From: cpebenito@tresys.com (Christopher J. PeBenito)
Date: Thu, 05 Aug 2010 10:04:27 -0400
Subject: [refpolicy] [ system layer patch 1/1] System layer xml fixes.
In-Reply-To: <20100805131011.GA27607@localhost.localdomain>
References: <20100805131011.GA27607@localhost.localdomain>
Message-ID: <4C5AC4EB.50703@tresys.com>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On 08/05/10 09:10, Dominick Grift wrote:
> Signed-off-by: Dominick Grift<domg472@gmail.com>

Merged.

> ---
> :100644 100644 54b9826... 7fddc24... M	policy/modules/system/authlogin.if
> :100644 100644 7bef600... e2f6d93... M	policy/modules/system/clock.if
> :100644 100644 feef778... 89cc088... M	policy/modules/system/daemontools.if
> :100644 100644 7f2eb65... 016a770... M	policy/modules/system/fstools.if
> :100644 100644 b2b003d... e4376aa... M	policy/modules/system/getty.if
> :100644 100644 748af7d... 187f04f... M	policy/modules/system/hostname.if
> :100644 100644 321d2e6... 40eb10c... M	policy/modules/system/hotplug.if
> :100644 100644 59f9068... f6aafe7... M	policy/modules/system/init.if
> :100644 100644 dbaf373... 8232f91... M	policy/modules/system/ipsec.if
> :100644 100644 b8acdd6... 5c94dfe... M	policy/modules/system/iptables.if
> :100644 100644 88e3b32... 663a47b... M	policy/modules/system/iscsi.if
> :100644 100644 19e65b8... 4198ff5... M	policy/modules/system/kdump.if
> :100644 100644 33ffdb6... d97d16d... M	policy/modules/system/libraries.if
> :100644 100644 37292fd... 0e3c2a9... M	policy/modules/system/locallogin.if
> :100644 100644 a1d5058... c7cfb62... M	policy/modules/system/logging.if
> :100644 100644 779cc29... 58bc27f... M	policy/modules/system/lvm.if
> :100644 100644 a70ed72... 17de283... M	policy/modules/system/miscfiles.if
> :100644 100644 5e3e8b9... 9c0faab... M	policy/modules/system/modutils.if
> :100644 100644 2dda55d... 8b5c196... M	policy/modules/system/mount.if
> :100644 100644 c0668b6... 8cfaa75... M	policy/modules/system/netlabel.if
> :100644 100644 fffe97b... aef445d... M	policy/modules/system/pcmcia.if
> :100644 100644 b3c7bfb... c817fda... M	policy/modules/system/raid.if
> :100644 100644 95772b0... 170e2c7... M	policy/modules/system/selinuxutil.if
> :100644 100644 8de660e... efa9c27... M	policy/modules/system/setrans.if
> :100644 100644 3c2e445... 8e71fb7... M	policy/modules/system/sysnetwork.if
> :100644 100644 bfc4c75... 025348a... M	policy/modules/system/udev.if
> :100644 100644 c11cb30... 416e668... M	policy/modules/system/unconfined.if
> :100644 100644 4a50357... 8b4f6d8... M	policy/modules/system/userdomain.if
> :100644 100644 086e8c6... 77d41b6... M	policy/modules/system/xen.if
>   policy/modules/system/authlogin.if   |   40 +++++++++++++++++-----------------
>   policy/modules/system/clock.if       |    6 ++--
>   policy/modules/system/daemontools.if |    8 +++---
>   policy/modules/system/fstools.if     |   12 +++++-----
>   policy/modules/system/getty.if       |    2 +-
>   policy/modules/system/hostname.if    |    4 +-
>   policy/modules/system/hotplug.if     |    4 +-
>   policy/modules/system/init.if        |   34 ++++++++++++++--------------
>   policy/modules/system/ipsec.if       |   22 +++++++++---------
>   policy/modules/system/iptables.if    |    8 +++---
>   policy/modules/system/iscsi.if       |    2 +-
>   policy/modules/system/kdump.if       |    4 +-
>   policy/modules/system/libraries.if   |    6 ++--
>   policy/modules/system/locallogin.if  |    6 ++--
>   policy/modules/system/logging.if     |   22 +++++++++---------
>   policy/modules/system/lvm.if         |    8 +++---
>   policy/modules/system/miscfiles.if   |   10 ++++----
>   policy/modules/system/modutils.if    |   14 ++++++------
>   policy/modules/system/mount.if       |   10 ++++----
>   policy/modules/system/netlabel.if    |    4 +-
>   policy/modules/system/pcmcia.if      |    6 ++--
>   policy/modules/system/raid.if        |    4 +-
>   policy/modules/system/selinuxutil.if |   36 +++++++++++++++---------------
>   policy/modules/system/setrans.if     |    2 +-
>   policy/modules/system/sysnetwork.if  |   32 +++++++++++++-------------
>   policy/modules/system/udev.if        |    6 ++--
>   policy/modules/system/unconfined.if  |    8 +++---
>   policy/modules/system/userdomain.if  |   30 ++++++++++++------------
>   policy/modules/system/xen.if         |    6 ++--
>   29 files changed, 178 insertions(+), 178 deletions(-)
>
> diff --git a/policy/modules/system/authlogin.if b/policy/modules/system/authlogin.if
> index 54b9826..7fddc24 100644
> --- a/policy/modules/system/authlogin.if
> +++ b/policy/modules/system/authlogin.if
> @@ -162,7 +162,7 @@ interface(`auth_login_pgm_domain',`
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	The type of process using the login program as entry point.
> +##	Domain allowed access.
>   ##	</summary>
>   ##</param>
>   #
> @@ -180,7 +180,7 @@ interface(`auth_login_entry_type',`
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	Domain allowed access.
> +##	Domain allowed to transition.
>   ##	</summary>
>   ##</param>
>   ##<param name="target_domain">
> @@ -205,7 +205,7 @@ interface(`auth_domtrans_login_program',`
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	Domain allowed access.
> +##	Domain allowed to transition.
>   ##	</summary>
>   ##</param>
>   ##<param name="target_domain">
> @@ -332,7 +332,7 @@ interface(`auth_var_filetrans_cache',`
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	Domain allowed access.
> +##	Domain allowed to transition.
>   ##	</summary>
>   ##</param>
>   #
> @@ -381,7 +381,7 @@ interface(`auth_domtrans_chk_passwd',`
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	Domain allowed access.
> +##	Domain allowed to transition.
>   ##	</summary>
>   ##</param>
>   #
> @@ -402,7 +402,7 @@ interface(`auth_domtrans_chkpwd',`
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	Domain allowed access.
> +##	Domain allowed to transition.
>   ##	</summary>
>   ##</param>
>   ##<param name="role">
> @@ -446,7 +446,7 @@ interface(`auth_domtrans_upd_passwd',`
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	Domain allowed access.
> +##	Domain allowed to transition.
>   ##	</summary>
>   ##</param>
>   ##<param name="role">
> @@ -582,7 +582,7 @@ interface(`auth_tunable_read_shadow',`
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	The type of the domain to not audit.
> +##	Domain to not audit.
>   ##	</summary>
>   ##</param>
>   #
> @@ -800,7 +800,7 @@ interface(`auth_rw_lastlog',`
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	Domain allowed access.
> +##	Domain allowed to transition.
>   ##	</summary>
>   ##</param>
>   #
> @@ -836,7 +836,7 @@ interface(`auth_signal_pam',`
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	Domain allowed access.
> +##	Domain allowed to transition.
>   ##	</summary>
>   ##</param>
>   ##<param name="role">
> @@ -978,7 +978,7 @@ interface(`auth_manage_pam_pid',`
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	Domain allowed access.
> +##	Domain allowed to transition.
>   ##	</summary>
>   ##</param>
>   #
> @@ -1098,7 +1098,7 @@ interface(`auth_delete_pam_console_data',`
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	The type of the domain perfoming this action.
> +##	Domain allowed access.
>   ##	</summary>
>   ##</param>
>   ##<param name="exception_types" optional="true">
> @@ -1123,7 +1123,7 @@ interface(`auth_read_all_dirs_except_shadow',`
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	The type of the domain perfoming this action.
> +##	Domain allowed access.
>   ##	</summary>
>   ##</param>
>   ##<param name="exception_types" optional="true">
> @@ -1149,7 +1149,7 @@ interface(`auth_read_all_files_except_shadow',`
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	The type of the domain perfoming this action.
> +##	Domain allowed access.
>   ##	</summary>
>   ##</param>
>   ##<param name="exception_types" optional="true">
> @@ -1174,7 +1174,7 @@ interface(`auth_read_all_symlinks_except_shadow',`
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	The type of the domain perfoming this action.
> +##	Domain allowed access.
>   ##	</summary>
>   ##</param>
>   ##<param name="exception_types" optional="true">
> @@ -1200,7 +1200,7 @@ interface(`auth_relabel_all_files_except_shadow',`
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	The type of the domain perfoming this action.
> +##	Domain allowed access.
>   ##	</summary>
>   ##</param>
>   ##<param name="exception_types" optional="true">
> @@ -1226,7 +1226,7 @@ interface(`auth_rw_all_files_except_shadow',`
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	The type of the domain perfoming this action.
> +##	Domain allowed access.
>   ##	</summary>
>   ##</param>
>   ##<param name="exception_types" optional="true">
> @@ -1251,7 +1251,7 @@ interface(`auth_manage_all_files_except_shadow',`
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	Domain allowed access.
> +##	Domain allowed to transition.
>   ##	</summary>
>   ##</param>
>   #
> @@ -1269,7 +1269,7 @@ interface(`auth_domtrans_utempter',`
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	Domain allowed access.
> +##	Domain allowed to transition.
>   ##	</summary>
>   ##</param>
>   ##<param name="role">
> @@ -1351,7 +1351,7 @@ interface(`auth_read_login_records',`
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	Domain allowed access.
> +##	Domain to not audit.
>   ##	</summary>
>   ##</param>
>   ##<rolecap/>
> diff --git a/policy/modules/system/clock.if b/policy/modules/system/clock.if
> index 7bef600..e2f6d93 100644
> --- a/policy/modules/system/clock.if
> +++ b/policy/modules/system/clock.if
> @@ -6,7 +6,7 @@
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	The type of the process performing this action.
> +##	Domain allowed to transition.
>   ##	</summary>
>   ##</param>
>   #
> @@ -25,7 +25,7 @@ interface(`clock_domtrans',`
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	The type of the process performing this action.
> +##	Domain allowed to transition.
>   ##	</summary>
>   ##</param>
>   ##<param name="role">
> @@ -50,7 +50,7 @@ interface(`clock_run',`
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -## 	The type of the process performing this action.
> +## 	Domain allowed access.
>   ##	</summary>
>   ##</param>
>   #
> diff --git a/policy/modules/system/daemontools.if b/policy/modules/system/daemontools.if
> index feef778..89cc088 100644
> --- a/policy/modules/system/daemontools.if
> +++ b/policy/modules/system/daemontools.if
> @@ -11,7 +11,7 @@
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	Domain allowed access to svc_start_t.
> +##	Domain allowed access.
>   ##	</summary>
>   ##</param>
>   #
> @@ -59,7 +59,7 @@ interface(`daemontools_service_domain',`
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	Domain allowed access.
> +##	Domain allowed to transition.
>   ##	</summary>
>   ##</param>
>   #
> @@ -77,7 +77,7 @@ interface(`daemontools_domtrans_start',`
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	Domain allowed access.
> +##	Domain allowed to transition.
>   ##	</summary>
>   ##</param>
>   #
> @@ -95,7 +95,7 @@ interface(`daemontools_domtrans_run',`
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	Domain allowed access.
> +##	Domain allowed to transition.
>   ##	</summary>
>   ##</param>
>   #
> diff --git a/policy/modules/system/fstools.if b/policy/modules/system/fstools.if
> index 7f2eb65..016a770 100644
> --- a/policy/modules/system/fstools.if
> +++ b/policy/modules/system/fstools.if
> @@ -6,7 +6,7 @@
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	The type of the process performing this action.
> +##	Domain allowed to transition.
>   ##	</summary>
>   ##</param>
>   #
> @@ -26,7 +26,7 @@ interface(`fstools_domtrans',`
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	The type of the process performing this action.
> +##	Domain allowed to transition.
>   ##	</summary>
>   ##</param>
>   ##<param name="role">
> @@ -51,7 +51,7 @@ interface(`fstools_run',`
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	The type of the process performing this action.
> +##	Domain allowed access.
>   ##	</summary>
>   ##</param>
>   #
> @@ -106,7 +106,7 @@ interface(`fstools_read_pipes',`
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	The type of the process performing this action.
> +##	Domain allowed access.
>   ##	</summary>
>   ##</param>
>   #
> @@ -125,7 +125,7 @@ interface(`fstools_relabelto_entry_files',`
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	The type of the process performing this action.
> +##	Domain allowed access.
>   ##	</summary>
>   ##</param>
>   #
> @@ -143,7 +143,7 @@ interface(`fstools_manage_entry_files',`
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	The type of the process performing this action.
> +##	Domain allowed access.
>   ##	</summary>
>   ##</param>
>   #
> diff --git a/policy/modules/system/getty.if b/policy/modules/system/getty.if
> index b2b003d..e4376aa 100644
> --- a/policy/modules/system/getty.if
> +++ b/policy/modules/system/getty.if
> @@ -6,7 +6,7 @@
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	Domain allowed access.
> +##	Domain allowed to transition.
>   ##	</summary>
>   ##</param>
>   #
> diff --git a/policy/modules/system/hostname.if b/policy/modules/system/hostname.if
> index 748af7d..187f04f 100644
> --- a/policy/modules/system/hostname.if
> +++ b/policy/modules/system/hostname.if
> @@ -6,7 +6,7 @@
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	Domain allowed access.
> +##	Domain allowed to transition.
>   ##	</summary>
>   ##</param>
>   #
> @@ -26,7 +26,7 @@ interface(`hostname_domtrans',`
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	Domain allowed access.
> +##	Domain allowed to transition.
>   ##	</summary>
>   ##</param>
>   ##<param name="role">
> diff --git a/policy/modules/system/hotplug.if b/policy/modules/system/hotplug.if
> index 321d2e6..40eb10c 100644
> --- a/policy/modules/system/hotplug.if
> +++ b/policy/modules/system/hotplug.if
> @@ -9,7 +9,7 @@
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	Domain allowed access.
> +##	Domain allowed to transition.
>   ##	</summary>
>   ##</param>
>   #
> @@ -139,7 +139,7 @@ interface(`hotplug_search_config',`
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	The type of the process performing this action.
> +##	Domain allowed access.
>   ##	</summary>
>   ##</param>
>   ##<rolecap/>
> diff --git a/policy/modules/system/init.if b/policy/modules/system/init.if
> index 59f9068..f6aafe7 100644
> --- a/policy/modules/system/init.if
> +++ b/policy/modules/system/init.if
> @@ -420,7 +420,7 @@ interface(`init_ranged_system_domain',`
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	Domain allowed access.
> +##	Domain allowed to transition.
>   ##	</summary>
>   ##</param>
>   #
> @@ -571,7 +571,7 @@ interface(`init_use_fds',`
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	Domain allowed access.
> +##	Domain to not audit.
>   ##	</summary>
>   ##</param>
>   #
> @@ -730,7 +730,7 @@ interface(`init_dontaudit_rw_initctl',`
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	The domain for which init scripts are an entrypoint.
> +##	Domain allowed access.
>   ##	</summary>
>   ##</param>
>   # cjp: added for gentoo integrated run_init
> @@ -748,7 +748,7 @@ interface(`init_script_file_entry_type',`
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	Domain allowed access.
> +##	Domain allowed to transition.
>   ##	</summary>
>   ##</param>
>   #
> @@ -775,7 +775,7 @@ interface(`init_spec_domtrans_script',`
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	Domain allowed access.
> +##	Domain allowed to transition.
>   ##	</summary>
>   ##</param>
>   #
> @@ -812,7 +812,7 @@ interface(`init_domtrans_script',`
>   ##</desc>
>   ##<param name="source_domain">
>   ##	<summary>
> -##	Domain to transition from.
> +##	Domain allowed to transition.
>   ##	</summary>
>   ##</param>
>   ##<param name="target_domain">
> @@ -837,7 +837,7 @@ interface(`init_script_file_domtrans',`
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	Domain allowed access.
> +##	Domain allowed to transition.
>   ##	</summary>
>   ##</param>
>   ##<param name="init_script_file">
> @@ -862,7 +862,7 @@ interface(`init_labeled_script_domtrans',`
>   ##</summary>
>   ##<param name="domain">
>   ## 	<summary>
> -##		Domain allowed access
> +##	Domain allowed to transition.
>   ##	</summary>
>   ##</param>
>   #
> @@ -1064,7 +1064,7 @@ interface(`init_read_all_script_files',`
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	Domain allowed access.
> +##	Domain to not audit.
>   ##	</summary>
>   ##</param>
>   #
> @@ -1144,7 +1144,7 @@ interface(`init_use_script_fds',`
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	Domain allowed access.
> +##	Domain to not audit.
>   ##	</summary>
>   ##</param>
>   #
> @@ -1305,7 +1305,7 @@ interface(`init_rw_script_stream_sockets',`
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	Domain allowed access.
> +##	Domain to not audit.
>   ##	</summary>
>   ##</param>
>   #
> @@ -1429,7 +1429,7 @@ interface(`init_getattr_script_status_files',`
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	Domain allowed access.
> +##	Domain to not audit.
>   ##	</summary>
>   ##</param>
>   #
> @@ -1553,7 +1553,7 @@ interface(`init_read_utmp',`
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	Domain allowed access.
> +##	Domain to not audit.
>   ##	</summary>
>   ##</param>
>   #
> @@ -1591,7 +1591,7 @@ interface(`init_write_utmp',`
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	Domain allowed access.
> +##	Domain to not audit.
>   ##	</summary>
>   ##</param>
>   #
> @@ -1628,7 +1628,7 @@ interface(`init_rw_utmp',`
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	Domain allowed access.
> +##	Domain to not audit.
>   ##	</summary>
>   ##</param>
>   #
> @@ -1646,7 +1646,7 @@ interface(`init_dontaudit_rw_utmp',`
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	Domain access allowed.
> +##	Domain allowed access.
>   ##	</summary>
>   ##</param>
>   #
> @@ -1666,7 +1666,7 @@ interface(`init_manage_utmp',`
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	Domain access allowed.
> +##	Domain allowed access.
>   ##	</summary>
>   ##</param>
>   #
> diff --git a/policy/modules/system/ipsec.if b/policy/modules/system/ipsec.if
> index dbaf373..8232f91 100644
> --- a/policy/modules/system/ipsec.if
> +++ b/policy/modules/system/ipsec.if
> @@ -6,7 +6,7 @@
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	The type of the process performing this action.
> +##	Domain allowed to transition.
>   ##	</summary>
>   ##</param>
>   #
> @@ -24,7 +24,7 @@ interface(`ipsec_domtrans',`
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	The type of the process performing this action.
> +##	Domain allowed access.
>   ##	</summary>
>   ##</param>
>   #
> @@ -43,7 +43,7 @@ interface(`ipsec_stream_connect',`
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	The type of the process performing this action.
> +##	Domain allowed access.
>   ##	</summary>
>   ##</param>
>   #
> @@ -62,7 +62,7 @@ interface(`ipsec_stream_connect_racoon',`
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	The type of the process performing this action.
> +##	Domain allowed access.
>   ##	</summary>
>   ##</param>
>   #
> @@ -80,7 +80,7 @@ interface(`ipsec_getattr_key_sockets',`
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	The type of the process performing this action.
> +##	Domain allowed access.
>   ##	</summary>
>   ##</param>
>   #
> @@ -98,7 +98,7 @@ interface(`ipsec_exec_mgmt',`
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	The type of the process performing this action.
> +##	Domain allowed access.
>   ##	</summary>
>   ##</param>
>   ##<rolecap/>
> @@ -175,7 +175,7 @@ interface(`ipsec_write_pid',`
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	The type of the process performing this action.
> +##	Domain allowed access.
>   ##	</summary>
>   ##</param>
>   #
> @@ -194,7 +194,7 @@ interface(`ipsec_manage_pid',`
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	The type of the process performing this action.
> +##	Domain allowed to transition.
>   ##	</summary>
>   ##</param>
>   #
> @@ -212,7 +212,7 @@ interface(`ipsec_domtrans_racoon',`
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	Domain allowed access.
> +##	Domain allowed to transition.
>   ##	</summary>
>   ##</param>
>   ##<param name="role">
> @@ -237,7 +237,7 @@ interface(`ipsec_run_racoon',`
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	The type of the process performing this action.
> +##	Domain allowed to transition.
>   ##	</summary>
>   ##</param>
>   #
> @@ -255,7 +255,7 @@ interface(`ipsec_domtrans_setkey',`
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	Domain allowed access.
> +##	Domain allowed to transition.
>   ##	</summary>
>   ##</param>
>   ##<param name="role">
> diff --git a/policy/modules/system/iptables.if b/policy/modules/system/iptables.if
> index b8acdd6..5c94dfe 100644
> --- a/policy/modules/system/iptables.if
> +++ b/policy/modules/system/iptables.if
> @@ -6,7 +6,7 @@
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	Domain allowed access.
> +##	Domain allowed to transition.
>   ##	</summary>
>   ##</param>
>   #
> @@ -26,7 +26,7 @@ interface(`iptables_domtrans',`
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	Domain allowed access.
> +##	Domain allowed to transition.
>   ##	</summary>
>   ##</param>
>   ##<param name="role">
> @@ -76,7 +76,7 @@ interface(`iptables_exec',`
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	The type of the process performing this action.
> +##	Domain allowed to transition.
>   ##	</summary>
>   ##</param>
>   #
> @@ -134,7 +134,7 @@ interface(`iptables_read_config',`
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	The type of the process performing this action.
> +##	Domain allowed access.
>   ##	</summary>
>   ##</param>
>   #
> diff --git a/policy/modules/system/iscsi.if b/policy/modules/system/iscsi.if
> index 88e3b32..663a47b 100644
> --- a/policy/modules/system/iscsi.if
> +++ b/policy/modules/system/iscsi.if
> @@ -24,7 +24,7 @@ interface(`iscsid_domtrans',`
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	The type of the process performing this action.
> +##	Domain allowed access.
>   ##	</summary>
>   ##</param>
>   #
> diff --git a/policy/modules/system/kdump.if b/policy/modules/system/kdump.if
> index 19e65b8..4198ff5 100644
> --- a/policy/modules/system/kdump.if
> +++ b/policy/modules/system/kdump.if
> @@ -6,7 +6,7 @@
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	The type of the process performing this action.
> +##	Domain allowed to transition.
>   ##	</summary>
>   ##</param>
>   #
> @@ -25,7 +25,7 @@ interface(`kdump_domtrans',`
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	The type of the process performing this action.
> +##	Domain allowed to transition.
>   ##	</summary>
>   ##</param>
>   #
> diff --git a/policy/modules/system/libraries.if b/policy/modules/system/libraries.if
> index 33ffdb6..d97d16d 100644
> --- a/policy/modules/system/libraries.if
> +++ b/policy/modules/system/libraries.if
> @@ -6,7 +6,7 @@
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	Domain allowed access.
> +##	Domain allowed to transition.
>   ##	</summary>
>   ##</param>
>   #
> @@ -25,7 +25,7 @@ interface(`libs_domtrans_ldconfig',`
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	Domain allowed access.
> +##	Domain allowed to transition.
>   ##	</summary>
>   ##</param>
>   ##<param name="role">
> @@ -201,7 +201,7 @@ interface(`libs_search_lib',`
>   ##</desc>
>   ##<param name="domain">
>   ##	<summary>
> -##	Domain allowed access.
> +##	Domain to not audit.
>   ##	</summary>
>   ##</param>
>   #
> diff --git a/policy/modules/system/locallogin.if b/policy/modules/system/locallogin.if
> index 37292fd..0e3c2a9 100644
> --- a/policy/modules/system/locallogin.if
> +++ b/policy/modules/system/locallogin.if
> @@ -6,7 +6,7 @@
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	The type of the process performing this action.
> +##	Domain allowed to transition.
>   ##	</summary>
>   ##</param>
>   #
> @@ -28,7 +28,7 @@ interface(`locallogin_domtrans',`
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	The type of the process performing this action.
> +##	Domain allowed access.
>   ##	</summary>
>   ##</param>
>   #
> @@ -118,7 +118,7 @@ interface(`locallogin_link_keys',`
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	Domain allowed access.
> +##	Domain allowed to transition.
>   ##	</summary>
>   ##</param>
>   #
> diff --git a/policy/modules/system/logging.if b/policy/modules/system/logging.if
> index a1d5058..c7cfb62 100644
> --- a/policy/modules/system/logging.if
> +++ b/policy/modules/system/logging.if
> @@ -70,7 +70,7 @@ interface(`logging_send_audit_msgs',`
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	Domain allowed access.
> +##	Domain to not audit.
>   ##	</summary>
>   ##</param>
>   #
> @@ -150,7 +150,7 @@ interface(`logging_read_audit_log',`
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	Domain allowed access.
> +##	Domain allowed to transition.
>   ##	</summary>
>   ##</param>
>   #
> @@ -169,7 +169,7 @@ interface(`logging_domtrans_auditctl',`
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	Domain allowed access.
> +##	Domain allowed to transition.
>   ##	</summary>
>   ##</param>
>   ##<param name="role">
> @@ -194,7 +194,7 @@ interface(`logging_run_auditctl',`
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	Domain allowed access.
> +##	Domain allowed to transition.
>   ##	</summary>
>   ##</param>
>   #
> @@ -213,7 +213,7 @@ interface(`logging_domtrans_auditd',`
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	Domain allowed access.
> +##	Domain allowed to transition.
>   ##	</summary>
>   ##</param>
>   ##<param name="role">
> @@ -270,7 +270,7 @@ interface(`logging_domtrans_dispatcher',`
>   ##</summary>
>   ##<param name="domain">
>   ##<summary>
> -##	Domain allowed to transition.
> +##	Domain allowed access.
>   ##</summary>
>   ##</param>
>   #
> @@ -382,7 +382,7 @@ interface(`logging_manage_audit_log',`
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	Domain allowed access.
> +##	Domain allowed to transition.
>   ##	</summary>
>   ##</param>
>   #
> @@ -421,7 +421,7 @@ interface(`logging_check_exec_syslog',`
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	Domain allowed access.
> +##	Domain allowed to transition.
>   ##	</summary>
>   ##</param>
>   #
> @@ -570,7 +570,7 @@ interface(`logging_read_audit_config',`
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	Domain allowed access.
> +##	Domain to not audit.
>   ##	</summary>
>   ##</param>
>   ##<rolecap/>
> @@ -686,7 +686,7 @@ interface(`logging_rw_generic_log_dirs',`
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	Domain allowed access.
> +##	Domain to not audit.
>   ##	</summary>
>   ##</param>
>   #
> @@ -848,7 +848,7 @@ interface(`logging_write_generic_logs',`
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	Domain allowed access.
> +##	Domain to not audit.
>   ##	</summary>
>   ##</param>
>   #
> diff --git a/policy/modules/system/lvm.if b/policy/modules/system/lvm.if
> index 779cc29..58bc27f 100644
> --- a/policy/modules/system/lvm.if
> +++ b/policy/modules/system/lvm.if
> @@ -6,7 +6,7 @@
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	The type of the process performing this action.
> +##	Domain allowed to transition.
>   ##	</summary>
>   ##</param>
>   #
> @@ -25,7 +25,7 @@ interface(`lvm_domtrans',`
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	The type of the process performing this action.
> +##	Domain allowed access.
>   ##	</summary>
>   ##</param>
>   #
> @@ -44,7 +44,7 @@ interface(`lvm_exec',`
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	The type of the process performing this action.
> +##	Domain allowed to transition.
>   ##	</summary>
>   ##</param>
>   ##<param name="role">
> @@ -69,7 +69,7 @@ interface(`lvm_run',`
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	The type of the process performing this action.
> +##	Domain allowed access.
>   ##	</summary>
>   ##</param>
>   ##<rolecap/>
> diff --git a/policy/modules/system/miscfiles.if b/policy/modules/system/miscfiles.if
> index a70ed72..17de283 100644
> --- a/policy/modules/system/miscfiles.if
> +++ b/policy/modules/system/miscfiles.if
> @@ -115,7 +115,7 @@ interface(`miscfiles_setattr_fonts_dirs',`
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	Domain allowed access.
> +##	Domain to not audit.
>   ##	</summary>
>   ##</param>
>   ##<rolecap/>
> @@ -134,7 +134,7 @@ interface(`miscfiles_dontaudit_setattr_fonts_dirs',`
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	Domain allowed access.
> +##	Domain to not audit.
>   ##	</summary>
>   ##</param>
>   ##<rolecap/>
> @@ -198,7 +198,7 @@ interface(`miscfiles_setattr_fonts_cache_dirs',`
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	Domain allowed access.
> +##	Domain to not audit.
>   ##	</summary>
>   ##</param>
>   #
> @@ -374,7 +374,7 @@ interface(`miscfiles_legacy_read_localization',`
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	Domain to not audit.
> +##	Domain allowed access.
>   ##	</summary>
>   ##</param>
>   #
> @@ -573,7 +573,7 @@ interface(`miscfiles_exec_tetex_data',`
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	Domain to be entered.
> +##	Domain allowed access.
>   ##	</summary>
>   ##</param>
>   #
> diff --git a/policy/modules/system/modutils.if b/policy/modules/system/modutils.if
> index 5e3e8b9..9c0faab 100644
> --- a/policy/modules/system/modutils.if
> +++ b/policy/modules/system/modutils.if
> @@ -126,7 +126,7 @@ interface(`modutils_manage_module_config',`
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	Domain allowed access.
> +##	Domain allowed to transition.
>   ##	</summary>
>   ##</param>
>   #
> @@ -147,7 +147,7 @@ interface(`modutils_domtrans_insmod_uncond',`
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	Domain allowed access.
> +##	Domain allowed to transition.
>   ##	</summary>
>   ##</param>
>   #
> @@ -170,7 +170,7 @@ interface(`modutils_domtrans_insmod',`
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	Domain allowed access.
> +##	Domain allowed to transition.
>   ##	</summary>
>   ##</param>
>   ##<param name="role">
> @@ -214,7 +214,7 @@ interface(`modutils_exec_insmod',`
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	Domain allowed access.
> +##	Domain allowed to transition.
>   ##	</summary>
>   ##</param>
>   #
> @@ -233,7 +233,7 @@ interface(`modutils_domtrans_depmod',`
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	Domain allowed access.
> +##	Domain allowed to transition.
>   ##	</summary>
>   ##</param>
>   ##<param name="role">
> @@ -277,7 +277,7 @@ interface(`modutils_exec_depmod',`
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	Domain allowed access.
> +##	Domain allowed to transition.
>   ##	</summary>
>   ##</param>
>   #
> @@ -296,7 +296,7 @@ interface(`modutils_domtrans_update_mods',`
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	Domain allowed access.
> +##	Domain allowed to transition.
>   ##	</summary>
>   ##</param>
>   ##<param name="role">
> diff --git a/policy/modules/system/mount.if b/policy/modules/system/mount.if
> index 2dda55d..8b5c196 100644
> --- a/policy/modules/system/mount.if
> +++ b/policy/modules/system/mount.if
> @@ -6,7 +6,7 @@
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	The type of the process performing this action.
> +##	Domain allowed to transition.
>   ##	</summary>
>   ##</param>
>   #
> @@ -26,7 +26,7 @@ interface(`mount_domtrans',`
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	The type of the process performing this action.
> +##	Domain allowed to transition.
>   ##	</summary>
>   ##</param>
>   ##<param name="role">
> @@ -55,7 +55,7 @@ interface(`mount_run',`
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	The type of the process performing this action.
> +##	Domain allowed access.
>   ##	</summary>
>   ##</param>
>   #
> @@ -139,7 +139,7 @@ interface(`mount_send_nfs_client_request',`
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	Domain allowed access.
> +##	Domain allowed to transition.
>   ##	</summary>
>   ##</param>
>   #
> @@ -159,7 +159,7 @@ interface(`mount_domtrans_unconfined',`
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	Domain allowed access.
> +##	Domain allowed to transition.
>   ##	</summary>
>   ##</param>
>   ##<param name="role">
> diff --git a/policy/modules/system/netlabel.if b/policy/modules/system/netlabel.if
> index c0668b6..8cfaa75 100644
> --- a/policy/modules/system/netlabel.if
> +++ b/policy/modules/system/netlabel.if
> @@ -6,7 +6,7 @@
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	Domain allowed access.
> +##	Domain allowed to transition.
>   ##	</summary>
>   ##</param>
>   #
> @@ -26,7 +26,7 @@ interface(`netlabel_domtrans_mgmt',`
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	Domain allowed access.
> +##	Domain allowed to transition.
>   ##	</summary>
>   ##</param>
>   ##<param name="role">
> diff --git a/policy/modules/system/pcmcia.if b/policy/modules/system/pcmcia.if
> index fffe97b..aef445d 100644
> --- a/policy/modules/system/pcmcia.if
> +++ b/policy/modules/system/pcmcia.if
> @@ -22,7 +22,7 @@ interface(`pcmcia_stub',`
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	The type of the process performing this action.
> +##	Domain allowed to transition.
>   ##	</summary>
>   ##</param>
>   #
> @@ -58,7 +58,7 @@ interface(`pcmcia_use_cardmgr_fds',`
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	The type of the process performing this action.
> +##	Domain allowed to transition.
>   ##	</summary>
>   ##</param>
>   #
> @@ -77,7 +77,7 @@ interface(`pcmcia_domtrans_cardctl',`
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	The type of the process performing this action.
> +##	Domain allowed to transition.
>   ##	</summary>
>   ##</param>
>   ##<param name="role">
> diff --git a/policy/modules/system/raid.if b/policy/modules/system/raid.if
> index b3c7bfb..c817fda 100644
> --- a/policy/modules/system/raid.if
> +++ b/policy/modules/system/raid.if
> @@ -6,7 +6,7 @@
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	The type of the process performing this action.
> +##	Domain allowed to transition.
>   ##	</summary>
>   ##</param>
>   #
> @@ -33,7 +33,7 @@ interface(`raid_domtrans_mdadm',`
>   ##</desc>
>   ##<param name="domain">
>   ##	<summary>
> -##	The type of the process performing this action.
> +##	Domain allowed access.
>   ##	</summary>
>   ##</param>
>   #
> diff --git a/policy/modules/system/selinuxutil.if b/policy/modules/system/selinuxutil.if
> index 95772b0..170e2c7 100644
> --- a/policy/modules/system/selinuxutil.if
> +++ b/policy/modules/system/selinuxutil.if
> @@ -6,7 +6,7 @@
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	Domain allowed access.
> +##	Domain allowed to transition.
>   ##	</summary>
>   ##</param>
>   #
> @@ -28,7 +28,7 @@ interface(`seutil_domtrans_checkpolicy',`
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	Domain allowed access.
> +##	Domain allowed to transition.
>   ##	</summary>
>   ##</param>
>   ##<param name="role">
> @@ -74,7 +74,7 @@ interface(`seutil_exec_checkpolicy',`
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	Domain allowed access.
> +##	Domain allowed to transition.
>   ##	</summary>
>   ##</param>
>   #
> @@ -95,7 +95,7 @@ interface(`seutil_domtrans_loadpolicy',`
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	Domain allowed access.
> +##	Domain allowed to transition.
>   ##	</summary>
>   ##</param>
>   ##<param name="role">
> @@ -158,7 +158,7 @@ interface(`seutil_read_loadpolicy',`
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	Domain allowed access.
> +##	Domain allowed to transition.
>   ##	</summary>
>   ##</param>
>   #
> @@ -180,7 +180,7 @@ interface(`seutil_domtrans_newrole',`
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	Domain allowed access.
> +##	Domain allowed to transition.
>   ##	</summary>
>   ##</param>
>   ##<param name="role">
> @@ -228,7 +228,7 @@ interface(`seutil_exec_newrole',`
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	Domain allowed access.
> +##	Domain to not audit.
>   ##	</summary>
>   ##</param>
>   #
> @@ -311,7 +311,7 @@ interface(`seutil_dontaudit_use_newrole_fds',`
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	Domain allowed access.
> +##	Domain allowed to transition.
>   ##	</summary>
>   ##</param>
>   #
> @@ -328,7 +328,7 @@ interface(`seutil_domtrans_restorecon',`
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	Domain allowed access.
> +##	Domain allowed to transition.
>   ##	</summary>
>   ##</param>
>   ##<param name="role">
> @@ -365,7 +365,7 @@ interface(`seutil_exec_restorecon',`
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	Domain allowed access.
> +##	Domain allowed to transition.
>   ##	</summary>
>   ##</param>
>   #
> @@ -391,7 +391,7 @@ interface(`seutil_domtrans_runinit',`
>   ##</desc>
>   ##<param name="domain">
>   ##	<summary>
> -##	Domain allowed access.
> +##	Domain allowed to transition.
>   ##	</summary>
>   ##</param>
>   #
> @@ -415,7 +415,7 @@ interface(`seutil_init_script_domtrans_runinit',`
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	Domain allowed access.
> +##	Domain allowed to transition.
>   ##	</summary>
>   ##</param>
>   ##<param name="role">
> @@ -456,7 +456,7 @@ interface(`seutil_run_runinit',`
>   ##</desc>
>   ##<param name="domain">
>   ##	<summary>
> -##	Domain allowed access.
> +##	Domain allowed to transition.
>   ##	</summary>
>   ##</param>
>   ##<param name="role">
> @@ -502,7 +502,7 @@ interface(`seutil_use_runinit_fds',`
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	Domain allowed access.
> +##	Domain allowed to transition.
>   ##	</summary>
>   ##</param>
>   #
> @@ -524,7 +524,7 @@ interface(`seutil_domtrans_setfiles',`
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	Domain allowed access.
> +##	Domain allowed to transition.
>   ##	</summary>
>   ##</param>
>   ##<param name="role">
> @@ -803,7 +803,7 @@ interface(`seutil_read_file_contexts',`
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	Domain allowed access.
> +##	Domain to not audit.
>   ##	</summary>
>   ##</param>
>   ##<rolecap/>
> @@ -1015,7 +1015,7 @@ interface(`seutil_domtrans_semanage',`
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	Domain allowed access.
> +##	Domain allowed to transition.
>   ##	</summary>
>   ##</param>
>   ##<param name="role">
> @@ -1141,7 +1141,7 @@ interface(`seutil_libselinux_linked',`
>   ##</desc>
>   ##<param name="domain">
>   ##	<summary>
> -##	Domain allowed access.
> +##	Domain to not audit.
>   ##	</summary>
>   ##</param>
>   #
> diff --git a/policy/modules/system/setrans.if b/policy/modules/system/setrans.if
> index 8de660e..efa9c27 100644
> --- a/policy/modules/system/setrans.if
> +++ b/policy/modules/system/setrans.if
> @@ -6,7 +6,7 @@
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	The type of the process performing this action.
> +##	Domain allowed to transition.
>   ##	</summary>
>   ##</param>
>   #
> diff --git a/policy/modules/system/sysnetwork.if b/policy/modules/system/sysnetwork.if
> index 3c2e445..8e71fb7 100644
> --- a/policy/modules/system/sysnetwork.if
> +++ b/policy/modules/system/sysnetwork.if
> @@ -6,7 +6,7 @@
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	The type of the process performing this action.
> +##	Domain allowed to transition.
>   ##	</summary>
>   ##</param>
>   #
> @@ -26,7 +26,7 @@ interface(`sysnet_domtrans_dhcpc',`
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	The type of the process performing this action.
> +##	Domain allowed to transition.
>   ##	</summary>
>   ##</param>
>   ##<param name="role">
> @@ -69,7 +69,7 @@ interface(`sysnet_run_dhcpc',`
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	The domain sending the SIGCHLD.
> +##	Domain to not audit.
>   ##	</summary>
>   ##</param>
>   #
> @@ -87,7 +87,7 @@ interface(`sysnet_dontaudit_use_dhcpc_fds',`
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	The domain sending the SIGCHLD.
> +##	Domain allowed access.
>   ##	</summary>
>   ##</param>
>   #
> @@ -105,7 +105,7 @@ interface(`sysnet_sigchld_dhcpc',`
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	The domain sending the SIGKILL.
> +##	Domain allowed access.
>   ##	</summary>
>   ##</param>
>   ##<rolecap/>
> @@ -124,7 +124,7 @@ interface(`sysnet_kill_dhcpc',`
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	The domain sending the SIGSTOP.
> +##	Domain allowed access.
>   ##	</summary>
>   ##</param>
>   #
> @@ -142,7 +142,7 @@ interface(`sysnet_sigstop_dhcpc',`
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	The domain sending the null signal.
> +##	Domain allowed access.
>   ##	</summary>
>   ##</param>
>   #
> @@ -160,7 +160,7 @@ interface(`sysnet_signull_dhcpc',`
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	The domain sending the signal.
> +##	Domain allowed access.
>   ##	</summary>
>   ##</param>
>   ##<rolecap/>
> @@ -200,7 +200,7 @@ interface(`sysnet_dbus_chat_dhcpc',`
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	The domain allowed access.
> +##	Domain allowed access.
>   ##	</summary>
>   ##</param>
>   #
> @@ -219,7 +219,7 @@ interface(`sysnet_rw_dhcp_config',`
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	The domain allowed access.
> +##	Domain allowed access.
>   ##	</summary>
>   ##</param>
>   #
> @@ -376,7 +376,7 @@ interface(`sysnet_create_config',`
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	The type of the process performing this action.
> +##	Domain allowed access.
>   ##	</summary>
>   ##</param>
>   #
> @@ -394,7 +394,7 @@ interface(`sysnet_etc_filetrans_config',`
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	The type of the process performing this action.
> +##	Domain allowed access.
>   ##	</summary>
>   ##</param>
>   #
> @@ -416,7 +416,7 @@ interface(`sysnet_manage_config',`
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	The type of the process performing this action.
> +##	Domain allowed access.
>   ##	</summary>
>   ##</param>
>   #
> @@ -435,7 +435,7 @@ interface(`sysnet_read_dhcpc_pid',`
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	The type of the process performing this action.
> +##	Domain allowed access.
>   ##	</summary>
>   ##</param>
>   #
> @@ -453,7 +453,7 @@ interface(`sysnet_delete_dhcpc_pid',`
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	The type of the process performing this action.
> +##	Domain allowed to transition.
>   ##	</summary>
>   ##</param>
>   #
> @@ -474,7 +474,7 @@ interface(`sysnet_domtrans_ifconfig',`
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	The type of the process performing this action.
> +##	Domain allowed to transition.
>   ##	</summary>
>   ##</param>
>   ##<param name="role">
> diff --git a/policy/modules/system/udev.if b/policy/modules/system/udev.if
> index bfc4c75..025348a 100644
> --- a/policy/modules/system/udev.if
> +++ b/policy/modules/system/udev.if
> @@ -24,7 +24,7 @@ interface(`udev_signal',`
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	The type of the process performing this action.
> +##	Domain allowed to transition.
>   ##	</summary>
>   ##</param>
>   #
> @@ -60,7 +60,7 @@ interface(`udev_exec',`
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	The type of the process performing this action.
> +##	Domain allowed to transition.
>   ##	</summary>
>   ##</param>
>   #
> @@ -199,7 +199,7 @@ interface(`udev_read_db',`
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	The type of the process performing this action.
> +##	Domain allowed access.
>   ##	</summary>
>   ##</param>
>   #
> diff --git a/policy/modules/system/unconfined.if b/policy/modules/system/unconfined.if
> index c11cb30..416e668 100644
> --- a/policy/modules/system/unconfined.if
> +++ b/policy/modules/system/unconfined.if
> @@ -185,7 +185,7 @@ interface(`unconfined_execmem_alias_program',`
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	Domain allowed access.
> +##	Domain allowed to transition.
>   ##	</summary>
>   ##</param>
>   #
> @@ -203,7 +203,7 @@ interface(`unconfined_domtrans',`
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	The type of the process performing this action.
> +##	Domain allowed to transition.
>   ##	</summary>
>   ##</param>
>   ##<param name="role">
> @@ -227,7 +227,7 @@ interface(`unconfined_run',`
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	Domain allowed access.
> +##	Domain allowed to transition.
>   ##	</summary>
>   ##</param>
>   #
> @@ -413,7 +413,7 @@ interface(`unconfined_read_pipes',`
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	Domain allowed access.
> +##	Domain to not audit.
>   ##	</summary>
>   ##</param>
>   #
> diff --git a/policy/modules/system/userdomain.if b/policy/modules/system/userdomain.if
> index 4a50357..8b4f6d8 100644
> --- a/policy/modules/system/userdomain.if
> +++ b/policy/modules/system/userdomain.if
> @@ -1356,7 +1356,7 @@ interface(`userdom_getattr_user_home_dirs',`
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	Domain allowed access.
> +##	Domain to not audit.
>   ##	</summary>
>   ##</param>
>   #
> @@ -1543,7 +1543,7 @@ interface(`userdom_home_filetrans_user_home_dir',`
>   ##</desc>
>   ##<param name="source_domain">
>   ##	<summary>
> -##	Domain allowed access.
> +##	Domain allowed to transition.
>   ##	</summary>
>   ##</param>
>   ##<param name="target_domain">
> @@ -1643,7 +1643,7 @@ interface(`userdom_delete_user_home_content_dirs',`
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	Domain allowed access.
> +##	Domain to not audit.
>   ##	</summary>
>   ##</param>
>   #
> @@ -1837,7 +1837,7 @@ interface(`userdom_exec_user_home_content_files',`
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	Domain allowed access.
> +##	Domain to not audit.
>   ##	</summary>
>   ##</param>
>   #
> @@ -1877,7 +1877,7 @@ interface(`userdom_manage_user_home_content_files',`
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	Domain allowed access.
> +##	Domain to not audit.
>   ##	</summary>
>   ##</param>
>   #
> @@ -2493,7 +2493,7 @@ interface(`userdom_getattr_user_ttys',`
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	Domain allowed access.
> +##	Domain to not audit.
>   ##	</summary>
>   ##</param>
>   #
> @@ -2529,7 +2529,7 @@ interface(`userdom_setattr_user_ttys',`
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	Domain allowed access.
> +##	Domain to not audit.
>   ##	</summary>
>   ##</param>
>   #
> @@ -2620,7 +2620,7 @@ interface(`userdom_use_user_terminals',`
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	Domain allowed access.
> +##	Domain to not audit.
>   ##	</summary>
>   ##</param>
>   #
> @@ -2641,7 +2641,7 @@ interface(`userdom_dontaudit_use_user_terminals',`
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	Domain allowed access.
> +##	Domain allowed to transition.
>   ##	</summary>
>   ##</param>
>   #
> @@ -2664,7 +2664,7 @@ interface(`userdom_spec_domtrans_all_users',`
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	Domain allowed access.
> +##	Domain allowed to transition.
>   ##	</summary>
>   ##</param>
>   #
> @@ -2687,7 +2687,7 @@ interface(`userdom_xsession_spec_domtrans_all_users',`
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	Domain allowed access.
> +##	Domain allowed to transition.
>   ##	</summary>
>   ##</param>
>   #
> @@ -2710,7 +2710,7 @@ interface(`userdom_spec_domtrans_unpriv_users',`
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	Domain allowed access.
> +##	Domain allowed to transition.
>   ##	</summary>
>   ##</param>
>   #
> @@ -2770,7 +2770,7 @@ interface(`userdom_manage_unpriv_user_shared_mem',`
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	Domain allowed access.
> +##	Domain allowed to transition.
>   ##	</summary>
>   ##</param>
>   #
> @@ -2934,7 +2934,7 @@ interface(`userdom_relabelto_user_ptys',`
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	Domain allowed access.
> +##	Domain to not audit.
>   ##	</summary>
>   ##</param>
>   #
> @@ -2970,7 +2970,7 @@ interface(`userdom_write_user_tmp_files',`
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	Domain allowed access.
> +##	Domain to not audit.
>   ##	</summary>
>   ##</param>
>   #
> diff --git a/policy/modules/system/xen.if b/policy/modules/system/xen.if
> index 086e8c6..77d41b6 100644
> --- a/policy/modules/system/xen.if
> +++ b/policy/modules/system/xen.if
> @@ -24,7 +24,7 @@ interface(`xen_domtrans',`
>   ##</summary>
>   ##<param name="domain">
>   ##	<summary>
> -##	Domain to not audit.
> +##	Domain allowed access.
>   ##	</summary>
>   ##</param>
>   #
> @@ -83,7 +83,7 @@ interface(`xen_read_image_files',`
>   ##</summary>
>   ##<param name="domain">
>   ## 	<summary>
> -##	Domain allowed to transition.
> +##	Domain allowed access.
>   ## 	</summary>
>   ##</param>
>   #
> @@ -104,7 +104,7 @@ interface(`xen_rw_image_files',`
>   ##</summary>
>   ##<param name="domain">
>   ## 	<summary>
> -##	Domain allowed to transition.
> +##	Domain allowed access.
>   ## 	</summary>
>   ##</param>
>   #
>
>
>
> _______________________________________________
> refpolicy mailing list
> refpolicy at oss.tresys.com
> http://oss.tresys.com/mailman/listinfo/refpolicy


-- 
Chris PeBenito
Tresys Technology, LLC
www.tresys.com | oss.tresys.com