finalize desc -> summary xml change

refpolicy/doc/policy.dtd

@@ -19,7 +19,7 @@
       name CDATA #REQUIRED
       dftval CDATA #REQUIRED>
 <!ELEMENT summary (#PCDATA)>
-<!ELEMENT interface (summary?,desc?,secdesc?,param+,infoflow?)>
+<!ELEMENT interface (summary,desc?,secdesc?,param+,infoflow?)>
 <!ATTLIST interface name CDATA #REQUIRED>
 <!ELEMENT template (summary,desc?,secdesc?,param+)>
 <!ATTLIST template name CDATA #REQUIRED>

refpolicy/policy/modules/admin/usermanage.if

@@ -1,9 +1,9 @@
 ## <summary>Policy for managing user accounts.</summary>
 
 ########################################
-## <desc>
+## <summary>
 ##	Execute chfn in the chfn domain.
-## </desc>
+## </summary>
 ## <param name="domain">
 ##	The type of the process performing this action.
 ## </param>
@@ -27,10 +27,10 @@ interface(`usermanage_domtrans_chfn',`
 ')
 
 ########################################
-## <desc>
+## <summary>
 ##	Execute chfn in the chfn domain, and
 ##	allow the specified role the chfn domain.
-## </desc>
+## </summary>
 ## <param name="domain">
 ##	The type of the process performing this action.
 ## </param>
@@ -53,9 +53,9 @@ interface(`usermanage_run_chfn',`
 ')
 
 ########################################
-## <desc>
+## <summary>
 ##	Execute groupadd in the groupadd domain.
-## </desc>
+## </summary>
 ## <param name="domain">
 ##	The type of the process performing this action.
 ## </param>
@@ -79,10 +79,10 @@ interface(`usermanage_domtrans_groupadd',`
 ')
 
 ########################################
-## <desc>
+## <summary>
 ##	Execute groupadd in the groupadd domain, and
 ##	allow the specified role the groupadd domain.
-## </desc>
+## </summary>
 ## <param name="domain">
 ##	The type of the process performing this action.
 ## </param>
@@ -105,9 +105,9 @@ interface(`usermanage_run_groupadd',`
 ')
 
 ########################################
-## <desc>
+## <summary>
 ##	Execute passwd in the passwd domain.
-## </desc>
+## </summary>
 ## <param name="domain">
 ##	The type of the process performing this action.
 ## </param>
@@ -131,10 +131,10 @@ interface(`usermanage_domtrans_passwd',`
 ')
 
 ########################################
-## <desc>
+## <summary>
 ##	Execute passwd in the passwd domain, and
 ##	allow the specified role the passwd domain.
-## </desc>
+## </summary>
 ## <param name="domain">
 ##	The type of the process performing this action.
 ## </param>
@@ -157,9 +157,9 @@ interface(`usermanage_run_passwd',`
 ')
 
 ########################################
-## <desc>
+## <summary>
 ##	Execute useradd in the useradd domain.
-## </desc>
+## </summary>
 ## <param name="domain">
 ##	The type of the process performing this action.
 ## </param>
@@ -183,10 +183,10 @@ interface(`usermanage_domtrans_useradd',`
 ')
 
 ########################################
-## <desc>
+## <summary>
 ##	Execute useradd in the useradd domain, and
 ##	allow the specified role the useradd domain.
-## </desc>
+## </summary>
 ## <param name="domain">
 ##	The type of the process performing this action.
 ## </param>

refpolicy/policy/modules/kernel/terminal.if

@@ -1,9 +1,9 @@
 ## <summary>Policy for terminals.</summary>
 
 ########################################
-## <desc>
+## <summary>
 ##	Transform specified type into a pty type.
-## </desc>
+## </summary>
 ## <param name="pty_type">
 ##	An object type that will applied to a pty.
 ## </param>
@@ -20,11 +20,11 @@ interface(`term_pty',`
 ')
 
 ########################################
-## <desc>
+## <summary>
 ##	Transform specified type into an user
 ##	pty type. This allows it to be relabeled via
 ##	type change by login programs such as ssh.
-## </desc>
+## </summary>
 ## <param name="userdomain">
 ##	The type of the user domain associated with
 ##	this pty.
@@ -43,10 +43,10 @@ interface(`term_user_pty',`
 ')
 
 ########################################
-## <desc>
+## <summary>
 ##	Transform specified type into a pty type
 ##	used by login programs, such as sshd.
-## </desc>
+## </summary>
 ## <param name="pty_type">
 ##	An object type that will applied to a pty.
 ## </param>
@@ -61,9 +61,9 @@ interface(`term_login_pty',`
 ')
 
 ########################################
-## <desc>
+## <summary>
 ##	Transform specified type into a tty type.
-## </desc>
+## </summary>
 ## <param name="tty_type">
 ##	An object type that will applied to a tty.
 ## </param>
@@ -89,9 +89,9 @@ interface(`term_tty',`
 ')
 
 ########################################
-## <desc>
+## <summary>
 ##	Create a pty in the /dev/pts directory.
-## </desc>
+## </summary>
 ## <param name="domain">
 ##	The type of the process creating the pty.
 ## </param>
@@ -117,10 +117,10 @@ interface(`term_create_pty',`
 ')
 
 ########################################
-## <desc>
+## <summary>
 ##	Read and write the console, all
 ##	ttys and all ptys.
-## </desc>
+## </summary>
 ## <param name="domain">
 ##	The type of the process performing this action.
 ## </param>
@@ -139,9 +139,9 @@ interface(`term_use_all_terms',`
 ')
 
 ########################################
-## <desc>
+## <summary>
 ##	Write to the console.
-## </desc>
+## </summary>
 ## <param name="domain">
 ##	The type of the process performing this action.
 ## </param>
@@ -157,9 +157,9 @@ interface(`term_write_console',`
 ')
 
 ########################################
-## <desc>
+## <summary>
 ##	Read from and write to the console.
-## </desc>
+## </summary>
 ## <param name="domain">
 ##	The type of the process performing this action.
 ## </param>
@@ -175,10 +175,10 @@ interface(`term_use_console',`
 ')
 
 ########################################
-## <desc>
+## <summary>
 ##	Do not audit attemtps to read from
 ##	or write to the console.
-## </desc>
+## </summary>
 ## <param name="domain">
 ##	The type of the process performing this action.
 ## </param>
@@ -193,10 +193,10 @@ interface(`term_dontaudit_use_console',`
 ')
 
 ########################################
-## <desc>
+## <summary>
 ##	Set the attributes of the console
 ##	device node.
-## </desc>
+## </summary>
 ## <param name="domain">
 ##	The type of the process performing this action.
 ## </param>
@@ -212,10 +212,10 @@ interface(`term_setattr_console',`
 ')
 
 ########################################
-## <desc>
+## <summary>
 ##	Read the /dev/pts directory to
 ##	list all ptys.
-## </desc>
+## </summary>
 ## <param name="domain">
 ##	The type of the process performing this action.
 ## </param>
@@ -231,10 +231,10 @@ interface(`term_list_ptys',`
 ')
 
 ########################################
-## <desc>
+## <summary>
 ##	Do not audit attempts to read the
 ##	/dev/pts directory to.
-## </desc>
+## </summary>
 ## <param name="domain">
 ##	The type of the process to not audit.
 ## </param>
@@ -249,11 +249,11 @@ interface(`term_dontaudit_list_ptys',`
 ')
 
 ########################################
-## <desc>
+## <summary>
 ##	Read and write the generic pty
 ##	type.  This is generally only used in
 ##	the targeted policy.
-## </desc>
+## </summary>
 ## <param name="domain">
 ##	The type of the process performing this action.
 ## </param>
@@ -269,11 +269,11 @@ interface(`term_use_generic_pty',`
 ')
 
 ########################################
-## <desc>
+## <summary>
 ##	Dot not audit attempts to read and
 ##	write the generic pty type.  This is
 ##	generally only used in the targeted policy.
-## </desc>
+## </summary>
 ## <param name="domain">
 ##	The type of the process to not audit.
 ## </param>
@@ -288,10 +288,10 @@ interface(`term_dontaudit_use_generic_pty',`
 ')
 
 ########################################
-## <desc>
+## <summary>
 ##	Read and write the controlling
 ##	terminal (/dev/tty).
-## </desc>
+## </summary>
 ## <param name="domain">
 ##	The type of the process performing this action.
 ## </param>
@@ -307,10 +307,10 @@ interface(`term_use_controlling_term',`
 ')
 
 ########################################
-## <desc>
+## <summary>
 ##	Do not audit attempts to read and
 ##	write the pty multiplexor (/dev/ptmx).
-## </desc>
+## </summary>
 ## <param name="domain">
 ##	The type of the process to not audit.
 ## </param>
@@ -325,10 +325,10 @@ interface(`term_dontaudit_use_ptmx',`
 ')
 
 ########################################
-## <desc>
+## <summary>
 ##	Get the attributes of all user
 ##	pty device nodes.
-## </desc>
+## </summary>
 ## <param name="domain">
 ##	The type of the process performing this action.
 ## </param>
@@ -346,11 +346,11 @@ interface(`term_getattr_all_user_ptys',`
 ')
 
 ########################################
-## <desc>
+## <summary>
 ##	Do not audit attempts to get the
 ##	attributes of any user pty
 ##	device nodes.
-## </desc>
+## </summary>
 ## <param name="domain">
 ##	The type of the process performing this action.
 ## </param>
@@ -405,9 +405,9 @@ interface(`term_relabelto_all_user_ptys',`
 ')
 
 ########################################
-## <desc>
+## <summary>
 ##	Read and write all user ptys.
-## </desc>
+## </summary>
 ## <param name="domain">
 ##	The type of the process performing this action.
 ## </param>
@@ -425,10 +425,10 @@ interface(`term_use_all_user_ptys',`
 ')
 
 ########################################
-## <desc>
+## <summary>
 ##	Do not audit attempts to read any
 ##	user ptys.
-## </desc>
+## </summary>
 ## <param name="domain">
 ##	The type of the process to not audit.
 ## </param>
@@ -443,10 +443,10 @@ interface(`term_dontaudit_use_all_user_ptys',`
 ')
 
 ########################################
-## <desc>
+## <summary>
 ##	Relabel from and to all user
 ##	user pty device nodes.
-## </desc>
+## </summary>
 ## <param name="domain">
 ##	The type of the process performing this action.
 ## </param>
@@ -464,10 +464,10 @@ interface(`term_relabel_all_user_ptys',`
 ')
 
 ########################################
-## <desc>
+## <summary>
 ##	Get the attributes of all unallocated
 ##	tty device nodes.
-## </desc>
+## </summary>
 ## <param name="domain">
 ##	The type of the process performing this action.
 ## </param>
@@ -483,10 +483,10 @@ interface(`term_getattr_unallocated_ttys',`
 ')
 
 ########################################
-## <desc>
+## <summary>
 ##	Do not audit attempts to get the attributes
 ##	of all unallocated tty device nodes.
-## </desc>
+## </summary>
 ## <param name="domain">
 ##	The type of the process performing this action.
 ## </param>
@@ -501,10 +501,10 @@ interface(`term_dontaudit_getattr_unallocated_ttys',`
 ')
 
 ########################################
-## <desc>
+## <summary>
 ##	Set the attributes of all unallocated
 ##	tty device nodes.
-## </desc>
+## </summary>
 ## <param name="domain">
 ##	The type of the process performing this action.
 ## </param>
@@ -520,10 +520,10 @@ interface(`term_setattr_unallocated_ttys',`
 ')
 
 ########################################
-## <desc>
+## <summary>
 ##	Relabel from and to the unallocated
 ##	tty type.
-## </desc>
+## </summary>
 ## <param name="domain">
 ##	The type of the process performing this action.
 ## </param>
@@ -539,10 +539,10 @@ interface(`term_relabel_unallocated_ttys',`
 ')
 
 ########################################
-## <desc>
+## <summary>
 ##	Relabel from all user tty types to
 ##	the unallocated tty type.
-## </desc>
+## </summary>
 ## <param name="domain">
 ##	The type of the process performing this action.
 ## </param>
@@ -560,9 +560,9 @@ interface(`term_reset_tty_labels',`
 ')
 
 ########################################
-## <desc>
+## <summary>
 ##	Write to unallocated ttys.
-## </desc>
+## </summary>
 ## <param name="domain">
 ##	The type of the process performing this action.
 ## </param>
@@ -578,9 +578,9 @@ interface(`term_write_unallocated_ttys',`
 ')
 
 ########################################
-## <desc>
+## <summary>
 ##	Read and write unallocated ttys.
-## </desc>
+## </summary>
 ## <param name="domain">
 ##	The type of the process performing this action.
 ## </param>
@@ -596,10 +596,10 @@ interface(`term_use_unallocated_tty',`
 ')
 
 ########################################
-## <desc>
+## <summary>
 ##	Do not audit attempts to read or
 ##	write unallocated ttys.
-## </desc>
+## </summary>
 ## <param name="domain">
 ##	The type of the process to not audit.
 ## </param>
@@ -614,10 +614,10 @@ interface(`term_dontaudit_use_unallocated_tty',`
 ')
 
 ########################################
-## <desc>
+## <summary>
 ##	Get the attributes of all user tty
 ##	device nodes.
-## </desc>
+## </summary>
 ## <param name="domain">
 ##	The type of the process performing this action.
 ## </param>
@@ -633,11 +633,11 @@ interface(`term_getattr_all_user_ttys',`
 ')
 
 ########################################
-## <desc>
+## <summary>
 ##	Do not audit attempts to get the
 ##	attributes of any user tty
 ##	device nodes.
-## </desc>
+## </summary>
 ## <param name="domain">
 ##	The type of the process performing this action.
 ## </param>
@@ -653,10 +653,10 @@ interface(`term_dontaudit_getattr_all_user_ttys',`
 ')
 
 ########################################
-## <desc>
+## <summary>
 ##	Set the attributes of all user tty
 ##	device nodes.
-## </desc>
+## </summary>
 ## <param name="domain">
 ##	The type of the process performing this action.
 ## </param>
@@ -672,10 +672,10 @@ interface(`term_setattr_all_user_ttys',`
 ')
 
 ########################################
-## <desc>
+## <summary>
 ##	Relabel from and to all user
 ##	user tty device nodes.
-## </desc>
+## </summary>
 ## <param name="domain">
 ##	The type of the process performing this action.
 ## </param>
@@ -691,9 +691,9 @@ interface(`term_relabel_all_user_ttys',`
 ')
 
 ########################################
-## <desc>
+## <summary>
 ##	Write to all user ttys.
-## </desc>
+## </summary>
 ## <param name="domain">
 ##	The type of the process performing this action.
 ## </param>
@@ -709,9 +709,9 @@ interface(`term_write_all_user_ttys',`
 ')
 
 ########################################
-## <desc>
+## <summary>
 ##	Read and write all user to all user ttys.
-## </desc>
+## </summary>
 ## <param name="domain">
 ##	The type of the process performing this action.
 ## </param>
@@ -727,10 +727,10 @@ interface(`term_use_all_user_ttys',`
 ')
 
 ########################################
-## <desc>
+## <summary>
 ##	Do not audit attempts to read or write
 ##	any user ttys.
-## </desc>
+## </summary>
 ## <param name="domain">
 ##	The type of the process performing this action.
 ## </param>

refpolicy/policy/modules/services/mta.if

@@ -228,9 +228,9 @@ interface(`mta_exec',`
 ')
 
 ########################################
-## <desc>
+## <summary>
 ##	Read mail address aliases.
-## </desc>
+## </summary>
 ## <param name="domain">
 ##	The type of the process performing this action.
 ## </param>

refpolicy/policy/modules/services/remotelogin.if

@@ -1,9 +1,9 @@
 ## <summary>Policy for rshd, rlogind, and telnetd.</summary>
 
 ########################################
-## <desc>
+## <summary>
 ##	Domain transition to the remote login domain.
-## </desc>
+## </summary>
 ## <param name="domain">
 ##	The type of the process performing this action.
 ## </param>

refpolicy/policy/modules/services/sendmail.if

@@ -1,9 +1,9 @@
 ## <summary>Policy for sendmail.</summary>
 
 ########################################
-## <desc>
+## <summary>
 ##	Domain transition to sendmail.
-## </desc>
+## </summary>
 ## <param name="domain">
 ##	The type of the process performing this action.
 ## </param>

refpolicy/policy/modules/system/authlogin.if

@@ -114,9 +114,9 @@ template(`authlogin_per_userdomain_template',`
 ')
 
 ########################################
-## <desc>
+## <summary>
 ##	Use the login program as an entry point program.
-## </desc>
+## </summary>
 ## <param name="domain">
 ##	The type of process using the login program as entry point.
 ## </param>
@@ -130,9 +130,9 @@ interface(`auth_login_entry_type',`
 ')
 
 ########################################
-## <desc>
+## <summary>
 ##	Execute a login_program in the target domain.
-## </desc>
+## </summary>
 ## <param name="domain">
 ##	The type of the process performing this action.
 ## </param>
@@ -158,9 +158,9 @@ interface(`auth_domtrans_login_program',`
 ')
 
 ########################################
-## <desc>
+## <summary>
 ##	Run unix_chkpwd to check a password.
-## </desc>
+## </summary>
 ## <param name="domain">
 ##	The type of the process performing this action.
 ## </param>
@@ -243,9 +243,9 @@ interface(`auth_dontaudit_getattr_shadow',`
 ')
 
 ########################################
-## <desc>
+## <summary>
 ##	Read the shadow passwords file (/etc/shadow)
-## </desc>
+## </summary>
 ## <param name="domain">
 ##	The type of the process performing this action.
 ## </param>
@@ -263,10 +263,10 @@ interface(`auth_read_shadow',`
 ')
 
 ########################################
-## <desc>
+## <summary>
 ##	Do not audit attempts to read the shadow
 ##	password file (/etc/shadow).
-## </desc>
+## </summary>
 ## <param name="domain">
 ##	The type of the domain to not audit.
 ## </param>
@@ -281,9 +281,9 @@ interface(`auth_dontaudit_read_shadow',`
 ')
 
 ########################################
-## <desc>
+## <summary>
 ##	Read and write the shadow password file (/etc/shadow).
-## </desc>
+## </summary>
 ## <param name="domain">
 ##	The type of the process performing this action.
 ## </param>
@@ -362,9 +362,9 @@ interface(`auth_rw_lastlog',`
 ')
 
 ########################################
-## <desc>
+## <summary>
 ##	Execute pam programs in the pam domain.
-## </desc>
+## </summary>
 ## <param name="domain">
 ##	The type of the process performing this action.
 ## </param>
@@ -386,9 +386,9 @@ interface(`auth_domtrans_pam',`
 ')
 
 ########################################
-## <desc>
+## <summary>
 ##	Execute pam programs in the PAM domain.
-## </desc>
+## </summary>
 ## <param name="domain">
 ##	The type of the process performing this action.
 ## </param>
@@ -411,9 +411,9 @@ interface(`auth_run_pam',`
 ')
 
 ########################################
-## <desc>
+## <summary>
 ##	Execute the pam program.
-## </desc>
+## </summary>
 ## <param name="domain">
 ##	The type of the process performing this action.
 ## </param>
@@ -444,9 +444,9 @@ interface(`auth_read_pam_pid',`
 ')
 
 ########################################
-## <desc>
+## <summary>
 ##	Delete pam PID files.
-## </desc>
+## </summary>
 ## <param name="domain">
 ##	The type of the process performing this action.
 ## </param>
@@ -536,10 +536,10 @@ interface(`auth_manage_pam_console_data',`
 ')
 
 ########################################
-## <desc>
+## <summary>
 ##	Relabel all files on the filesystem, except
 ##	the shadow passwords and listed exceptions.
-## </desc>
+## </summary>
 ## <param name="domain">
 ##	The type of the domain perfoming this action.
 ## </param>
@@ -558,10 +558,10 @@ interface(`auth_relabel_all_files_except_shadow',`
 ')
 
 ########################################
-## <desc>
+## <summary>
 ##	Manage all files on the filesystem, except
 ##	the shadow passwords and listed exceptions.
-## </desc>
+## </summary>
 ## <param name="domain">
 ##	The type of the domain perfoming this action.
 ## </param>
@@ -580,9 +580,9 @@ interface(`auth_manage_all_files_except_shadow',`
 ')
 
 ########################################
-## <desc>
+## <summary>
 ##	Execute utempter programs in the utempter domain.
-## </desc>
+## </summary>
 ## <param name="domain">
 ##	The type of the process performing this action.
 ## </param>
@@ -604,9 +604,9 @@ interface(`auth_domtrans_utempter',`
 ')
 
 ########################################
-## <desc>
+## <summary>
 ##	Execute utempter programs in the utempter domain.
-## </desc>
+## </summary>
 ## <param name="domain">
 ##	The type of the process performing this action.
 ## </param>

refpolicy/policy/modules/system/clock.if

@@ -1,9 +1,9 @@
 ## <summary>Policy for reading and setting the hardware clock.</summary>
 
 ########################################
-## <desc>
+## <summary>
 ##	Execute hwclock in the clock domain.
-## </desc>
+## </summary>
 ## <param name="domain">
 ##	The type of the process performing this action.
 ## </param>
@@ -24,10 +24,10 @@ interface(`clock_domtrans',`
 ')
 
 ########################################
-## <desc>
+## <summary>
 ##	Execute hwclock in the clock domain, and
 ##	allow the specified role the hwclock domain.
-## </desc>
+## </summary>
 ## <param name="domain">
 ##	The type of the process performing this action.
 ## </param>
@@ -50,9 +50,9 @@ interface(`clock_run',`
 ')
 
 ########################################
-##     <desc>
+##     <summary>
 ##             Execute hwclock in the caller domain.
-##     </desc>
+##     </summary>
 ##     <param name="domain">
 ##             The type of the process performing this action.
 ##     </param>
@@ -66,9 +66,9 @@ interface(`clock_exec',`
 ')
 
 ########################################
-##     <desc>
+##     <summary>
 ##             Allow executing domain to modify clock drift
-##     </desc>
+##     </summary>
 ##     <param name="domain">
 ##             The type of the process performing this action.
 ##     </param>

refpolicy/policy/modules/system/corecommands.if

@@ -3,6 +3,7 @@
 ## in /bin, /sbin, /usr/bin, and /usr/sbin.
 ## </summary>
 
+########################################
 ## <summary>
 ##	Make the shell an entrypoint for the specified domain.
 ## </summary>
@@ -374,6 +375,11 @@ interface(`corecmd_exec_ls',`
 ')
 
 ########################################
+## <summary>
+##	Execute a shell in the target domain.  This
+##	is an explicit transition, requiring the
+##	caller to use setexeccon().
+## </summary>
 ## <desc>
 ##	<p>
 ##	Execute a shell in the target domain.  This

refpolicy/policy/modules/system/domain.if

@@ -107,10 +107,10 @@ interface(`domain_dyntrans_type',`
 ')
 
 ########################################
-## <desc>
+## <summary>
 ##	Makes caller an exception to the constraint preventing
 ##	changing of user identity.
-## </desc>
+## </summary>
 ## <param name="domain">
 ##	The process type to make an exception to the constraint.
 ## </param>
@@ -124,10 +124,10 @@ interface(`domain_subj_id_change_exempt',`
 ')
 
 ########################################
-## <desc>
+## <summary>
 ##	Makes caller an exception to the constraint preventing
 ##	changing of role.
-## </desc>
+## </summary>
 ## <param name="domain">
 ##	The process type to make an exception to the constraint.
 ## </param>
@@ -141,10 +141,10 @@ interface(`domain_role_change_exempt',`
 ')
 
 ########################################
-## <desc>
+## <summary>
 ##	Makes caller an exception to the constraint preventing
 ##	changing the user identity in object contexts.
-## </desc>
+## </summary>
 ## <param name="domain">
 ##	The process type to make an exception to the constraint.
 ## </param>
@@ -216,9 +216,9 @@ interface(`domain_setpriority_all_domains',`
 ')
 
 ########################################
-## <desc>
+## <summary>
 ##	Send general signals to all domains.
-## </desc>
+## </summary>
 ## <param name="domain">
 ##	The type of the process performing this action.
 ## </param>
@@ -233,9 +233,9 @@ interface(`domain_signal_all_domains',`
 ')
 
 ########################################
-## <desc>
+## <summary>
 ##	Send a null signal to all domains.
-## </desc>
+## </summary>
 ## <param name="domain">
 ##	The type of the process performing this action.
 ## </param>
@@ -250,9 +250,9 @@ interface(`domain_signull_all_domains',`
 ')
 
 ########################################
-## <desc>
+## <summary>
 ##	Send a stop signal to all domains.
-## </desc>
+## </summary>
 ## <param name="domain">
 ##	The type of the process performing this action.
 ## </param>
@@ -267,9 +267,9 @@ interface(`domain_sigstop_all_domains',`
 ')
 
 ########################################
-## <desc>
+## <summary>
 ##	Send a child terminated signal to all domains.
-## </desc>
+## </summary>
 ## <param name="domain">
 ##	The type of the process performing this action.
 ## </param>
@@ -284,9 +284,9 @@ interface(`domain_sigchld_all_domains',`
 ')
 
 ########################################
-## <desc>
+## <summary>
 ##	Send a kill signal to all domains.
-## </desc>
+## </summary>
 ## <param name="domain">
 ##	The type of the process performing this action.
 ## </param>
@@ -362,10 +362,10 @@ interface(`domain_dontaudit_read_all_domains_state',`
 ')
 
 ########################################
-## <desc>
+## <summary>
 ##	Do not audit attempts to read the process state
 ##	directories of all domains.
-## </desc>
+## </summary>
 ## <param name="domain">
 ##	The type of the process performing this action.
 ## </param>
@@ -541,10 +541,10 @@ interface(`domain_dontaudit_rw_all_key_sockets',`
 ')
 
 ########################################
-## <desc>
+## <summary>
 ##	Do not audit attempts to get the attributes
 ##	of all domains unix datagram sockets.
-## </desc>
+## </summary>
 ## <param name="domain">
 ##	The type of the process performing this action.
 ## </param>
@@ -559,10 +559,10 @@ interface(`domain_dontaudit_getattr_all_unix_dgram_sockets',`
 ')
 
 ########################################
-## <desc>
+## <summary>
 ##	Do not audit attempts to get the attributes
 ##	of all domains unnamed pipes.
-## </desc>
+## </summary>
 ## <param name="domain">
 ##	The type of the process performing this action.
 ## </param>

refpolicy/policy/modules/system/fstools.if

@@ -1,9 +1,9 @@
 ## <summary>Tools for filesystem management, such as mkfs and fsck.</summary>
 
 ########################################
-## <desc>
+## <summary>
 ##	Execute fs tools in the fstools domain.
-## </desc>
+## </summary>
 ## <param name="domain">
 ##	The type of the process performing this action.
 ## </param>
@@ -25,10 +25,10 @@ interface(`fstools_domtrans',`
 ')
 
 ########################################
-## <desc>
+## <summary>
 ##	Execute fs tools in the fstools domain, and
 ##	allow the specified role the fs tools domain.
-## </desc>
+## </summary>
 ## <param name="domain">
 ##	The type of the process performing this action.
 ## </param>
@@ -51,12 +51,12 @@ interface(`fstools_run',`
 ')
 
 ########################################
-##     <desc>
+## <summary>
-##             Execute fsadm in the caller domain.
+##	Execute fsadm in the caller domain.
-##     </desc>
+## </summary>
-##     <param name="domain">
+## <param name="domain">
-##             The type of the process performing this action.
+##	The type of the process performing this action.
-##     </param>
+## </param>
 #
 interface(`fstools_exec',`
 	gen_require(`

refpolicy/policy/modules/system/getty.if

@@ -1,12 +1,12 @@
 ## <summary>Policy for getty.</summary>
 
 ########################################
-##     <desc>
+## <summary>
-##             Execute gettys in the getty domain.
+##	Execute gettys in the getty domain.
-##     </desc>
+## </summary>
-##     <param name="domain">
+## <param name="domain">
-##             The type of the process performing this action.
+##	The type of the process performing this action.
-##     </param>
+## </param>
 #
 interface(`getty_domtrans',`
 	gen_require(`
@@ -26,12 +26,12 @@ interface(`getty_domtrans',`
 ')
 
 ########################################
-##     <desc>
+## <summary>
-##             Allow process to read getty log file.
+##	Allow process to read getty log file.
-##     </desc>
+## </summary>
-##     <param name="domain">
+## <param name="domain">
-##             The type of the process performing this action.
+##	The type of the process performing this action.
-##     </param>
+## </param>
 #
 interface(`getty_read_log',`
 	gen_require(`
@@ -44,12 +44,12 @@ interface(`getty_read_log',`
 ')
 
 ########################################
-##     <desc>
+## <summary>
-##             Allow process to read getty config file.
+##	Allow process to read getty config file.
-##     </desc>
+## </summary>
-##     <param name="domain">
+## <param name="domain">
-##             The type of the process performing this action.
+##	The type of the process performing this action.
-##     </param>
+## </param>
 #
 interface(`getty_read_config',`
 	gen_require(`
@@ -62,12 +62,12 @@ interface(`getty_read_config',`
 ')
 
 ########################################
-##     <desc>
+## <summary>
-##             Allow process to edit getty config file.
+##	Allow process to edit getty config file.
-##     </desc>
+## </summary>
-##     <param name="domain">
+## <param name="domain">
-##             The type of the process performing this action.
+##	The type of the process performing this action.
-##     </param>
+## </param>
 #
 interface(`getty_modify_config',`
 	gen_require(`
@@ -78,4 +78,3 @@ interface(`getty_modify_config',`
 	files_search_etc($1)
 	allow $1 getty_etc_t:file rw_file_perms;
 ')
-

refpolicy/policy/modules/system/init.if

@@ -298,9 +298,9 @@ interface(`init_domtrans_script',`
 ')
 
 ########################################
-## <desc>
+## <summary>
 ##	Start and stop daemon programs directly.
-## </desc>
+## </summary>
 ## <param name="domain">
 ##	The type of the process performing this action.
 ## </param>

refpolicy/policy/modules/system/iptables.if

@@ -1,9 +1,9 @@
 ## <summary>Policy for iptables.</summary>
 
 ########################################
-## <desc>
+## <summary>
 ##	Execute iptables in the iptables domain.
-## </desc>
+## </summary>
 ## <param name="domain">
 ##	The type of the process performing this action.
 ## </param>
@@ -26,10 +26,10 @@ interface(`iptables_domtrans',`
 ')
 
 ########################################
-## <desc>
+## <summary>
 ##	Execute iptables in the iptables domain, and
 ##	allow the specified role the iptables domain.
-## </desc>
+## </summary>
 ## <param name="domain">
 ##	The type of the process performing this action.
 ## </param>
@@ -52,9 +52,9 @@ interface(`iptables_run',`
 ')
 
 ########################################
-## <desc>
+## <summary>
 ##	Execute iptables in the caller domain.
-## </desc>
+## </summary>
 ## <param name="domain">
 ##	The type of the process performing this action.
 ## </param>

refpolicy/policy/modules/system/logging.if

@@ -84,11 +84,11 @@ interface(`logging_send_syslog_msg',`
 ')
 
 ########################################
-## <desc>
+## <summary>
 ##	Allows the domain to open a file in the
 ##	log directory, but does not allow the listing
 ##	of the contents of the log directory.
-## </desc>
+## </summary>
 ## <param name="domain">
 ##	The type of the process performing this action.
 ## </param>

refpolicy/policy/modules/system/lvm.if

@@ -1,9 +1,9 @@
 ## <summary>Policy for logical volume management programs.</summary>
 
 ########################################
-## <desc>
+## <summary>
 ##	Execute lvm programs in the lvm domain.
-## </desc>
+## </summary>
 ## <param name="domain">
 ##	The type of the process performing this action.
 ## </param>
@@ -26,9 +26,9 @@ interface(`lvm_domtrans',`
 ')
 
 ########################################
-## <desc>
+## <summary>
 ##	Execute lvm programs in the lvm domain.
-## </desc>
+## </summary>
 ## <param name="domain">
 ##	The type of the process performing this action.
 ## </param>
@@ -51,9 +51,9 @@ interface(`lvm_run',`
 ')
 
 ########################################
-## <desc>
+## <summary>
 ##	Read LVM configuration files.
-## </desc>
+## </summary>
 ## <param name="domain">
 ##	The type of the process performing this action.
 ## </param>

refpolicy/policy/modules/system/modutils.if

@@ -1,9 +1,9 @@
 ## <summary>Policy for kernel module utilities</summary>
 
 ########################################
-## <desc>
+## <summary>
 ##	Read the dependencies of kernel modules.
-## </desc>
+## </summary>
 ## <param name="domain">
 ##	The type of the process performing this action.
 ## </param>
@@ -19,10 +19,10 @@ interface(`modutils_read_mods_deps',`
 ')
 
 ########################################
-## <desc>
+## <summary>
 ##	Read the configuration options used when
 ##	loading modules.
-## </desc>
+## </summary>
 ## <param name="domain">
 ##	The type of the process performing this action.
 ## </param>
@@ -42,9 +42,9 @@ interface(`modutils_read_module_conf',`
 ')
 
 ########################################
-## <desc>
+## <summary>
 ##	Execute insmod in the insmod domain.
-## </desc>
+## </summary>
 ## <param name="domain">
 ##	The type of the process performing this action.
 ## </param>
@@ -67,12 +67,12 @@ interface(`modutils_domtrans_insmod',`
 ')
 
 ########################################
-## <desc>
+## <summary>
 ##	Execute insmod in the insmod domain, and
 ##	allow the specified role the insmod domain,
 ##	and use the caller's terminal.  Has a sigchld
 ##	backchannel.
-## </desc>
+## </summary>
 ## <param name="domain">
 ##	The type of the process performing this action.
 ## </param>
@@ -108,9 +108,9 @@ interface(`modutils_exec_insmod',`
 ')
 
 ########################################
-## <desc>
+## <summary>
 ##	Execute depmod in the depmod domain.
-## </desc>
+## </summary>
 ## <param name="domain">
 ##	The type of the process performing this action.
 ## </param>
@@ -133,9 +133,9 @@ interface(`modutils_domtrans_depmod',`
 ')
 
 ########################################
-## <desc>
+## <summary>
 ##	Execute depmod in the depmod domain.
-## </desc>
+## </summary>
 ## <param name="domain">
 ##	The type of the process performing this action.
 ## </param>
@@ -171,9 +171,9 @@ interface(`modutils_exec_depmod',`
 ')
 
 ########################################
-## <desc>
+## <summary>
 ##	Execute depmod in the depmod domain.
-## </desc>
+## </summary>
 ## <param name="domain">
 ##	The type of the process performing this action.
 ## </param>
@@ -196,9 +196,9 @@ interface(`modutils_domtrans_update_mods',`
 ')
 
 ########################################
-## <desc>
+## <summary>
 ##	Execute update_modules in the update_modules domain.
-## </desc>
+## </summary>
 ## <param name="domain">
 ##	The type of the process performing this action.
 ## </param>

refpolicy/policy/modules/system/mount.if

@@ -1,9 +1,9 @@
 ## <summary>Policy for mount.</summary>
 
 ########################################
-## <desc>
+## <summary>
 ##	Execute mount in the mount domain.
-## </desc>
+## </summary>
 ## <param name="domain">
 ##	The type of the process performing this action.
 ## </param>
@@ -25,11 +25,11 @@ interface(`mount_domtrans',`
 ')
 
 ########################################
-## <desc>
+## <summary>
 ##	Execute mount in the mount domain, and
 ##	allow the specified role the mount domain,
 ##	and use the caller's terminal.
-## </desc>
+## </summary>
 ## <param name="domain">
 ##	The type of the process performing this action.
 ## </param>
@@ -52,12 +52,12 @@ interface(`mount_run',`
 ')
 
 ########################################
-##     <desc>
+## <summary>
-##             Use file descriptors for mount.
+##	Use file descriptors for mount.
-##     </desc>
+## </summary>
-##     <param name="domain">
+## <param name="domain">
-##             The type of the process performing this action.
+##	The type of the process performing this action.
-##     </param>
+## </param>
 #
 interface(`mount_use_fd',`
 	gen_require(`
@@ -69,13 +69,13 @@ interface(`mount_use_fd',`
 ')
 
 ########################################
-##     <desc>
+## <summary>
-##             Allow the mount domain to send nfs requests for mounting
+##	Allow the mount domain to send nfs requests for mounting
-##             network drives
+##	network drives
-##     </desc>
+## </summary>
-##     <param name="domain">
+## <param name="domain">
-##             The type of the process performing this action.
+##	The type of the process performing this action.
-##     </param>
+## </param>
 #
 interface(`mount_send_nfs_client_request',`
 	gen_require(`

refpolicy/policy/modules/system/selinuxutil.if

@@ -1,9 +1,9 @@
 ## <summary>Policy for SELinux policy and userland applications.</summary>
 
 #######################################
-## <desc>
+## <summary>
 ##	Execute checkpolicy in the checkpolicy domain.
-## </desc>
+## </summary>
 ## <param name="domain">
 ##	The type of the process performing this action.
 ## </param>
@@ -27,12 +27,12 @@ interface(`seutil_domtrans_checkpol',`
 ')
 
 ########################################
-## <desc>
+## <summary>
 ##	Execute checkpolicy in the checkpolicy domain, and
 ##	allow the specified role the checkpolicy domain,
 ##	and use the caller's terminal.
 ##	Has a SIGCHLD signal backchannel.
-## </desc>
+## </summary>
 ## <param name="domain">
 ##	The type of the process performing this action.
 ## </param>
@@ -69,9 +69,9 @@ interface(`seutil_exec_checkpol',`
 ')
 
 #######################################
-## <desc>
+## <summary>
 ##	Execute load_policy in the load_policy domain.
-## </desc>
+## </summary>
 ## <param name="domain">
 ##	The type of the process performing this action.
 ## </param>
@@ -94,12 +94,12 @@ interface(`seutil_domtrans_loadpol',`
 ')
 
 ########################################
-## <desc>
+## <summary>
 ##	Execute load_policy in the load_policy domain, and
 ##	allow the specified role the load_policy domain,
 ##	and use the caller's terminal.
 ##	Has a SIGCHLD signal backchannel.
-## </desc>
+## </summary>
 ## <param name="domain">
 ##	The type of the process performing this action.
 ## </param>
@@ -149,9 +149,9 @@ interface(`seutil_read_loadpol',`
 ')
 
 #######################################
-## <desc>
+## <summary>
 ##	Execute newrole in the load_policy domain.
-## </desc>
+## </summary>
 ## <param name="domain">
 ##	The type of the process performing this action.
 ## </param>
@@ -175,11 +175,11 @@ interface(`seutil_domtrans_newrole',`
 ')
 
 ########################################
-## <desc>
+## <summary>
 ##	Execute newrole in the newrole domain, and
 ##	allow the specified role the newrole domain,
 ##	and use the caller's terminal.
-## </desc>
+## </summary>
 ## <param name="domain">
 ##	The type of the process performing this action.
 ## </param>
@@ -216,10 +216,10 @@ interface(`seutil_exec_newrole',`
 ')
 
 ########################################
-## <desc>
+## <summary>
 ##	Do not audit the caller attempts to send
 ##	a signal to newrole.
-## </desc>
+## </summary>
 ## <param name="domain">
 ##	The type of the process performing this action.
 ## </param>
@@ -260,9 +260,9 @@ interface(`seutil_use_newrole_fd',`
 ')
 
 #######################################
-## <desc>
+## <summary>
 ##	Execute restorecon in the restorecon domain.
-## </desc>
+## </summary>
 ## <param name="domain">
 ##	The type of the process performing this action.
 ## </param>
@@ -285,11 +285,11 @@ interface(`seutil_domtrans_restorecon',`
 ')
 
 ########################################
-## <desc>
+## <summary>
 ##	Execute restorecon in the restorecon domain, and
 ##	allow the specified role the restorecon domain,
 ##	and use the caller's terminal.
-## </desc>
+## </summary>
 ## <param name="domain">
 ##	The type of the process performing this action.
 ## </param>
@@ -325,9 +325,9 @@ interface(`seutil_exec_restorecon',`
 ')
 
 ########################################
-## <desc>
+## <summary>
 ##	Execute run_init in the run_init domain.
-## </desc>
+## </summary>
 ## <param name="domain">
 ##	The type of the process performing this action.
 ## </param>
@@ -351,11 +351,11 @@ interface(`seutil_domtrans_runinit',`
 ')
 
 ########################################
-## <desc>
+## <summary>
 ##	Execute run_init in the run_init domain, and
 ##	allow the specified role the run_init domain,
 ##	and use the caller's terminal.
-## </desc>
+## </summary>
 ## <param name="domain">
 ##	The type of the process performing this action.
 ## </param>
@@ -391,9 +391,9 @@ interface(`seutil_use_runinit_fd',`
 ')
 
 ########################################
-## <desc>
+## <summary>
 ##	Execute setfiles in the setfiles domain.
-## </desc>
+## </summary>
 ## <param name="domain">
 ##	The type of the process performing this action.
 ## </param>
@@ -417,11 +417,11 @@ interface(`seutil_domtrans_setfiles',`
 ')
 
 ########################################
-## <desc>
+## <summary>
 ##	Execute setfiles in the setfiles domain, and
 ##	allow the specified role the setfiles domain,
 ##	and use the caller's terminal.
-## </desc>
+## </summary>
 ## <param name="domain">
 ##	The type of the process performing this action.
 ## </param>
@@ -581,9 +581,9 @@ interface(`seutil_create_binary_pol',`
 ')
 
 ########################################
-## <desc>
+## <summary>
 ##	Allow the caller to relabel a file to the binary policy type.
-## </desc>
+## </summary>
 ## <param name="domain">
 ##	The type of the process performing this action.
 ## </param>

refpolicy/policy/modules/system/sysnetwork.if

@@ -1,12 +1,12 @@
 ## <summary>Policy for network configuration: ifconfig and dhcp client.</summary>
 
 #######################################
-##     <desc>
+## <summary>
-##             Execute dhcp client in dhcpc domain.
+##	Execute dhcp client in dhcpc domain.
-##     </desc>
+## </summary>
-##     <param name="domain">
+## <param name="domain">
-##             The type of the process performing this action.
+##     The type of the process performing this action.
-##     </param>
+## </param>
 #
 interface(`sysnet_domtrans_dhcpc',`
 	gen_require(`
@@ -200,9 +200,9 @@ interface(`sysnet_read_dhcpc_pid',`
 ')
 
 #######################################
-## <desc>
+## <summary>
 ##	Execute ifconfig in the ifconfig domain.
-## </desc>
+## </summary>
 ## <param name="domain">
 ##	The type of the process performing this action.
 ## </param>
@@ -225,11 +225,11 @@ interface(`sysnet_domtrans_ifconfig',`
 ')
 
 ########################################
-## <desc>
+## <summary>
 ##	Execute ifconfig in the ifconfig domain, and
 ##	allow the specified role the ifconfig domain,
 ##	and use the caller's terminal.
-## </desc>
+## </summary>
 ## <param name="domain">
 ##	The type of the process performing this action.
 ## </param>

refpolicy/policy/modules/system/unconfined.if

@@ -98,9 +98,9 @@ interface(`unconfined_domtrans',`
 ')
 
 ########################################
-## <desc>
+## <summary>
 ##	Execute specified programs in the unconfined domain.
-## </desc>
+## </summary>
 ## <param name="domain">
 ##	The type of the process performing this action.
 ## </param>