newrole_sigchld(ypbind_t)
+	seutil_sigchld_newrole(ypbind_t)
 ')
 
 optional_policy(`udev.te', `
@@ -200,7 +200,7 @@ ifdef(`targeted_policy', `
 ')
 
 optional_policy(`selinux.te',`
-	seutil_newrole_sigchld(ypserv_t)
+	seutil_sigchld_newrole(ypserv_t)
 ')
 
 optional_policy(`udev.te', `

refpolicy/policy/modules/services/remotelogin.te

@@ -65,7 +65,7 @@ auth_manage_pam_console_data(remote_login_t)
 
 domain_read_all_entry_files(remote_login_t)
 
-files_read_generic_etc_files(remote_login_t)
+files_read_etc_files(remote_login_t)
 files_read_etc_runtime_files(remote_login_t)
 files_list_home(remote_login_t)
 files_read_usr_files(remote_login_t)

refpolicy/policy/modules/services/sendmail.te

@@ -63,7 +63,7 @@ term_dontaudit_use_console(sendmail_t)
 
 domain_use_wide_inherit_fd(sendmail_t)
 
-files_read_generic_etc_files(sendmail_t)
+files_read_etc_files(sendmail_t)
 files_search_spool(sendmail_t)
 
 init_use_fd(sendmail_t)
@@ -100,7 +100,7 @@ optional_policy(`nis.te',`
 ')
 
 optional_policy(`selinux.te',`
-	seutil_newrole_sigchld(sendmail_t)
+	seutil_sigchld_newrole(sendmail_t)
 ')
 
 optional_policy(`udev.te', `

refpolicy/policy/modules/services/ssh.if

@@ -28,7 +28,7 @@ template(`ssh_per_userdomain_template',`
 	#
 
 	type $1_home_ssh_t; #, $1_file_type;
-	files_file_type($1_home_ssh_t)
+	files_type($1_home_ssh_t)
 	role $1_r types $1_ssh_t;
 
 	type $1_ssh_t; #, nscd_client_domain;
@@ -109,7 +109,7 @@ template(`ssh_per_userdomain_template',`
 	files_list_home($1_ssh_t)
 	files_read_usr_files($1_ssh_t)
 	files_read_etc_runtime_files($1_ssh_t)
-	files_read_generic_etc_files($1_ssh_t)
+	files_read_etc_files($1_ssh_t)
 
 	libs_use_ld_so($1_ssh_t)
 	libs_use_shared_libs($1_ssh_t)
@@ -248,7 +248,7 @@ template(`ssh_per_userdomain_template',`
 
 	domain_use_wide_inherit_fd($1_ssh_agent_t)
 
-	files_read_generic_etc_files($1_ssh_agent_t)
+	files_read_etc_files($1_ssh_agent_t)
 	files_read_etc_runtime_files($1_ssh_agent_t)
 
 	libs_read_lib($1_ssh_agent_t)
@@ -343,11 +343,11 @@ template(`ssh_per_userdomain_template',`
 ##	</p>
 ## </desc>
 ## <param name="userdomain_prefix">
-##	The prefix of the user domain (e.g., user
-##	is the prefix for user_t).
+##	The prefix of the server domain (e.g., sshd
+##	is the prefix for sshd_t).
 ## </param>
 #
-template(`sshd_program_domain', `
+template(`ssh_server_template', `
 	type $1_t, ssh_server; #, nscd_client_domain;
 	role system_r types $1_t;
 
@@ -413,7 +413,7 @@ template(`sshd_program_domain', `
 	domain_role_change_exempt($1_t)
 	domain_obj_id_change_exempt($1_t)
 
-	files_read_generic_etc_files($1_t)
+	files_read_etc_files($1_t)
 	files_read_etc_runtime_files($1_t)
 
 	init_rw_script_pid($1_t)

refpolicy/policy/modules/services/ssh.te

@@ -10,18 +10,18 @@ attribute ssh_server;
 
 # Type for the ssh-agent executable.
 type ssh_agent_exec_t;
-files_file_type(ssh_agent_exec_t)
+files_type(ssh_agent_exec_t)
 
 # ssh client executable.
 type ssh_exec_t;
-files_file_type(ssh_exec_t)
+files_type(ssh_exec_t)
 
 type ssh_keygen_t;
 type ssh_keygen_exec_t;
 init_daemon_domain(ssh_keygen_t,ssh_keygen_exec_t)
 role system_r types ssh_keygen_t;
 
-sshd_program_domain(sshd)
+ssh_server_template(sshd)
 
 optional_policy(`inetd.te',`
 # CJP: commenting this out until typeattribute works in a conditional
@@ -37,12 +37,12 @@ optional_policy(`inetd.te',`
 ')
 
 type sshd_exec_t;
-files_file_type(sshd_exec_t)
+files_type(sshd_exec_t)
 
-sshd_program_domain(sshd_extern)
+ssh_server_template(sshd_extern)
 
 type sshd_key_t;
-files_file_type(sshd_key_t)
+files_type(sshd_key_t)
 
 type sshd_tmp_t;
 files_tmp_file(sshd_tmp_t)
@@ -191,7 +191,7 @@ term_dontaudit_use_console(ssh_keygen_t)
 
 domain_use_wide_inherit_fd(ssh_keygen_t)
 
-files_read_generic_etc_files(ssh_keygen_t)
+files_read_etc_files(ssh_keygen_t)
 
 init_use_fd(ssh_keygen_t)
 init_use_script_pty(ssh_keygen_t)
@@ -222,7 +222,7 @@ optional_policy(`rhgb.te', `
 ')
 
 optional_policy(`selinux.te',`
-	seutil_newrole_sigchld(ssh_keygen_t)
+	seutil_sigchld_newrole(ssh_keygen_t)
 ')
 
 optional_policy(`udev.te', `

refpolicy/policy/modules/system/authlogin.if

@@ -57,7 +57,7 @@ template(`authlogin_per_userdomain_template',`
 	libs_use_ld_so($1_chkpwd_t)
 	libs_use_shared_libs($1_chkpwd_t)
 
-	files_read_generic_etc_files($1_chkpwd_t)
+	files_read_etc_files($1_chkpwd_t)
 	# for nscd
 	files_dontaudit_search_var($1_chkpwd_t)
 

refpolicy/policy/modules/system/authlogin.te

@@ -11,7 +11,7 @@ attribute can_write_shadow_passwords;
 attribute can_relabelto_shadow_passwords;
 
 type chkpwd_exec_t;
-files_file_type(chkpwd_exec_t)
+files_type(chkpwd_exec_t)
 
 type faillog_t;
 logging_log_file(faillog_t)
@@ -20,7 +20,7 @@ type lastlog_t;
 logging_log_file(lastlog_t)
 
 type login_exec_t;
-files_file_type(login_exec_t)
+files_type(login_exec_t)
 
 type pam_console_t;
 type pam_console_exec_t;
@@ -40,13 +40,13 @@ type pam_tmp_t;
 files_tmp_file(pam_tmp_t)
 
 type pam_var_console_t; #, nscd_client_domain
-files_file_type(pam_var_console_t)
+files_type(pam_var_console_t)
 
 type pam_var_run_t;
 files_pid_file(pam_var_run_t)
 
 type shadow_t;
-files_file_type(shadow_t)
+files_type(shadow_t)
 neverallow ~can_read_shadow_passwords shadow_t:file read;
 neverallow ~can_write_shadow_passwords shadow_t:file { create write };
 neverallow ~can_relabelto_shadow_passwords shadow_t:file relabelto;
@@ -100,7 +100,7 @@ term_use_all_user_ptys(pam_t)
 
 init_dontaudit_rw_script_pid(pam_t)
 
-files_read_generic_etc_files(pam_t)
+files_read_etc_files(pam_t)
 files_list_pids(pam_t)
 
 libs_use_ld_so(pam_t)
@@ -172,7 +172,7 @@ term_setattr_unallocated_ttys(pam_console_t)
 
 domain_use_wide_inherit_fd(pam_console_t)
 
-files_read_generic_etc_files(pam_console_t)
+files_read_etc_files(pam_console_t)
 files_search_pids(pam_console_t)
 files_list_mnt(pam_console_t)
 
@@ -204,7 +204,7 @@ optional_policy(`hotplug.te', `
 ')
 
 optional_policy(`selinux.te',`
-	seutil_newrole_sigchld(pam_console_t)
+	seutil_sigchld_newrole(pam_console_t)
 ')
 
 optional_policy(`udev.te', `
@@ -244,7 +244,7 @@ fs_dontaudit_getattr_xattr_fs(system_chkpwd_t)
 
 term_use_unallocated_tty(system_chkpwd_t)
 
-files_read_generic_etc_files(system_chkpwd_t)
+files_read_etc_files(system_chkpwd_t)
 # for nscd
 files_dontaudit_search_var(system_chkpwd_t)
 
@@ -297,7 +297,7 @@ term_dontaudit_use_ptmx(utempter_t)
 
 init_rw_script_pid(utempter_t)
 
-files_read_generic_etc_files(utempter_t)
+files_read_etc_files(utempter_t)
 
 domain_use_wide_inherit_fd(utempter_t)
 

refpolicy/policy/modules/system/clock.te

@@ -7,7 +7,7 @@ policy_module(clock,1.0)
 #
 
 type adjtime_t;
-files_file_type(adjtime_t)
+files_type(adjtime_t)
 
 type hwclock_t;
 type hwclock_exec_t;
@@ -65,7 +65,7 @@ ifdef(`targeted_policy', `
 ')
 
 optional_policy(`selinux.te',`
-	seutil_newrole_sigchld(hwclock_t)
+	seutil_sigchld_newrole(hwclock_t)
 ')
 
 optional_policy(`udev.te', `

refpolicy/policy/modules/system/corecommands.te

@@ -5,25 +5,25 @@ policy_module(corecommands,1.0)
 # bin_t is the type of files in the system bin directories.
 #
 type bin_t;
-files_file_type(bin_t)
+files_type(bin_t)
 
 #
 # sbin_t is the type of files in the system sbin directories.
 #
 type sbin_t;
-files_file_type(sbin_t)
+files_type(sbin_t)
 
 #
 # ls_exec_t is the type of the ls program.
 #
 type ls_exec_t;
-files_file_type(ls_exec_t)
+files_type(ls_exec_t)
 
 #
 # shell_exec_t is the type of user shells such as /bin/bash.
 #
 type shell_exec_t;
-files_file_type(shell_exec_t)
+files_type(shell_exec_t)
 
 type chroot_exec_t;
-files_file_type(chroot_exec_t)
+files_type(chroot_exec_t)

refpolicy/policy/modules/system/domain.if

@@ -61,7 +61,7 @@ interface(`domain_entry_file',`
 		class file entrypoint;
 	')
 
-	files_file_type($2)
+	files_type($2)
 	allow $1 $2:file entrypoint;
 	typeattribute $2 entry_type;
 ')

refpolicy/policy/modules/system/files.if

@@ -17,9 +17,9 @@
 
 ########################################
 #
-# files_file_type(type)
+# files_type(type)
 #
-interface(`files_file_type',`
+interface(`files_type',`
 	gen_require(`
 		attribute file_type;
 	')
@@ -38,7 +38,7 @@ interface(`files_lock_file',`
 		attribute lockfile;
 	')
 
-	files_file_type($1)
+	files_type($1)
 	typeattribute $1 lockfile;
 ')
 
@@ -51,7 +51,7 @@ interface(`files_mountpoint',`
 		attribute mountpoint;
 	')
 
-	files_file_type($1)
+	files_type($1)
 	typeattribute $1 mountpoint;
 ')
 
@@ -64,7 +64,7 @@ interface(`files_pid_file',`
 		attribute pidfile;
 	')
 
-	files_file_type($1)
+	files_type($1)
 	typeattribute $1 pidfile;
 ')
 
@@ -77,7 +77,7 @@ interface(`files_tmp_file',`
 		attribute tmpfile;
 	')
 
-	files_file_type($1)
+	files_type($1)
 	typeattribute $1 tmpfile;
 ')
 
@@ -95,7 +95,7 @@ interface(`files_tmpfs_file',`
 		attribute tmpfsfile;
 	')
 
-	files_file_type($1)
+	files_type($1)
 	fs_associate_tmpfs($1)
 	typeattribute $1 tmpfsfile;
 ')
@@ -439,9 +439,9 @@ interface(`files_list_etc',`
 
 ########################################
 #
-# files_read_generic_etc_files(domain)
+# files_read_etc_files(domain)
 #
-interface(`files_read_generic_etc_files',`
+interface(`files_read_etc_files',`
 	gen_require(`
 		type etc_t;
 		class dir r_dir_perms;
@@ -456,9 +456,9 @@ interface(`files_read_generic_etc_files',`
 
 ########################################
 #
-# files_rw_generic_etc_files(domain)
+# files_rw_etc_files(domain)
 #
-interface(`files_rw_generic_etc_files',`
+interface(`files_rw_etc_files',`
 	gen_require(`
 		type etc_t;
 		class dir r_dir_perms;
@@ -473,9 +473,9 @@ interface(`files_rw_generic_etc_files',`
 
 ########################################
 #
-# files_manage_generic_etc_files(domain)
+# files_manage_etc_files(domain)
 #
-interface(`files_manage_generic_etc_files',`
+interface(`files_manage_etc_files',`
 	gen_require(`
 		type etc_t;
 		class dir rw_dir_perms;
@@ -496,7 +496,7 @@ interface(`files_manage_generic_etc_files',`
 ##	The type of the process performing this action.
 ## </param>
 #
-interface(`files_delete_generic_etc_files',`
+interface(`files_delete_etc_files',`
 	gen_require(`
 		type etc_t;
 		class dir rw_dir_perms;
@@ -509,9 +509,9 @@ interface(`files_delete_generic_etc_files',`
 
 ########################################
 #
-# files_exec_generic_etc_files(domain)
+# files_exec_etc_files(domain)
 #
-interface(`files_exec_generic_etc_files',`
+interface(`files_exec_etc_files',`
 	gen_require(`
 		type etc_t;
 		class dir r_dir_perms;
@@ -591,7 +591,6 @@ interface(`files_create_etc_config',`
 	')
 ')
 
-
 ########################################
 ## <summary>
 ##	Do not audit attempts to search directories on new filesystems
@@ -908,9 +907,9 @@ interface(`files_exec_usr_files',`
 
 ########################################
 #
-# files_read_usr_src(domain)
+# files_read_usr_src_files(domain)
 #
-interface(`files_read_usr_src',`
+interface(`files_read_usr_src_files',`
 	gen_require(`
 		type usr_t, src_t;
 		class dir r_dir_perms;
@@ -957,7 +956,7 @@ interface(`files_dontaudit_search_var',`
 ##	The type of the process performing this action.
 ## </param>
 #
-interface(`files_read_var_file',`
+interface(`files_read_var_files',`
 	gen_require(`
 		type var_t;
 		class dir search;
@@ -1003,9 +1002,9 @@ interface(`files_manage_urandom_seed',`
 
 ########################################
 #
-# files_getattr_generic_lock_files(domain)
+# files_getattr_generic_locks(domain)
 #
-interface(`files_getattr_generic_lock_files',`
+interface(`files_getattr_generic_locks',`
 	gen_require(`
 		type var_lock_t;
 		class dir r_dir_perms;
@@ -1018,9 +1017,9 @@ interface(`files_getattr_generic_lock_files',`
 
 ########################################
 #
-# files_manage_generic_lock_files(domain)
+# files_manage_generic_locks(domain)
 #
-interface(`files_manage_generic_lock_files',`
+interface(`files_manage_generic_locks',`
 	gen_require(`
 		type var_lock_t;
 		class dir { getattr search create read write setattr add_name remove_name rmdir };
@@ -1033,9 +1032,9 @@ interface(`files_manage_generic_lock_files',`
 
 ########################################
 #
-# files_delete_all_lock_files(domain)
+# files_delete_all_locks(domain)
 #
-interface(`files_delete_all_lock_files',`
+interface(`files_delete_all_locks',`
 	gen_require(`
 		attribute lockfile;
 		class dir rw_dir_perms;
@@ -1048,9 +1047,9 @@ interface(`files_delete_all_lock_files',`
 
 ########################################
 #
-# files_create_lock_file(domain,private_type,[object class(es)])
+# files_create_lock(domain,private_type,[object class(es)])
 #
-interface(`files_create_lock_file',`
+interface(`files_create_lock',`
 	gen_require(`
 		type var_t, var_lock_t;
 		class dir rw_dir_perms;
@@ -1246,9 +1245,9 @@ interface(`files_list_spool',`
 
 ########################################
 #
-# files_manage_spool_dirs(domain)
+# files_manage_generic_spool_dirs(domain)
 #
-interface(`files_manage_spool_dirs',`
+interface(`files_manage_generic_spool_dirs',`
 	gen_require(`
 		type var_t, var_spool_t;
 		class dir create_dir_perms;
@@ -1260,9 +1259,9 @@ interface(`files_manage_spool_dirs',`
 
 ########################################
 #
-# files_read_spools(domain)
+# files_read_generic_spools(domain)
 #
-interface(`files_read_spools',`
+interface(`files_read_generic_spools',`
 	gen_require(`
 		type var_t, var_spool_t;
 		class dir r_dir_perms;
@@ -1276,9 +1275,9 @@ interface(`files_read_spools',`
 
 ########################################
 #
-# files_manage_spools(domain)
+# files_manage_generic_spools(domain)
 #
-interface(`files_manage_spools',`
+interface(`files_manage_generic_spools',`
 	gen_require(`
 		type var_t, var_spool_t;
 		class dir rw_dir_perms;

refpolicy/policy/modules/system/fstools.te

@@ -14,7 +14,7 @@ type fsadm_tmp_t;
 files_tmp_file(fsadm_tmp_t)
 
 type swapfile_t;
-files_file_type(swapfile_t)
+files_type(swapfile_t)
 
 ########################################
 
@@ -73,7 +73,7 @@ domain_use_wide_inherit_fd(fsadm_t)
 
 files_list_home(fsadm_t)
 files_read_usr_files(fsadm_t)
-files_read_generic_etc_files(fsadm_t)
+files_read_etc_files(fsadm_t)
 files_list_mnt(fsadm_t)
 files_manage_lost_found(fsadm_t)
 # Write to /etc/mtab.

refpolicy/policy/modules/system/getty.te

@@ -59,9 +59,9 @@ auth_rw_login_records(getty_t)
 corecmd_search_bin(getty_t)
 
 files_rw_generic_pids(getty_t)
-files_manage_generic_lock_files(getty_t)
+files_manage_generic_locks(getty_t)
 files_read_etc_runtime_files(getty_t)
-files_read_generic_etc_files(getty_t)
+files_read_etc_files(getty_t)
 
 init_rw_script_pid(getty_t)
 init_use_script_pty(getty_t)

refpolicy/policy/modules/system/hostname.te

@@ -41,7 +41,7 @@ init_use_script_pty(hostname_t)
 
 domain_use_wide_inherit_fd(hostname_t)
 
-files_read_generic_etc_files(hostname_t)
+files_read_etc_files(hostname_t)
 files_dontaudit_search_var(hostname_t)
 # for when /usr is not mounted:
 files_dontaudit_search_isid_type_dir(hostname_t)
@@ -81,7 +81,7 @@ optional_policy(`hotplug.te',`
 ')
 
 optional_policy(`selinux.te',`
-	seutil_newrole_sigchld(hostname_t)
+	seutil_sigchld_newrole(hostname_t)
 ')
 
 optional_policy(`udev.te', `

refpolicy/policy/modules/system/hotplug.te

@@ -12,7 +12,7 @@ kernel_userland_entry(hotplug_t,hotplug_exec_t)
 init_system_domain(hotplug_t,hotplug_exec_t)
 
 type hotplug_etc_t; #, usercanread;
-files_file_type(hotplug_etc_t)
+files_type(hotplug_etc_t)
 
 type hotplug_var_run_t;
 files_pid_file(hotplug_var_run_t)
@@ -78,9 +78,9 @@ corecmd_exec_sbin(hotplug_t)
 
 domain_use_wide_inherit_fd(hotplug_t)
 
-files_read_generic_etc_files(hotplug_t)
+files_read_etc_files(hotplug_t)
 files_manage_etc_runtime_files(hotplug_t)
-files_exec_generic_etc_files(hotplug_t)
+files_exec_etc_files(hotplug_t)
 # for when filesystems are not mounted early in the boot:
 files_dontaudit_search_isid_type_dir(hotplug_t)
 
@@ -102,7 +102,7 @@ libs_use_shared_libs(hotplug_t)
 libs_read_lib(hotplug_t)
 
 modutils_domtrans_insmod(hotplug_t)
-modutils_read_kernel_module_dependencies(hotplug_t)
+modutils_read_mods_deps(hotplug_t)
 
 miscfiles_read_localization(hotplug_t)
 
@@ -118,7 +118,7 @@ ifdef(`distro_redhat', `
 		netutils_domtrans(hotplug_t)
 		fs_use_tmpfs_character_devices(hotplug_t)
 	')
-	files_getattr_generic_lock_files(hotplug_t)
+	files_getattr_generic_locks(hotplug_t)
 ')
 
 ifdef(`targeted_policy', `
@@ -152,7 +152,7 @@ optional_policy(`nis.te',`
 ')
 
 optional_policy(`selinux.te',`
-	seutil_newrole_sigchld(hotplug_t)
+	seutil_sigchld_newrole(hotplug_t)
 ')
 
 optional_policy(`sysnetwork.te',`

refpolicy/policy/modules/system/init.te

@@ -32,7 +32,7 @@ files_pid_file(init_var_run_t)
 # to communicate with init.
 #
 type initctl_t;
-files_file_type(initctl_t)
+files_type(initctl_t)
 
 type initrc_t;
 domain_type(initrc_t)
@@ -50,7 +50,7 @@ type initrc_var_run_t;
 files_pid_file(initrc_var_run_t)
 
 type initrc_state_t;
-files_file_type(initrc_state_t)
+files_type(initrc_state_t)
 
 type initrc_tmp_t;
 files_tmp_file(initrc_tmp_t)
@@ -108,12 +108,12 @@ domain_sigstop_all_domains(init_t)
 domain_sigstop_all_domains(init_t)
 domain_sigchld_all_domains(init_t)
 
-files_read_generic_etc_files(init_t)
+files_read_etc_files(init_t)
 files_rw_generic_pids(init_t)
 files_dontaudit_search_isid_type_dir(init_t)
 files_manage_etc_runtime_files(init_t)
 # Run /etc/X11/prefdm:
-files_exec_generic_etc_files(init_t)
+files_exec_etc_files(init_t)
 # file descriptors inherited from the rootfs:
 files_dontaudit_rw_root_file(init_t)
 files_dontaudit_rw_root_chr_dev(init_t)
@@ -260,16 +260,16 @@ domain_dontaudit_getattr_all_unnamed_pipes(initrc_t)
 
 files_getattr_all_files(initrc_t)
 files_delete_all_tmp_files(initrc_t)
-files_delete_all_lock_files(initrc_t)
+files_delete_all_locks(initrc_t)
 files_read_all_pids(initrc_t)
 files_delete_all_pids(initrc_t)
-files_read_generic_etc_files(initrc_t)
+files_read_etc_files(initrc_t)
 files_manage_etc_runtime_files(initrc_t)
-files_manage_generic_lock_files(initrc_t)
-files_exec_generic_etc_files(initrc_t)
+files_manage_generic_locks(initrc_t)
+files_exec_etc_files(initrc_t)
 files_read_usr_files(initrc_t)
 files_manage_urandom_seed(initrc_t)
-files_manage_spools(initrc_t)
+files_manage_generic_spools(initrc_t)
 
 libs_rw_ld_so_cache(initrc_t)
 libs_use_ld_so(initrc_t)
@@ -340,7 +340,7 @@ optional_policy(`hotplug.te',`
 	# init scripts run /etc/hotplug/usb.rc
 	hotplug_read_config(initrc_t)
 
-	modutils_read_kernel_module_dependencies(initrc_t)
+	modutils_read_mods_deps(initrc_t)
 ')
 
 optional_policy(`lvm.te',`

refpolicy/policy/modules/system/iptables.te

@@ -52,7 +52,7 @@ term_dontaudit_use_console(iptables_t)
 
 domain_use_wide_inherit_fd(iptables_t)
 
-files_read_generic_etc_files(iptables_t)
+files_read_etc_files(iptables_t)
 
 init_use_fd(iptables_t)
 init_use_script_pty(iptables_t)
@@ -103,7 +103,7 @@ optional_policy(`nis.te',`
 ')
 
 optional_policy(`selinux.te',`
-	seutil_newrole_sigchld(iptables_t)
+	seutil_sigchld_newrole(iptables_t)
 ')
 
 optional_policy(`udev.te', `

refpolicy/policy/modules/system/libraries.te

@@ -10,33 +10,33 @@ policy_module(libraries,1.0)
 # ld_so_cache_t is the type of /etc/ld.so.cache.
 #
 type ld_so_cache_t;
-files_file_type(ld_so_cache_t)
+files_type(ld_so_cache_t)
 
 #
 # ld_so_t is the type of the system dynamic loaders.
 #
 type ld_so_t;
-files_file_type(ld_so_t)
+files_type(ld_so_t)
 
 #
 # lib_t is the type of files in the system lib directories.
 #
 type lib_t;
-files_file_type(lib_t)
+files_type(lib_t)
 
 #
 # shlib_t is the type of shared objects in the system lib
 # directories.
 #
 type shlib_t;
-files_file_type(shlib_t)
+files_type(shlib_t)
 
 #
 # texrel_shlib_t is the type of shared objects in the system lib
 # directories, which require text relocation.
 #
 type texrel_shlib_t;
-files_file_type(texrel_shlib_t)
+files_type(texrel_shlib_t)
 
 ########################################
 #
@@ -65,9 +65,9 @@ fs_getattr_xattr_fs(ldconfig_t)
 domain_use_wide_inherit_fd(ldconfig_t)
 
 files_search_var_lib(ldconfig_t)
-files_read_generic_etc_files(ldconfig_t)
+files_read_etc_files(ldconfig_t)
 # for when /etc/ld.so.cache is mislabeled:
-files_delete_generic_etc_files(ldconfig_t)
+files_delete_etc_files(ldconfig_t)
 
 init_use_script_pty(ldconfig_t)
 

refpolicy/policy/modules/system/locallogin.te

@@ -16,7 +16,7 @@ domain_wide_inherit_fd(local_login_t)
 role system_r types local_login_t;
 
 type local_login_tmp_t;
-files_file_type(local_login_tmp_t)
+files_type(local_login_tmp_t)
 
 type sulogin_t;
 type sulogin_exec_t;
@@ -102,10 +102,10 @@ auth_manage_pam_console_data(local_login_t)
 
 domain_read_all_entry_files(local_login_t)
 
-files_read_generic_etc_files(local_login_t)
+files_read_etc_files(local_login_t)
 files_read_etc_runtime_files(local_login_t)
 files_read_usr_files(local_login_t)
-files_manage_generic_lock_files(var_lock_t)
+files_manage_generic_locks(var_lock_t)
 
 init_rw_script_pid(local_login_t)
 init_dontaudit_use_fd(local_login_t)
@@ -223,7 +223,7 @@ kernel_read_system_state(sulogin_t)
 
 fs_search_auto_mountpoints(sulogin_t)
 
-files_read_generic_etc_files(sulogin_t)
+files_read_etc_files(sulogin_t)
 # because file systems are not mounted:
 files_dontaudit_search_isid_type_dir(sulogin_t)
 

refpolicy/policy/modules/system/logging.if

@@ -9,7 +9,7 @@ interface(`logging_log_file',`
 		attribute logfile;
 	')
 
-	files_file_type($1)
+	files_type($1)
 	typeattribute $1 logfile;
 ')
 
@@ -143,10 +143,16 @@ interface(`logging_read_all_logs',`
 	allow $1 logfile:file r_file_perms;
 ')
 
-#######################################
-#
-# logging_exec_all_logs(domain)
+########################################
+## <summary>
+##	Execute all log files in the caller domain.
+## </summary>
+## <param name="domain">
+##	The type of the process performing this action.
+## </param>
 #
+# cjp: not sure why this is needed.  This was added
+# because of logrotate.
 interface(`logging_exec_all_logs',`
 	gen_require(`
 		attribute logfile;

refpolicy/policy/modules/system/logging.te

@@ -19,7 +19,7 @@ type auditd_var_run_t;
 files_pid_file(auditd_var_run_t)
 
 type devlog_t;
-files_file_type(devlog_t)
+files_type(devlog_t)
 
 type klogd_t;
 type klogd_exec_t;
@@ -42,7 +42,7 @@ type syslogd_var_run_t;
 files_pid_file(syslogd_var_run_t)
 
 type var_log_t, logfile;
-files_file_type(var_log_t)
+files_type(var_log_t)
 
 ########################################
 #
@@ -72,7 +72,7 @@ init_use_script_pty(auditd_t)
 
 domain_use_wide_inherit_fd(auditd_t)
 
-files_read_generic_etc_files(auditd_t)
+files_read_etc_files(auditd_t)
 
 logging_send_syslog_msg(auditd_t)
 
@@ -90,7 +90,7 @@ ifdef(`targeted_policy', `
 ')
 
 optional_policy(`selinux.te',`
-	seutil_newrole_sigchld(auditd_t)
+	seutil_sigchld_newrole(auditd_t)
 ')
 
 optional_policy(`udev.te', `
@@ -139,7 +139,7 @@ fs_getattr_all_fs(klogd_t)
 files_create_pid(klogd_t,klogd_var_run_t)
 files_read_etc_runtime_files(klogd_t)
 # read /etc/nsswitch.conf
-files_read_generic_etc_files(klogd_t)
+files_read_etc_files(klogd_t)
 
 init_use_fd(klogd_t)
 
@@ -219,7 +219,7 @@ init_use_script_pty(syslogd_t)
 
 domain_use_wide_inherit_fd(syslogd_t)
 
-files_read_generic_etc_files(syslogd_t)
+files_read_etc_files(syslogd_t)
 
 libs_use_ld_so(syslogd_t)
 libs_use_shared_libs(syslogd_t)
@@ -262,7 +262,7 @@ optional_policy(`nis.te',`
 ')
 
 optional_policy(`selinux.te',`
-	seutil_newrole_sigchld(syslogd_t)
+	seutil_sigchld_newrole(syslogd_t)
 ')
 
 optional_policy(`udev.te', `

refpolicy/policy/modules/system/lvm.te

@@ -15,13 +15,13 @@ domain_obj_id_change_exempt(lvm_t)
 role system_r types lvm_t;
 
 type lvm_etc_t;
-files_file_type(lvm_etc_t)
+files_type(lvm_etc_t)
 
 type lvm_lock_t;
 files_lock_file(lvm_lock_t)
 
 type lvm_metadata_t;
-files_file_type(lvm_metadata_t)
+files_type(lvm_metadata_t)
 
 type lvm_tmp_t;
 files_tmp_file(lvm_tmp_t)
@@ -57,7 +57,7 @@ can_exec(lvm_t, lvm_exec_t)
 # Creating lock files
 allow lvm_t lvm_lock_t:dir rw_dir_perms;
 allow lvm_t lvm_lock_t:file create_file_perms;
-files_create_lock_file(lvm_t,lvm_lock_t)
+files_create_lock(lvm_t,lvm_lock_t)
 
 allow lvm_t lvm_etc_t:file r_file_perms;
 allow lvm_t lvm_etc_t:lnk_file r_file_perms;
@@ -111,7 +111,7 @@ storage_relabel_fixed_disk(lvm_t)
 # depending on its version
 # LVM(2) needs to create directores (/dev/mapper, /dev/<vg>)
 # and links from /dev/<vg> to /dev/mapper/<vg>-<lv>
-storage_create_fixed_disk_dev_entry(lvm_t)
+storage_create_fixed_disk(lvm_t)
 # Access raw devices and old /dev/lvm (c 109,0).  Is this needed?
 storage_manage_fixed_disk(lvm_t)
 
@@ -123,7 +123,7 @@ corecmd_dontaudit_getattr_sbin_file(lvm_t)
 domain_use_wide_inherit_fd(lvm_t)
 
 files_search_var(lvm_t)
-files_read_generic_etc_files(lvm_t)
+files_read_etc_files(lvm_t)
 files_read_etc_runtime_files(lvm_t)
 # for when /usr is not mounted:
 files_dontaudit_search_isid_type_dir(lvm_t)
@@ -141,7 +141,7 @@ miscfiles_read_localization(lvm_t)
 
 seutil_read_config(lvm_t)
 seutil_read_file_contexts(lvm_t)
-seutil_newrole_sigchld(lvm_t)
+seutil_sigchld_newrole(lvm_t)
 
 ifdef(`distro_redhat',`
 	# this is from the initrd:

refpolicy/policy/modules/system/miscfiles.te

@@ -5,41 +5,41 @@ policy_module(miscfiles,1.0)
 # catman_t is the type for /var/catman.
 #
 type catman_t; # , tmpfile;
-files_file_type(catman_t)
+files_type(catman_t)
 
 #
 # cert_t is the type of files in the system certs directories.
 #
 type cert_t;
-files_file_type(cert_t)
+files_type(cert_t)
 
 #
 # fonts_t is the type of various font
 # files in /usr
 #
 type fonts_t;
-files_file_type(fonts_t)
+files_type(fonts_t)
 
 #
 # locale_t is the type for system localization
 #
 type locale_t;
-files_file_type(locale_t)
+files_type(locale_t)
 
 #
 # man_t is the type for the man directories.
 #
 type man_t;
-files_file_type(man_t)
+files_type(man_t)
 
 #
 # Base type for the tests directory.
 #
 type test_file_t;
-files_file_type(test_file_t)
+files_type(test_file_t)
 
 #
 # for /var/{spool,lib}/texmf index files
 #
 type tetex_data_t; # , tmpfile;
-files_file_type(tetex_data_t)
+files_type(tetex_data_t)

refpolicy/policy/modules/system/modutils.if

@@ -8,7 +8,7 @@
 ##	The type of the process performing this action.
 ## </param>
 #
-interface(`modutils_read_kernel_module_dependencies',`
+interface(`modutils_read_mods_deps',`
 	gen_require(`
 		type modules_dep_t;
 		class file r_file_perms;
@@ -36,7 +36,7 @@ interface(`modutils_read_module_conf',`
 	# This file type can be in /etc or
 	# /lib(64)?/modules
 	files_search_etc($1)
-	bootloader_search_boot_dir($1)
+	bootloader_search_boot($1)
 
 	allow $1 modules_conf_t:file r_file_perms;
 ')

refpolicy/policy/modules/system/modutils.te

@@ -8,11 +8,11 @@ policy_module(modutils,1.0)
 
 # module loading config
 type modules_conf_t;
-files_file_type(modules_conf_t)
+files_type(modules_conf_t)
 
 # module dependencies
 type modules_dep_t;
-files_file_type(modules_dep_t)
+files_type(modules_dep_t)
 
 type insmod_t;
 type insmod_exec_t;
@@ -78,9 +78,9 @@ domain_signal_all_domains(insmod_t)
 domain_use_wide_inherit_fd(insmod_t)
 
 files_read_etc_runtime_files(insmod_t)
-files_read_generic_etc_files(insmod_t)
+files_read_etc_files(insmod_t)
 files_read_usr_files(insmod_t)
-files_exec_generic_etc_files(insmod_t)
+files_exec_etc_files(insmod_t)
 # for nscd:
 files_dontaudit_search_pids(insmod_t)
 # for when /var is not mounted early in the boot:
@@ -127,7 +127,7 @@ can_exec(depmod_t, depmod_exec_t)
 allow depmod_t modules_conf_t:file r_file_perms;
 
 allow depmod_t modules_dep_t:file create_file_perms;
-bootloader_create_private_module_dir_entry(depmod_t,modules_dep_t)
+bootloader_create_modules(depmod_t,modules_dep_t)
 
 kernel_read_system_state(depmod_t)
 
@@ -148,8 +148,8 @@ init_use_script_fd(depmod_t)
 init_use_script_pty(depmod_t)
 
 files_read_etc_runtime_files(depmod_t)
-files_read_generic_etc_files(depmod_t)
-files_read_usr_src(depmod_t)
+files_read_etc_files(depmod_t)
+files_read_usr_src_files(depmod_t)
 
 libs_use_ld_so(depmod_t)
 libs_use_shared_libs(depmod_t)
@@ -177,7 +177,7 @@ can_exec(update_modules_t, update_modules_exec_t)
 
 # manage module loading configuration
 allow update_modules_t modules_conf_t:file create_file_perms;
-bootloader_create_private_module_dir_entry(update_modules_t,modules_conf_t)
+bootloader_create_modules(update_modules_t,modules_conf_t)
 files_create_etc_config(update_modules_t,modules_conf_t)
 
 # transition to depmod
@@ -203,8 +203,8 @@ init_use_script_pty(depmod_t)
 domain_use_wide_inherit_fd(depmod_t)
 
 files_read_etc_runtime_files(update_modules_t)
-files_read_generic_etc_files(update_modules_t)
-files_exec_generic_etc_files(update_modules_t)
+files_read_etc_files(update_modules_t)
+files_exec_etc_files(update_modules_t)
 
 corecmd_exec_bin(update_modules_t)
 corecmd_exec_sbin(update_modules_t)

refpolicy/policy/modules/system/mount.te

@@ -55,7 +55,7 @@ corecmd_exec_bin(mount_t)
 domain_use_wide_inherit_fd(mount_t)
 
 files_search_all_dirs(mount_t)
-files_read_generic_etc_files(mount_t)
+files_read_etc_files(mount_t)
 files_manage_etc_runtime_files(mount_t)
 files_mounton_all_mountpoints(mount_t)
 files_unmount_rootfs(mount_t)

refpolicy/policy/modules/system/selinuxutil.if

@@ -224,7 +224,7 @@ interface(`seutil_exec_newrole',`
 ##	The type of the process performing this action.
 ## </param>
 #
-interface(`seutil_dontaudit_newrole_signal',`
+interface(`seutil_dontaudit_signal_newrole',`
 	gen_require(`
 		type newrole_t;
 		class process signal;
@@ -235,9 +235,9 @@ interface(`seutil_dontaudit_newrole_signal',`
 
 #######################################
 #
-# seutil_newrole_sigchld(domain)
+# seutil_sigchld_newrole(domain)
 #
-interface(`seutil_newrole_sigchld',`
+interface(`seutil_sigchld_newrole',`
 	gen_require(`
 		type newrole_t;
 		class process sigchld;

refpolicy/policy/modules/system/selinuxutil.te

@@ -21,14 +21,14 @@ domain_entry_file(checkpolicy_t,checkpolicy_exec_t)
 # /etc/selinux/*/contexts/*
 #
 type default_context_t;
-files_file_type(default_context_t) 
+files_type(default_context_t) 
 
 #
 # file_context_t is the type applied to
 # /etc/selinux/*/contexts/files
 #
 type file_context_t;
-files_file_type(file_context_t)
+files_type(file_context_t)
 
 type load_policy_t;
 domain_type(load_policy_t)
@@ -51,7 +51,7 @@ domain_entry_file(newrole_t,newrole_exec_t)
 # the security server policy configuration.
 #
 type policy_config_t;
-files_file_type(policy_config_t)
+files_type(policy_config_t)
 
 neverallow ~can_relabelto_binary_policy policy_config_t:file relabelto;
 neverallow ~can_write_binary_policy policy_config_t:file { write append };
@@ -61,7 +61,7 @@ neverallow ~can_write_binary_policy policy_config_t:file { write append };
 # files.
 #
 type policy_src_t;
-files_file_type(policy_src_t)
+files_type(policy_src_t)
 
 type restorecon_t, can_relabelto_binary_policy;
 type restorecon_exec_t;
@@ -80,7 +80,7 @@ domain_entry_file(run_init_t,run_init_exec_t)
 # /etc/selinux/config
 #
 type selinux_config_t;
-files_file_type(selinux_config_t)
+files_type(selinux_config_t)
 
 type setfiles_t, can_relabelto_binary_policy;
 domain_obj_id_change_exempt(setfiles_t)
@@ -216,7 +216,7 @@ domain_use_wide_inherit_fd(newrole_t)
 # Write to utmp.
 init_rw_script_pid(newrole_t)
 
-files_read_generic_etc_files(newrole_t)
+files_read_etc_files(newrole_t)
 
 libs_use_ld_so(newrole_t)
 libs_use_shared_libs(newrole_t)
@@ -284,7 +284,7 @@ init_use_script_pty(restorecon_t)
 domain_use_wide_inherit_fd(restorecon_t)
 
 files_read_etc_runtime_files(restorecon_t)
-files_read_generic_etc_files(restorecon_t)
+files_read_etc_files(restorecon_t)
 
 libs_use_ld_so(restorecon_t)
 libs_use_shared_libs(restorecon_t)
@@ -362,7 +362,7 @@ ifdef(`targeted_policy',`',`
 
 	domain_use_wide_inherit_fd(run_init_t)
 
-	files_read_generic_etc_files(run_init_t)
+	files_read_etc_files(run_init_t)
 	files_dontaudit_search_all_dirs(run_init_t)
 
 	init_domtrans_script(run_init_t)
@@ -427,7 +427,7 @@ libs_use_ld_so(setfiles_t)
 libs_use_shared_libs(setfiles_t)
 
 files_read_etc_runtime_files(setfiles_t)
-files_read_generic_etc_files(setfiles_t)
+files_read_etc_files(setfiles_t)
 
 logging_send_syslog_msg(setfiles_t)
 

refpolicy/policy/modules/system/sysnetwork.te

@@ -9,11 +9,11 @@ policy_module(sysnetwork,1.0)
 # this is shared between dhcpc and dhcpd:
 type dhcp_etc_t; #, usercanread; 
 typealias dhcp_etc_t alias { etc_dhcp_t etc_dhcpc_t etc_dhcpd_t };
-files_file_type(dhcp_etc_t)
+files_type(dhcp_etc_t)
 
 # this is shared between dhcpc and dhcpd:
 type dhcp_state_t;
-files_file_type(dhcp_state_t)
+files_type(dhcp_state_t)
 
 type dhcpc_t;
 type dhcpc_exec_t;
@@ -21,7 +21,7 @@ init_daemon_domain(dhcpc_t,dhcpc_exec_t)
 role system_r types dhcpc_t;
 
 type dhcpc_state_t;
-files_file_type(dhcpc_state_t)
+files_type(dhcpc_state_t)
 
 type dhcpc_tmp_t;
 files_tmp_file(dhcpc_tmp_t)
@@ -35,7 +35,7 @@ init_system_domain(ifconfig_t, ifconfig_exec_t)
 role system_r types ifconfig_t;
 
 type net_conf_t alias resolv_conf_t;
-files_file_type(net_conf_t)
+files_type(net_conf_t)
 
 ########################################
 #
@@ -118,7 +118,7 @@ corecmd_exec_shell(dhcpc_t)
 
 domain_use_wide_inherit_fd(dhcpc_t)
 
-files_read_generic_etc_files(dhcpc_t)
+files_read_etc_files(dhcpc_t)
 files_read_etc_runtime_files(dhcpc_t)
 
 init_use_fd(dhcpc_t)
@@ -135,7 +135,7 @@ miscfiles_read_localization(dhcpc_t)
 modutils_domtrans_insmod(dhcpc_t)
 
 ifdef(`distro_redhat', `
-	files_exec_generic_etc_files(dhcpc_t)
+	files_exec_etc_files(dhcpc_t)
 ')
 
 ifdef(`targeted_policy', `
@@ -171,7 +171,7 @@ optional_policy(`ntpd.te',`
 ')
 
 optional_policy(`selinux.te',`
-	seutil_newrole_sigchld(dhcpc_t)
+	seutil_sigchld_newrole(dhcpc_t)
 ')
 
 optional_policy(`udev.te',`
@@ -257,7 +257,7 @@ allow ifconfig_t self:udp_socket create_socket_perms;
 # for /sbin/ip
 allow ifconfig_t self:netlink_route_socket create_netlink_socket_perms;
 allow ifconfig_t self:tcp_socket { create ioctl };
-files_read_generic_etc_files(ifconfig_t);
+files_read_etc_files(ifconfig_t);
 
 kernel_use_fd(ifconfig_t)
 kernel_read_system_state(ifconfig_t)

refpolicy/policy/modules/system/udev.te

@@ -16,15 +16,15 @@ domain_wide_inherit_fd(udev_t)
 init_daemon_domain(udev_t,udev_exec_t)
 
 type udev_etc_t alias etc_udev_t;
-files_file_type(udev_etc_t)
+files_type(udev_etc_t)
 
 # udev_runtime_t is the type of the udev table file
 # cjp: this is probably a copy of udev_tbl_t and can be removed
 type udev_runtime_t;
-files_file_type(udev_runtime_t)
+files_type(udev_runtime_t)
 
 type udev_tbl_t alias udev_tdb_t;
-files_file_type(udev_tbl_t)
+files_type(udev_tbl_t)
 
 type udev_var_run_t;
 files_pid_file(udev_var_run_t)
@@ -91,8 +91,8 @@ domain_exec_all_entry_files(udev_t)
 domain_dontaudit_list_all_domains_proc(udev_t)
 
 files_read_etc_runtime_files(udev_t)
-files_read_generic_etc_files(udev_t)
-files_exec_generic_etc_files(udev_t)
+files_read_etc_files(udev_t)
+files_exec_etc_files(udev_t)
 files_dontaudit_search_isid_type_dir(udev_t)
 
 init_use_fd(udev_t)

refpolicy/policy/modules/system/userdomain.if

@@ -1,12 +1,28 @@
 ## <summary>Policy for user domains</summary>
 
-########################################
+#######################################
+## <summary>
+##	The template containing rules common to unprivileged
+##	users and administrative users.
+## </summary>
+## <desc>
+##	<p>
+##	This template creates a user domain, types, and
+##	rules for the user's tty, pty, home directories,
+##	tmp, and tmpfs files.
+##	</p>
+##	<p>
+##	This generally should not be used, rather the
+##	unpriv_user_template or admin_user_template should
+##	be used.
+##	</p>
+## </desc>
+## <param name="userdomain_prefix">
+##	The prefix of the user domain (e.g., user
+##	is the prefix for user_t).
+## </param>
 #
-# Base user domain template
-#
-# This is common to user and admin domain
-
-template(`base_user_domain',`
+template(`base_user_template',`
 
 	attribute $1_file_type;
 
@@ -22,11 +38,11 @@ template(`base_user_domain',`
 
 	# type for contents of home directory
 	type $1_home_t, $1_file_type, home_type;
-	files_file_type($1_home_t)
+	files_type($1_home_t)
 
 	# type of home directory
 	type $1_home_dir_t, home_dir_type, home_type;
-	files_file_type($1_home_t)
+	files_type($1_home_t)
 
 	type $1_tmp_t, $1_file_type;
 	files_tmp_file($1_tmp_t)
@@ -154,8 +170,8 @@ template(`base_user_domain',`
 	domain_exec_all_entry_files($1_t)
 	domain_use_wide_inherit_fd($1_t)
 
-	files_exec_generic_etc_files($1_t)
-	files_read_usr_src($1_t)
+	files_exec_etc_files($1_t)
+	files_read_usr_src_files($1_t)
 
 	# Caused by su - init scripts
 	init_dontaudit_use_script_pty($1_t)
@@ -392,19 +408,30 @@ template(`base_user_domain',`
 
 ')dnl end base_user_domain macro
 
-########################################
+#######################################
+## <summary>
+##	The template for creating a unprivileged user.
+## </summary>
+## <desc>
+##	<p>
+##	This template creates a user domain, types, and
+##	rules for the user's tty, pty, home directories,
+##	tmp, and tmpfs files.
+##	</p>
+## </desc>
+## <param name="userdomain_prefix">
+##	The prefix of the user domain (e.g., user
+##	is the prefix for user_t).
+## </param>
 #
-# User domain template
-#
-
-template(`user_domain_template', `
+template(`unpriv_user_template', `
 	##############################
 	#
 	# Declarations
 	#
 
 	# Inherit rules for ordinary users.
-	base_user_domain($1)
+	base_user_template($1)
 
 	typeattribute $1_t unpriv_userdomain; #, web_client_domain, nscd_client_domain;
 	domain_wide_inherit_fd($1_t)
@@ -455,7 +482,7 @@ template(`user_domain_template', `
 	# port access is audited even if dac would not have allowed it, so dontaudit it here
 	corenet_dontaudit_tcp_bind_all_reserved_ports($1_t)
 
-	files_read_generic_etc_files($1_t)
+	files_read_etc_files($1_t)
 	files_list_home($1_t)
 	files_read_usr_files($1_t)
 
@@ -494,7 +521,7 @@ template(`user_domain_template', `
 
 	optional_policy(`selinux.te',`
 		# for when the network connection is killed
-		seutil_dontaudit_newrole_signal($1_t)
+		seutil_dontaudit_signal_newrole($1_t)
 	')
 
 	# Need the following rule to allow users to run vpnc
@@ -594,18 +621,44 @@ template(`user_domain_template', `
 	') dnl end TODO
 ')
 
-########################################
+#######################################
+## <summary>
+##	The template for creating an administrative user.
+## </summary>
+## <desc>
+##	<p>
+##	This template creates a user domain, types, and
+##	rules for the user's tty, pty, home directories,
+##	tmp, and tmpfs files.
+##	</p>
+## </desc>
+## <secdesc>
+##	The privileges given to administrative users are:
+##	<ul>
+##		<li>Raw disk access</li>
+##		<li>Set all sysctls</li>
+##		<li>All kernel ring buffer controls</li>
+##		<li>Set SELinux enforcement mode (enforcing/permissive)</li>
+##		<li>Set SELinux booleans</li>
+##		<li>Relabel all files but shadow</li>
+##		<li>Create, read, write, and delete all files but shadow</li>
+##		<li>Manage source and binary format SELinux policy</li>
+##		<li>Run insmod</li>
+##	</ul>
+## </secdesc>
+## <param name="userdomain_prefix">
+##	The prefix of the user domain (e.g., sysadm
+##	is the prefix for sysadm_t).
+## </param>
 #
-# Admin domain template
-#
-template(`admin_domain_template',`
+template(`admin_user_template',`
 	##############################
 	#
 	# Declarations
 	#
 
 	# Inherit rules for ordinary users.
-	base_user_domain($1)
+	base_user_template($1)
 
 	typeattribute $1_t privhome; #, admin, web_client_domain, nscd_client_domain;
 	domain_obj_id_change_exempt($1_t)
@@ -658,6 +711,14 @@ template(`admin_domain_template',`
 	kernel_read_ring_buffer($1_t)
 	kernel_get_sysvipc_info($1_t)
 	kernel_rw_all_sysctl($1_t)
+
+	# signal unlabeled processes:
+	kernel_kill_unlabeled($1_t)
+	kernel_signal_unlabeled($1_t)
+	kernel_sigstop_unlabeled($1_t)
+	kernel_signull_unlabeled($1_t)
+	kernel_sigchld_unlabeled($1_t)
+
 	selinux_set_enforce_mode($1_t)
 	selinux_set_boolean($1_t)
 	selinux_set_parameters($1_t)
@@ -668,12 +729,6 @@ template(`admin_domain_template',`
 	selinux_compute_create_context($1_t)
 	selinux_compute_relabel_context($1_t)
 	selinux_compute_user_contexts($1_t)
-	# signal unlabeled processes:
-	kernel_kill_unlabeled($1_t)
-	kernel_signal_unlabeled($1_t)
-	kernel_sigstop_unlabeled($1_t)
-	kernel_signull_unlabeled($1_t)
-	kernel_sigchld_unlabeled($1_t)
 
 	corenet_tcp_bind_generic_port($1_t)
 

refpolicy/policy/modules/system/userdomain.te

@@ -29,9 +29,9 @@ attribute userdomain;
 # unprivileged user domains
 attribute unpriv_userdomain;
 
-admin_domain_template(sysadm)
-user_domain_template(staff)
-user_domain_template(user)
+admin_user_template(sysadm)
+unpriv_user_template(staff)
+unpriv_user_template(user)
 
 ########################################
 #