remove remaining _depend macros to prep for switchover to interface declaration macro

2005-06-22 16:07:14 +00:00 · 2005-06-22 16:07:14 +00:00 · cbc9d6951a
commit cbc9d6951a
parent 0404a3903a
8 changed files with 1240 additions and 2030 deletions
--- a/refpolicy/policy/modules/kernel/bootloader.if
+++ b/refpolicy/policy/modules/kernel/bootloader.if
@ -12,7 +12,12 @@
 ## </interface>
 #
 define(`bootloader_domtrans',`
-	gen_require(`$0'_depend)
+	gen_require(`
+		type bootloader_t;
+		class process sigchld;
+		class fd use;
+		class fifo_file rw_file_perms;
+	')

 	domain_auto_trans($1, bootloader_exec_t, bootloader_t)

@ -22,15 +27,6 @@ define(`bootloader_domtrans',`
 	allow bootloader_t $1:process sigchld;
 ')

-define(`bootloader_domtrans_depend',`
-	type bootloader_t;
-
-	class file { getattr read execute };
-	class process { transition noatsecure siginh rlimitinh sigchld };
-	class fd use;
-	class fifo_file rw_file_perms;
-')
-
 ########################################
 ## <interface name="bootloader_run">
 ##	<description>
@ -49,7 +45,10 @@ define(`bootloader_domtrans_depend',`
 ## </interface>
 #
 define(`bootloader_run',`
-	gen_require(`$0'_depend)
+	gen_require(`
+		type bootloader_t;
+		class chr_file rw_file_perms;
+	')

 	bootloader_domtrans($1)

@ -57,11 +56,6 @@ define(`bootloader_run',`
 	allow bootloader_t $3:chr_file rw_file_perms;
 ')

-define(`bootloader_run_depend',`
-	type bootloader_t;
-	class chr_file rw_file_perms;
-')
-
 ########################################
 ## <interface name="bootloader_search_boot_dir">
 ##	<description>
@ -73,17 +67,14 @@ define(`bootloader_run_depend',`
 ## </interface>
 #
 define(`bootloader_search_boot_dir',`
-	gen_require(`$0'_depend)
+	gen_require(`
+		type boot_t;
+		class dir search;
+	')

 	allow $1 boot_t:dir search;
 ')

-define(`bootloader_search_boot_dir_depend',`
-	type boot_t;
-
-	class dir search;
-')
-
 ########################################
 ## <interface name="bootloader_dontaudit_search_boot">
 ##	<description>
@ -95,17 +86,14 @@ define(`bootloader_search_boot_dir_depend',`
 ## </interface>
 #
 define(`bootloader_dontaudit_search_boot',`
-	gen_require(`$0'_depend)
+	gen_require(`
+		type boot_t;
+		class dir search;
+	')

 	dontaudit $1 boot_t:dir search;
 ')

-define(`bootloader_dontaudit_search_boot_depend',`
-	type boot_t;
-
-	class dir search;
-')
-
 ########################################
 ## <interface name="bootloader_rw_boot_symlinks">
 ##	<description>
@ -118,19 +106,16 @@ define(`bootloader_dontaudit_search_boot_depend',`
 ## </interface>
 #
 define(`bootloader_rw_boot_symlinks',`
-	gen_require(`$0'_depend)
+	gen_require(`
+		type boot_t;
+		class dir r_dir_perms;
+		class lnk_file rw_file_perms;
+	')

 	allow $1 boot_t:dir r_dir_perms;
 	allow $1 boot_t:lnk_file rw_file_perms;
 ')

-define(`bootloader_rw_boot_symlinks_depend',`
-	type boot_t;
-
-	class dir r_dir_perms;
-	class lnk_file rw_file_perms;
-')
-
 ########################################
 ## <interface name="bootloader_create_kernel">
 ##	<description>
@ -142,21 +127,18 @@ define(`bootloader_rw_boot_symlinks_depend',`
 ## </interface>
 #
 define(`bootloader_create_kernel',`
-	gen_require(`$0'_depend)
+	gen_require(`
+		type boot_t;
+		class dir ra_dir_perms;
+		class file { getattr read write create };
+		class lnk_file { getattr read create unlink };
+	')

 	allow $1 boot_t:dir ra_dir_perms;
 	allow $1 boot_t:file { getattr read write create };
 	allow $1 boot_t:lnk_file { getattr read create unlink };
 ')

-define(`bootloader_create_kernel_depend',`
-	type boot_t;
-
-	class dir ra_dir_perms;
-	class file { getattr read write create };
-	class lnk_file { getattr read create unlink };
-')
-
 ########################################
 ## <interface name="bootloader_create_kernel_symbol_table">
 ##	<description>
@ -168,19 +150,16 @@ define(`bootloader_create_kernel_depend',`
 ## </interface>
 #
 define(`bootloader_create_kernel_symbol_table',`
-	gen_require(`$0'_depend)
+	gen_require(`
+		type boot_t, system_map_t;
+		class dir ra_dir_perms;
+		class file { rw_file_perms create };
+	')

 	allow $1 boot_t:dir ra_dir_perms;
 	allow $1 system_map_t:file { rw_file_perms create };
 ')

-define(`bootloader_create_kernel_symbol_table_depend',`
-	type boot_t, system_map_t;
-
-	class dir ra_dir_perms;
-	class file { rw_file_perms create };
-')
-
 ########################################
 ## <interface name="bootloader_read_kernel_symbol_table">
 ##	<description>
@ -192,19 +171,16 @@ define(`bootloader_create_kernel_symbol_table_depend',`
 ## </interface>
 #
 define(`bootloader_read_kernel_symbol_table',`
-	gen_require(`$0'_depend)
+	gen_require(`
+		type boot_t, system_map_t;
+		class dir r_dir_perms;
+		class file r_file_perms;
+	')

 	allow $1 boot_t:dir r_dir_perms;
 	allow $1 system_map_t:file r_file_perms;
 ')

-define(`bootloader_read_kernel_symbol_table_depend',`
-	type boot_t, system_map_t;
-
-	class dir r_dir_perms;
-	class file r_file_perms;
-')
-
 ########################################
 ## <interface name="bootloader_delete_kernel">
 ##	<description>
@ -216,19 +192,16 @@ define(`bootloader_read_kernel_symbol_table_depend',`
 ## </interface>
 #
 define(`bootloader_delete_kernel',`
-	gen_require(`$0'_depend)
+	gen_require(`
+		type boot_t;
+		class dir { r_dir_perms write remove_name };
+		class file { getattr unlink };
+	')

 	allow $1 boot_t:dir { r_dir_perms write remove_name };
 	allow $1 boot_t:file { getattr unlink };
 ')

-define(`bootloader_delete_kernel_depend',`
-	type boot_t;
-
-	class dir { r_dir_perms write remove_name };
-	class file { getattr unlink };
-')
-
 ########################################
 ## <interface name="bootloader_delete_kernel_symbol_table">
 ##	<description>
@ -240,19 +213,16 @@ define(`bootloader_delete_kernel_depend',`
 ## </interface>
 #
 define(`bootloader_delete_kernel_symbol_table',`
-	gen_require(`$0'_depend)
+	gen_require(`
+		type boot_t, system_map_t;
+		class dir { r_dir_perms write remove_name };
+		class file { getattr unlink };
+	')

 	allow $1 boot_t:dir { r_dir_perms write remove_name };
 	allow $1 system_map_t:file { getattr unlink };
 ')

-define(`bootloader_delete_kernel_symbol_table_depend',`
-	type boot_t, system_map_t;
-
-	class dir { r_dir_perms write remove_name };
-	class file { getattr unlink };
-')
-
 ########################################
 ## <interface name="bootloader_read_config">
 ##	<description>
@ -264,17 +234,14 @@ define(`bootloader_delete_kernel_symbol_table_depend',`
 ## </interface>
 #
 define(`bootloader_read_config',`
-	gen_require(`$0'_depend)
+	gen_require(`
+		type bootloader_etc_t;
+		class file r_file_perms;
+	')

 	allow $1 bootloader_etc_t:file r_file_perms;
 ')

-define(`bootloader_read_config_depend',`
-	type bootloader_etc_t;
-
-	class file r_file_perms;
-')
-
 ########################################
 ## <interface name="bootloader_rw_config">
 ##	<description>
@ -287,17 +254,14 @@ define(`bootloader_read_config_depend',`
 ## </interface>
 #
 define(`bootloader_rw_config',`
-	gen_require(`$0'_depend)
+	gen_require(`
+		type bootloader_etc_t;
+		class file rw_file_perms;
+	')

 	allow $1 bootloader_etc_t:file rw_file_perms;
 ')

-define(`bootloader_rw_config_depend',`
-	type bootloader_etc_t;
-
-	class file rw_file_perms;
-')
-
 ########################################
 ## <interface name="bootloader_rw_tmp_file">
 ##	<description>
@ -310,18 +274,15 @@ define(`bootloader_rw_config_depend',`
 ## </interface>
 #
 define(`bootloader_rw_tmp_file',`
-	gen_require(`$0'_depend)
+	gen_require(`
+		type bootloader_tmp_t;
+		class file rw_file_perms;
+	')

-	# FIXME: read tmp_t
+	# FIXME: read tmp_t dir
 	allow $1 bootloader_tmp_t:file rw_file_perms;
 ')

-define(`bootloader_rw_tmp_file_depend',`
-	type bootloader_tmp_t;
-
-	class file rw_file_perms;
-')
-
 ########################################
 ## <interface name="bootloader_create_runtime_file">
 ##	<description>
@ -334,20 +295,17 @@ define(`bootloader_rw_tmp_file_depend',`
 ## </interface>
 #
 define(`bootloader_create_runtime_file',`
-	gen_require(`$0'_depend)
+	gen_require(`
+		type boot_t, boot_runtime_t;
+		class dir rw_dir_perms;
+		class file { rw_file_perms create unlink };
+	')

 	allow $1 boot_t:dir rw_dir_perms;
 	allow $1 boot_runtime_t:file { rw_file_perms create unlink };
 	type_transition $1 boot_t:file boot_runtime_t;
 ')

-define(`bootloader_create_runtime_file_depend',`
-	type boot_t, boot_runtime_t;
-
-	class dir rw_dir_perms;
-	class file { rw_file_perms create unlink };
-')
-
 ########################################
 ## <interface name="bootloader_list_kernel_modules">
 ##	<description>
@ -359,17 +317,14 @@ define(`bootloader_create_runtime_file_depend',`
 ## </interface>
 #
 define(`bootloader_list_kernel_modules',`
-	gen_require(`$0'_depend)
+	gen_require(`
+		type modules_object_t;
+		class dir r_dir_perms;
+	')

 	allow $1 modules_object_t:dir r_dir_perms;
 ')

-define(`bootloader_list_kernel_modules_depend',`
-	type modules_object_t;
-
-	class dir r_dir_perms;
-')
-
 ########################################
 ## <interface name="bootloader_read_kernel_modules">
 ##	<description>
@ -381,21 +336,18 @@ define(`bootloader_list_kernel_modules_depend',`
 ## </interface>
 #
 define(`bootloader_read_kernel_modules',`
-	gen_require(`$0'_depend)
+	gen_require(`
+		type modules_object_t;
+		class dir r_dir_perms;
+		class lnk_file r_file_perms;
+		class file r_file_perms;
+	')

 	allow $1 modules_object_t:dir r_dir_perms;
 	allow $1 modules_object_t:lnk_file r_file_perms;
 	allow $1 modules_object_t:file r_file_perms;
 ')

-define(`bootloader_read_kernel_modules_depend',`
-	type modules_object_t;
-
-	class dir r_dir_perms;
-	class lnk_file r_file_perms;
-	class file r_file_perms;
-')
-
 ########################################
 ## <interface name="bootloader_write_kernel_modules">
 ##	<description>
@ -407,7 +359,12 @@ define(`bootloader_read_kernel_modules_depend',`
 ## </interface>
 #
 define(`bootloader_write_kernel_modules',`
-	gen_require(`$0'_depend)
+	gen_require(`
+		attribute rw_kern_modules;
+		type modules_object_t;
+		class dir r_dir_perms;
+		class file { write append };
+	')

 	allow $1 modules_object_t:dir r_dir_perms;
 	allow $1 modules_object_t:file { write append };
@ -415,15 +372,6 @@ define(`bootloader_write_kernel_modules',`
 	typeattribute $1 rw_kern_modules;
 ')

-define(`bootloader_write_kernel_modules_depend',`
-	attribute rw_kern_modules;
-
-	type modules_object_t;
-
-	class dir r_dir_perms;
-	class file { write append };
-')
-
 ########################################
 ## <interface name="bootloader_manage_kernel_modules">
 ##	<description>
@ -436,7 +384,12 @@ define(`bootloader_write_kernel_modules_depend',`
 ## </interface>
 #
 define(`bootloader_manage_kernel_modules',`
-	gen_require(`$0'_depend)
+	gen_require(`
+		attribute rw_kern_modules;
+		type modules_object_t;
+		class file { getattr create read write setattr unlink };
+		class dir rw_dir_perms;
+	')

 	allow $1 modules_object_t:file { rw_file_perms create setattr unlink };
 	allow $1 modules_object_t:dir rw_dir_perms;
@ -444,23 +397,17 @@ define(`bootloader_manage_kernel_modules',`
 	typeattribute $1 rw_kern_modules;
 ')

-define(`bootloader_manage_kernel_modules_depend',`
-	attribute rw_kern_modules;
-
-	type modules_object_t;
-
-	class file { getattr create read write setattr unlink };
-	class dir rw_dir_perms;
-')
-
 ########################################
 #
 # bootloader_create_private_module_dir_entry(domain,privatetype,[class(es)])
 #
 define(`bootloader_create_private_module_dir_entry',`
-	gen_require(`$0'_depend)
+	gen_require(`
+		type modules_object_t;
+		class dir rw_dir_perms;
+	')

-	allow $1 modules_object_t:dir { getattr search read write add_name remove_name };
+	allow $1 modules_object_t:dir rw_dir_perms;

 	# if a class is specified use it, else use file as default
 	ifelse(`$3',`',`
@ -470,10 +417,4 @@ define(`bootloader_create_private_module_dir_entry',`
 	')
 ')

-define(`bootloader_create_private_module_dir_entry_depend',`
-	type modules_object_t;
-
-	class dir { getattr search read write add_name remove_name };
-')
-
 ## </module>
--- a/refpolicy/policy/modules/kernel/devices.if
+++ b/refpolicy/policy/modules/kernel/devices.if
--- a/refpolicy/policy/modules/kernel/filesystem.if
+++ b/refpolicy/policy/modules/kernel/filesystem.if
--- a/refpolicy/policy/modules/kernel/kernel.if
+++ b/refpolicy/policy/modules/kernel/kernel.if
--- a/refpolicy/policy/modules/kernel/selinux.if
+++ b/refpolicy/policy/modules/kernel/selinux.if
@ -31,19 +31,16 @@ define(`selinux_get_fs_mount',`
 ## </interface>
 #
 define(`selinux_get_enforce_mode',`
-	gen_require(`$0'_depend)
+	gen_require(`
+		type security_t;
+		class dir { read search getattr };
+		class file { getattr read };
+	')

 	allow $1 security_t:dir { read search getattr };
 	allow $1 security_t:file { getattr read };
 ')

-define(`selinux_get_enforce_mode_depend',`
-	type security_t;
-
-	class dir { read search getattr };
-	class file { getattr read };
-')
-
 ########################################
 ## <interface name="selinux_set_enforce_mode">
 ##	<description>
@ -56,7 +53,13 @@ define(`selinux_get_enforce_mode_depend',`
 ## </interface>
 #
 define(`selinux_set_enforce_mode',`
-	gen_require(`$0'_depend)
+	gen_require(`
+		type security_t;
+		attribute can_setenforce;
+		class dir { read search getattr };
+		class file { getattr read write };
+		class security setenforce;
+	')

 	allow $1 security_t:dir { read search getattr };
 	allow $1 security_t:file { getattr read write };
@ -65,16 +68,6 @@ define(`selinux_set_enforce_mode',`
 	typeattribute $1 can_setenforce;
 ')

-define(`selinux_set_enforce_mode_depend',`
-	type security_t;
-
-	attribute can_setenforce;
-
-	class dir { read search getattr };
-	class file { getattr read write };
-	class security setenforce;
-')
-
 ########################################
 ## <interface name="selinux_load_policy">
 ##	<description>
@ -86,7 +79,13 @@ define(`selinux_set_enforce_mode_depend',`
 ## </interface>
 #
 define(`selinux_load_policy',`
-	gen_require(`$0'_depend)
+	gen_require(`
+		type security_t;
+		attribute can_load_policy;
+		class dir { read search getattr };
+		class file { getattr read write };
+		class security load_policy;
+	')

 	allow $1 security_t:dir { read search getattr };
 	allow $1 security_t:file { getattr read write };
@ -95,16 +94,6 @@ define(`selinux_load_policy',`
 	typeattribute $1 can_load_policy;
 ')

-define(`selinux_load_policy_depend',`
-	type security_t;
-
-	attribute can_load_policy;
-
-	class dir { read search getattr };
-	class file { getattr read write };
-	class security load_policy;
-')
-
 ########################################
 ## <interface name="selinux_set_boolean">
 ##	<description>
@ -120,7 +109,12 @@ define(`selinux_load_policy_depend',`
 ## </interface>
 #
 define(`selinux_set_boolean',`
-	gen_require(`$0'_depend)
+	gen_require(`
+		type security_t;
+		class dir { read search getattr };
+		class file { getattr read write };
+		class security setbool;
+	')

 	ifelse(`$2',`',`
 		allow $1 security_t:dir { getattr search read };
@ -135,14 +129,6 @@ define(`selinux_set_boolean',`
 	auditallow $1 security_t:security setbool;
 ')

-define(`selinux_set_boolean_depend',`
-	type security_t;
-
-	class dir { read search getattr };
-	class file { getattr read write };
-	class security setbool;
-')
-
 ########################################
 ## <interface name="selinux_set_parameters">
 ##	<description>
@ -154,7 +140,13 @@ define(`selinux_set_boolean_depend',`
 ## </interface>
 #
 define(`selinux_set_parameters',`
-	gen_require(`$0'_depend)
+	gen_require(`
+		type security_t;
+		attribute can_setsecparam;
+		class dir { read search getattr };
+		class file { getattr read write };
+		class security setsecparam;
+	')

 	allow $1 security_t:dir { read search getattr };
 	allow $1 security_t:file { getattr read write };
@ -163,16 +155,6 @@ define(`selinux_set_parameters',`
 	typeattribute $1 can_setsecparam;
 ')

-define(`selinux_set_parameters_depend',`
-	type security_t;
-
-	attribute can_setsecparam;
-
-	class dir { read search getattr };
-	class file { getattr read write };
-	class security setsecparam;
-')
-
 ########################################
 ## <interface name="selinux_validate_context">
 ##	<description>
@ -184,21 +166,18 @@ define(`selinux_set_parameters_depend',`
 ## </interface>
 #
 define(`selinux_validate_context',`
-	gen_require(`$0'_depend)
+	gen_require(`
+		type security_t;
+		class dir { read search getattr };
+		class file { getattr read write };
+		class security check_context;
+	')

 	allow $1 security_t:dir { read search getattr };
 	allow $1 security_t:file { getattr read write };
 	allow $1 security_t:security check_context;
 ')

-define(`selinux_validate_context_depend',`
-	type security_t;
-
-	class dir { read search getattr };
-	class file { getattr read write };
-	class security check_context;
-')
-
 ########################################
 ## <interface name="selinux_compute_access_vector">
 ##	<description>
@ -210,21 +189,18 @@ define(`selinux_validate_context_depend',`
 ## </interface>
 #
 define(`selinux_compute_access_vector',`
-	gen_require(`$0'_depend)
+	gen_require(`
+		type security_t;
+		class dir { read search getattr };
+		class file { getattr read write };
+		class security compute_av;
+	')

 	allow $1 security_t:dir { read search getattr };
 	allow $1 security_t:file { getattr read write };
 	allow $1 security_t:security compute_av;
 ')

-define(`selinux_compute_access_vector_depend',`
-	type security_t;
-
-	class dir { read search getattr };
-	class file { getattr read write };
-	class security compute_av;
-')
-
 ########################################
 ## <interface name="selinux_compute_create_context">
 ##	<description>
@ -236,21 +212,18 @@ define(`selinux_compute_access_vector_depend',`
 ## </interface>
 #
 define(`selinux_compute_create_context',`
-	gen_require(`$0'_depend)
+	gen_require(`
+		type security_t;
+		class dir { read search getattr };
+		class file { getattr read write };
+		class security compute_create;
+	')

 	allow $1 security_t:dir { read search getattr };
 	allow $1 security_t:file { getattr read write };
 	allow $1 security_t:security compute_create;
 ')

-define(`selinux_compute_create_context_depend',`
-	type security_t;
-
-	class dir { read search getattr };
-	class file { getattr read write };
-	class security compute_create;
-')
-
 ########################################
 ## <interface name="selinux_compute_relabel_context">
 ##	<description>
@ -262,21 +235,18 @@ define(`selinux_compute_create_context_depend',`
 ## </interface>
 #
 define(`selinux_compute_relabel_context',`
-	gen_require(`$0'_depend)
+	gen_require(`
+		type security_t;
+		class dir { read search getattr };
+		class file { getattr read write };
+		class security compute_relabel;
+	')

 	allow $1 security_t:dir { read search getattr };
 	allow $1 security_t:file { getattr read write };
 	allow $1 security_t:security compute_relabel;
 ')

-define(`selinux_compute_relabel_context_depend',`
-	type security_t;
-
-	class dir { read search getattr };
-	class file { getattr read write };
-	class security compute_relabel;
-')
-
 ########################################
 ## <interface name="selinux_compute_user_contexts">
 ##	<description>
@ -288,19 +258,16 @@ define(`selinux_compute_relabel_context_depend',`
 ## </interface>
 #
 define(`selinux_compute_user_contexts',`
-	gen_require(`$0'_depend)
+	gen_require(`
+		type security_t;
+		class dir { read search getattr };
+		class file { getattr read write };
+		class security compute_user;
+	')

 	allow $1 security_t:dir { read search getattr };
 	allow $1 security_t:file { getattr read write };
 	allow $1 security_t:security compute_user;
 ')

-define(`selinux_compute_user_contexts_depend',`
-	type security_t;
-
-	class dir { read search getattr };
-	class file { getattr read write };
-	class security compute_user;
-')
-
 ## </module>
--- a/refpolicy/policy/modules/system/authlogin.if
+++ b/refpolicy/policy/modules/system/authlogin.if
@ -8,7 +8,17 @@
 # authlogin_per_userdomain_template(userdomain_prefix)
 #
 define(`authlogin_per_userdomain_template',`
-	gen_require(`$0'_depend)
+	gen_require(`
+		attribute can_read_shadow_passwords;
+		type chkpwd_exec_t, system_chkpwd_t, shadow_t;
+		class file rx_file_perms;
+		class process { getattr transition sigchld };
+		class capability setuid;
+		class unix_stream_socket { create read getattr write setattr append bind connect getopt setopt shutdown }; 
+		class unix_dgram_socket { create read getattr write setattr append bind connect getopt setopt shutdown };
+		class fd use;
+		class fifo_file rw_file_perms;
+	')

 	type $1_chkpwd_t, can_read_shadow_passwords; # , nscd_client_domain;
 	domain_type($1_chkpwd_t)
@ -78,20 +88,6 @@ define(`authlogin_per_userdomain_template',`

 ') dnl end authlogin_per_userdomain_template

-define(`authlogin_per_userdomain_template_depend',`
-	attribute can_read_shadow_passwords;
-
-	type chkpwd_exec_t, system_chkpwd_t, shadow_t;
-
-	class file rx_file_perms;
-	class process { getattr transition sigchld };
-	class capability setuid;
-	class unix_stream_socket { create read getattr write setattr append bind connect getopt setopt shutdown }; 
-	class unix_dgram_socket { create read getattr write setattr append bind connect getopt setopt shutdown };
-	class fd use;
-	class fifo_file rw_file_perms;
-')
-
 ########################################
 ## <interface name="auth_login_entry_type">
 ##	<description>
--- a/refpolicy/policy/modules/system/files.if
+++ b/refpolicy/policy/modules/system/files.if
--- a/refpolicy/policy/modules/system/userdomain.if
+++ b/refpolicy/policy/modules/system/userdomain.if
@ -859,15 +859,13 @@ define(`userdom_spec_domtrans_unpriv_users',`
 ## </interface>
 #
 define(`userdom_shell_domtrans_sysadm',`
-	gen_require(`$0'_depend)
+	gen_require(`
+		type sysadm_t;
+	')

 	corecmd_domtrans_shell($1,sysadm_t)
 ')

-define(`userdom_shell_domtrans_sysadm_depend',`
-	type sysadm_t;
-')
-
 ########################################
 ## <interface name="userdom_use_sysadm_tty">
 ##	<description>